Preventing and countering cyber attacks with Jamf Protect and Microsoft 365

Today’s threat actors, regardless of whether they are government-funded or striking out on their own, are making infrastructures around the the world a primary focus of their attacks, among other critical resources. According to Simon, attacks have not only grown in sophistication, targeting supply chain and government agencies, in an effort to profit from and/or disrupt services that consumers rely upon.

All of points in the presentation are derived from the real-world threats that are currently occurring in the wild, Simon is careful to explain that while it may appear to be all “doom & gloom”, even bordering on espousing fear, uncertainty and doubt (FUD) - make no mistake about it - this presentation doesn’t need to rely on exploring the “what if” scenarios, but rather aims to provide the information that will empower organizations to prepare their environment to protect, prevent and counter against these forms of attacks, considering that it’s not a matter of “if”, but rather “when” these attacks will occur.

The current state of cyber threats

“Unfortunately, rather bad.” - Simon Binder, commenting on the state of cyber threats in 2021.

Large-scale attacks, such as those seen previously against Solarwinds or Kaseya, standout due to the advanced nature of the attacks and the widespread reach attacks such as these present to not just the organization or service being targeted, but just devastating it will be depends on the number of customers using and relying on those services. In other words, just how deep that rabbit hole goes.

But often those types of attacks tend to overshadow the growing concerns relating to other, more common attack types, such as the explosive growth of malware in Shlayer and XCSSET which target macOS endpoint protection. Further still, phishing/spear phishing and identity theft - all of which fall under the larger social engineering umbrella term - still pose the most significant threat to organizations of all sizes due to the end-user effectively being the weakest link, and sadly, the easiest resource to exploit.

Protect what’s worth protecting

Thoughts of security often lead many to jump directly to protection methods. What combination of tools, settings and policies should be implemented to provide the best protection possible. While that isn’t a bad thing necessarily, there is often one very important question that is overlooked: What are you protecting?

After all, who can you possibly expect to protect something when you haven’t exactly defined what that something is? Once that something has been identified, through inventory collection and risk assessment processes, this begs the question: What part of this identified resource is worth protecting?

“…Requires enormous amounts of resources to protect against — but it is possible.” - Simon Binder

According to Simon, here are a few of the more significant items that should be protected and why:

• Identity: A key part of any organization’s security posture, identity provides authentication and access rights to the resources, data and services being used by end-users within the enterprise.
• Data: Working in conjunction with identity above, data is the often the crux of the goal of the attacker. With so many access points, it too is the hardest part to protect, though the one that requires it the most.
• Devices: The vessel, if you will, to how both users and attackers interact with data. Endpoint protection, such as Azure Sentinel, is imperative to obtaining the device health information, which provides admins the greatest opportunity to detect and prevent threats as they occur, or monitor for them before they occur.
• Software: Aimed at developers and security teams wishing to protect against pipeline attacks. The best advice is to not only be aware of the risks involved, but to protect against them through a strict change tracking process and perform continuous testing.

Jamf, Microsoft and you: side-by-side

“Jamf is the leader in macOS security. Microsoft is the leader in identity protection. Together they are even stronger.” - Simon Binder

That partnership in concert with you - yes, YOU - form the partnership that makes it all work together to provide a secure foundation to strengthen your security posture and fortify each individual component that is to be protected. It all comes together to form a holistic solution that actively monitors endpoints, detects threats, mitigates risk and prevents malware. It also provides admins the information necessary to proactively triage issues as they occur, prior to leading to exploit or subsequently full-blown compromise of organizational resources, services and data.

During the presentation, Simon provides a detailed analysis of each component that makes up the partnership between Jamf and Microsoft, and how they work in conjunction with one another.

The Microsoft integration consists of services, such as Azure Active Directory, Conditional Access and Azure Sentinel to provide the centralized management of user accounts, provisional permission and collection & analysis of device health data respectively.

The above-mentioned services are integrated along key points with Jamf Pro, Jamf Protect and Jamf Connect, which allow IT to manage device configurations & settings, provide endpoint security & help in achieving compliance and provision identity management.

Simon goes into greater detail, highlighting the communication between these applications and services and how integral properly configuring each is to establishing a solid foundation. Additionally, the hands-on approach allows attendees to follow along with Simon as each component is touched upon, explaining how they work as pieces of a puzzle in a sense to formulate a bigger, security-focused picture.

React, Recover, Rethink!

Rounding out the presentation, Simon shares with us a favorite quote of his, given the ongoing global pandemic and how organizations can approach their current security framework, making adjustments where necessary, to bolster their organization’s security posture.

“Organizations have the opportunity to go through the three “R’s” during and after COVID-19. React, Recover and some will also take the opportunity to Rethink.” - Spencer Pitts

Some of the points Simon brings up as examples of this new opportunity are as follows:

• In light of COVID, organizations did what they felt they had to in order to keep business continuity. In the time since, organizations have the benefit of approaching solutions with a new way of thinking.
• Stop doing things in the context of the “old ways” and reimagine it with cybersecurity in mind. Challenge yourself to rethink cybersecurity plans for your organization, for its stakeholders and for your industry.
• Security is not a static state. It is constantly evolving and organizations need to be prepared for these dynamic changes to stay protected.
• There is no silver bullet against cyber threats. No single, all-encompassing solution to safeguard against everything. Work with what you have, building upon it with services and software that complement it.
• Have a detailed understanding of not just what your organization needs to protect, but also how products come together to facilitate that protection. Also, how those products work together to form a solution. Best-of-breed products that are not interoperable will only create more headaches.

View entire presentation below.