Jamf Blog
MacBook sitting next to a tray with herbal tea and an apple.
August 17, 2021 by Eldad Livni

Torq + Jamf: Security automation for device provisioning and management

Using Jamf to manage devices offers a wealth of automation capability. But managing the security behind device provisioning and user account management can also benefit from some automation secret sauce. And that comes by way of integrating Torq with Jamf Pro to ensure your endpoints and users are always protected so data remains secure.

Jamf’s software offerings provide comprehensive device management, identity proofing and endpoint security, giving organizations the control needed to ensure their Apple devices are fully managed, secure and compliant. It’s also a rich store of information for user and device data which is incredibly valuable to security analysts responding to alerts and IT remediating issues efficiently.

Torq is a no-code automation platform for security and operations teams. Torq works alongside Jamf and other security and IT tools to help security professionals quickly and easily automate their work and improve their organization’s security posture.

Connecting Torq and Jamf helps in two ways:

  • Torq allows for easy automation of updates in Jamf based on security events or updates from identity providers and/or HR systems.
  • Torq helps security teams respond to alerts faster by automatically pulling data from Jamf or applying policies to quarantine users and/or devices while investigations occur.

Below, we’ve shared some specific use cases on how teams can use Jamf and Torq together to automate updates, speed security response, and deliver end-to-end management workflows to ensure organizational devices remain compliant and protected at all times.

Use an Identity Provider to Automate Jamf updates

User transitions require a lot of administrative overhead from IT. Whether it’s provisioning a new user, deprovisioning a former employer, or updating permissions to reflect a shift in teams - there’s a cascading chain of user and device updates required to stay compliant.

Jamf’s comprehensive control over devices and user accounts makes applying the updates simple - but knowing what accounts and devices to update, and when to apply them can be tough.

Torq can automate this process by listening for updates in identity providers such as Okta, and using the data in that system to automatically move users or devices between groups in Jamf to enforce the necessary policies. For example, an employee transferring to a group with access to sensitive financial information may be automatically moved to a group in Jamf with a more restrictive policy. This reduces the burden on IT and security teams during times of transition, reduces risks related to user and device permissions, and ensures organizations stay compliant through change.

Workflow of automation process for Jamf and Torq integration.

Enrich EDR/XDR Alerts for Faster Response

When an EDR or XDR platform fires an alert; security analysts need to first ensure that all the necessary details are readily available. Many times, this requires cross-referencing information from multiple systems manually - delaying response and increasing risk.

Using Torq and Jamf together, alerts can be automatically enriched with device and user details from Jamf - speeding response times, helping security analysts to better mitigate risk, which ultimately protects their organization.

Workflow of alerting system for Jamf and Torq integration.

The Torq flow above listens for alerts from Crowdstrike. When an alert is fired, Torq uses data in the alert - for example, something as granular as the MAC address of the device, and automatically searches Jamf for details on that device and the logged-in user. These details are then delivered, along with the original alert, to a security analyst in Slack.

Confirm User Behavior with Interactive Messages

For sensitive operations (creating new admin profiles for a device), or suspicious user activity - confirming with a user is often necessary to ensure that an attacker hasn’t gained access to company systems. When an alert is triggered, Torq can look up the relevant user and device details in Jamf, then send a confirmation to the user via Slack, Teams, SMS, or similar communication methods that allow for confirmation to occur without the need to manually track down user details and reach out - a tedious process that slows response and leaves the organization at risk of a breach.

Screenshot of alert message from Torq to Slack.

This helps security teams accelerate response times, reduces investigation of false positives, and gives users a streamlined experience for confirming behavior or providing information during security events.

Wrapping it Up

In scenarios like the above, and hundreds of others - Torq helps organizations extend the power of Jamf, making it easy to improve security, shorten response times, and ensure organizational compliance.

For more information, or to get started with Torq, visit the Jamf Marketplace.

Photo of Eldad Livni
Eldad Livni
Torq
Currently the Co-Founder and Chief Innovation Officer at Torq. Prior to founding Torq, Eldad co-founded and served as CPO of Luminate Security, a pioneer in Zero Trust / SASE. Following Luminate’s acquisition by Symantec, he went on to act as CPO of Symantec’s Zero Trust/Secure Access Cloud offering.
Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.