This JAMF Nation User Conference (JNUC) session was a must-see for IT admins tasked with securing the Mac platform. Rich Trouton, an Apple veteran with over 18 years of experience supporting Macs, provided an overview of Apple's security model as of OS X Yosemite. He took the enthusiastic crowd on a deep dive of System Integrity Protection (SIP), what it is, why it was introduced into OS X El Capitan, how it can be managed, and its impact on managing Macs with the Casper Suite.
“All malware tries to get root access,” Trouton mentioned as he explained why SIP became important for Apple to implement. SIP disables root access to certain system files and kernel extensions. “SIP is a big change, but still a work in progress. I expect Apple to update this in the future.”
He also warned against disabling SIP and suggested that If you are using software that requires SIP to be disabled, “demand more from those vendors or leave them.”
He wrapped up by answering questions about how to deal with SIP and imaging workflows. Check out his entire presentation.