Kelly Watkins Conrad, a field sales engineer at Jamf, offered this beginner's look at what Jamf Protect is and how to use it.
What is Jamf Protect?
Jamf Protect is a Mac-focused rather than Windows-focused security solution dedicated to the detection, prevention and remediation of Mac-specific threats. This endpoint security solution takes advantage of native frameworks and tools already built into macOS. We continually identify ways to enhance those native features to provide a comprehensive coverage.
Monitoring and compliance
Baseline protections are great, and Apple does a great job. But there are layers to add on that will offer far more comprehensive understanding and coverage. First: visibility. With Jamf Protect, users get all of the event data. Users can also see important information such as the file path and hash information for a security event.
Our imbedded dashboard allows users to view all security events in all of the Mac's native tools. Protect collects insights allowing you to craft a tailored report specific to you and your security needs.
You can drill down into each for more detail to see which computers are and are not compliant.
Our analytics are rules that detect threats or unwanted behaviors on your Mac. You can choose which ones to be logged and which ones you want logged with an immediate alert.
In order to do a proper security analysis, you need as much contextual data as possible. That's why Jamf Protect offers unified logs. Without that, it's like a jigsaw puzzle with half of the pieces missing.
Unified logs combine user data, processes, etc. that was previously siloed on each Mac, giving you a complete picture of the events.
To analyze that data, most organizations use SIMs. Jamf Protect data is easily searchable and readable in most SIMS, and with filters, you can collect activity like login attempts, password changes or airdrops. While these may be unremarkable on one computer or once in a while, when visualized in a SIM for your whole fleet you have the ability to get the entire story instead of just the Cliff Notes.
Jamf Protects built-in features detects, blocks, and quarantines malicious processes on the Mac. Jamf Protect detects, blocks, and quarantines known threats.
To address threats that are executions of known bad malware, Jamf Protect recognizes signature matches and then blocks the process and removes the threat immediately. We collect a robust set of data for all of these processes. The binary, path, and patch information helps security teams to remediate and prevent.
Jamf Protect keeps you up-to-date on version changes in the database as well as your own custom blocking of processes.
Behavioral-based detection allows for preventing users from accidentally installing fake product installs with heuristic detection. Jamf Protect automatically pushes a policy from Jamf Pro, making user aware of what actions were taken to protect their computer or the network, such as quarantine. Data includes specifics such as what url this was downloaded from, etc. It allows you to make the best decisions for how to protect your Mac Fleet.
Deploying Jamf Protect
Watkins Conrad ran through a demonstration of how to deploy, which you can see by registering for JNUC 2020 and searching for the session.
These are the steps:
- Create an action: determine where the data will go and how you would like alerts and logs.
- Create a plan: decide what you want the Jamf Protect agent configuration and communication protocols with which analytics you want.
- Create a deployment: give the package a name, select the latest version of the Jamf Protect binary, select the plan, and choose the log level and error reporting you prefer.
- Download the package and then upload into Jamf Pro.
- Create a policy in Jamf Pro for deploying the Jamf Protect plan, configure it, scope it and deploy it.
- Download Jamf Protect PPPC Profile from GitHub and upload it into your config profiles. Find the Mac you want to deploy it to, and hit 'save.'
That's it! You're fully secured with Jamf Protect.
With the power of Jamf Protect in your hands, you have 100% confidence that your Mac fleet is secure while also allowing for the best end-user experience.