In a SOC, information security staff tends to focus on several levels of protection, starting with company assets, followed by employee security and stretching out to encompass customer safety and privacy. When working in a SOC, one encounters 24-7 threats and constant probing; threats are both external and internal. Some potentially damaging threats are not even intentional.
Distributing security operations via NOCs is a trend that started prior to the COVID-19 pandemic but has certainly picked up speed since then. With traditional security infrastructure too expensive and difficult to install in everyone’s homes, it has become imperative to have a robust and far-reaching network of security nodes.
Why tvOS and iOS?
So why are security professionals gravitating toward tvOS and iOS for remote enterprise management? Pazandak explores the various reasons. These operating systems are easier to manage, especially because they can be set to auto-update the latest software and placed in Single App Mode. They enjoy long support windows: iOS 15 is supported going all the way back to the iPhone 6, and Apple TV HD is still supported on the latest tvOS version and apps. They cost less to manage – infrastructure is less expensive, and Jamf Pro and Jamf Now cost less for mobile devices – and they take less time to manage.
Another reason for using tvOS and iOS is that you don’t need to tie up your macOS devices running security software. An Apple TV is out of the way and constantly available to present information, so it’s in many ways an ideal feature for SOC. And when it comes to iOS devices, you always gain the element of mobility. If you need to interact with a security app, you can do so regardless of whether you’re at your computer.
Using the right tools and integrations for security operations
Pazandak also goes over the various tools that SOCs and NOCs can use to support their operations, some of which feature Jamf integrations. He particularly emphasizes the following solutions:
- Splunk as a primarily mobile platform: Splunk Mobile, Splunk TV, Splunk AR, Splunk Phantom
- Atlassian: Service Desk, Jira, Confluence (all have native mobile apps)
- Carousel Digital Signage: Can show Power BI, Domo and other feeds
- Build your own: ChatBots, Apple TV apps, iPhone/iPad apps, WebApps, etc.
The full session includes an additional list of software types and examples, along with a series of links to example dashboards.