Jamf’s software offerings provide comprehensive device management, identity proofing and endpoint security, giving organizations the control needed to ensure their Apple devices are fully managed, secure and compliant. It’s also a rich store of information for user and device data which is incredibly valuable to security analysts responding to alerts and IT remediating issues efficiently.
Torq is a no-code automation platform for security and operations teams. Torq works alongside Jamf and other security and IT tools to help security professionals quickly and easily automate their work and improve their organization’s security posture.
Connecting Torq and Jamf helps in two ways:
- Torq allows for easy automation of updates in Jamf based on security events or updates from identity providers and/or HR systems.
- Torq helps security teams respond to alerts faster by automatically pulling data from Jamf or applying policies to quarantine users and/or devices while investigations occur.
Below, we’ve shared some specific use cases on how teams can use Jamf and Torq together to automate updates, speed security response, and deliver end-to-end management workflows to ensure organizational devices remain compliant and protected at all times.
Use an Identity Provider to Automate Jamf updates
User transitions require a lot of administrative overhead from IT. Whether it’s provisioning a new user, deprovisioning a former employer, or updating permissions to reflect a shift in teams - there’s a cascading chain of user and device updates required to stay compliant.
Jamf’s comprehensive control over devices and user accounts makes applying the updates simple - but knowing what accounts and devices to update, and when to apply them can be tough.
Torq can automate this process by listening for updates in identity providers such as Okta, and using the data in that system to automatically move users or devices between groups in Jamf to enforce the necessary policies. For example, an employee transferring to a group with access to sensitive financial information may be automatically moved to a group in Jamf with a more restrictive policy. This reduces the burden on IT and security teams during times of transition, reduces risks related to user and device permissions, and ensures organizations stay compliant through change.
Enrich EDR/XDR Alerts for Faster Response
When an EDR or XDR platform fires an alert; security analysts need to first ensure that all the necessary details are readily available. Many times, this requires cross-referencing information from multiple systems manually - delaying response and increasing risk.
Using Torq and Jamf together, alerts can be automatically enriched with device and user details from Jamf - speeding response times, helping security analysts to better mitigate risk, which ultimately protects their organization.
The Torq flow above listens for alerts from Crowdstrike. When an alert is fired, Torq uses data in the alert - for example, something as granular as the MAC address of the device, and automatically searches Jamf for details on that device and the logged-in user. These details are then delivered, along with the original alert, to a security analyst in Slack.
Confirm User Behavior with Interactive Messages
For sensitive operations (creating new admin profiles for a device), or suspicious user activity - confirming with a user is often necessary to ensure that an attacker hasn’t gained access to company systems. When an alert is triggered, Torq can look up the relevant user and device details in Jamf, then send a confirmation to the user via Slack, Teams, SMS, or similar communication methods that allow for confirmation to occur without the need to manually track down user details and reach out - a tedious process that slows response and leaves the organization at risk of a breach.
This helps security teams accelerate response times, reduces investigation of false positives, and gives users a streamlined experience for confirming behavior or providing information during security events.
Wrapping it Up
In scenarios like the above, and hundreds of others - Torq helps organizations extend the power of Jamf, making it easy to improve security, shorten response times, and ensure organizational compliance.