Endpoint protection built exclusively for Mac.
Prevent macOS malware, detect and remediate Mac-specific threats, and monitor endpoints for compliance with Jamf Protect.
Purpose built Mac endpoint protection.
Jamf Protect puts the spotlight on Apple security, helping security and IT teams with Mac in organizations of all sizes.
Scale your teams through security tools that understand the Mac platform. Jamf Protect helps maintain Mac endpoint compliance, address antivirus needs by providing macOS malware protection, control Mac applications within the organization, detect and remediate Mac-specific threats, all while maintaining minimal impact to the device and the end-user experience.
The Jamf approach to securing Mac.
Apple builds one of the strongest out-of-the-box security platforms on the market. However, determined attackers are continuously finding new and innovative ways to attack macOS that traditional security tools do not completely defend against. At Jamf, we believe that effectively securing Mac requires an approach that aligns with Apple instead of forcing Apple to adapt to existing security tools for convenience
Simply put: it’s virtually impossible to place the square peg in the round hole without leaving something out. That’s why one-size-fits-all-solutions aren’t as effective, because they lose some of the nuances and subtleties that are intrinsic to Mac.
Jamf Protect builds off of Apple's core security approach for macOS and amplifies it with better preventions, stronger controls, broader visibility and remediation that adapts to your environment — without compromising security or Apple’s signature user experience. By further aligning with the Endpoint Security Framework in macOS, Jamf Protect supports the latest Apple software and hardware on the day of release, including Big Sur and M1-based Macs. Allowing you to upgrade your devices on your schedule - not ours.
With comprehensive insight into Mac-specific malware, Jamf Protect provides malware protection for Mac, meeting your antivirus needs by preventing known malware from running on your devices and quarantining them for later analysis. Jamf Protect can lock down unwanted software and limit its execution by configuring restrictions based on a variety of factors. Advanced preventions may be enabled when integrated with Jamf Pro, creating policy-based workflows that run automatically in the background. Learn more
Defend against sophisticated attacks on your Mac. Jamf Protect provides full visibility into events on devices, even if offline or remote. With a deep understanding of normal activity on macOS and the ability to adapt to your environment, you will quickly be alerted to malicious actions of applications, scripts and users to minimize downtime. Detections provide full context behind the activity on your devices and make investigations on Mac simple. Learn more
The right visibility with minimal end-user impact is key. Gain granular insights into your Mac fleet's activities for device health, threat hunting and compliance. Always be aware when devices deviate from your OS hardening configurations with active alerting so you know the moment a device falls out of scope or is affected by Mac-specific threats — and together with Jamf Pro — bring them back into the fold. Learn more
Isolating machines, eradicating unwanted files and getting devices back into a trusted state after Jamf Protect raises an alert is easy and automated. When IT uses Jamf Pro and Jamf Connect, security teams can leverage tools that manage their endpoints in an effort to best remediate issues, even remotely. Get devices safe and users productive again, with minimal disruption. Learn more
By leveraging Jamf's software along with third-party offerings, a whole host of capabilities can be opened up. Working with messaging apps to extend real-time notifications to your smartphone or other mobile devices. Forwarding alerts to your SIEM or dashboard solution in order to provide unified logging or visualizing data to gain further insight into comprehensive device health data provides a small sampling of the myriad integration options. Learn more
Ensure device compliance with health data monitoring and remediation of device's found to be out of scope with your organization's policies. Detecting threats and eliminating malware are only part of the equation to maintaining your Apple fleet. Actively ensuring that devices have — and maintain — the proper configurations necessary to keeping your Mac performing optimally while reducing risk. Learn more
Antivirus designed for the Mac Experience
Protecting your users from malware is a basic requirement of any organization and continues to be one of the biggest problems for end users due to the problems traditional antivirus tools cause on Mac.
Deploy a modern antivirus solution to your Mac that’s designed to make threat prevention feel like a part of the operating system instead of a drain on your devices and employees. Jamf Protect is designed to prevent known Mac targeted malware, trojans, adware, ransomware, grayware, and even PUPs from executing and interfering with your users or their devices.
Mac Threat Prevention tailored to your environment
Your devices, the software your users rely on, and your users are unique to your organization. With that comes threats from untrusted software and targeted attacks. Prevent these risks in your environment with Jamf Protect. Threat prevention capabilities can be extended to block the execution of applications that you identify as dangerous or that may be used to target your environment.
- AntiVirus: Prevent known Mac malware, adware, ransomware, potentially unwanted programs (PUPs) from executing on organizational devices.
- Threat Intelligence: Stay protected by taking advantage of Jamf’s extensive knowledge of macOS malware through ongoing leading-edge research and third-party feeds.
- Quarantine: When malware is identified, automatically remove it from the user’s environment and quarantine it for later analysis.
- Manage Applications: Keep your environment clean by controlling unwanted applications and preventing access to applications not approved by corporate policy.
Detect sophisticated attacks on your Mac
Behavioral attack detection designed to find the suspicious and malicious.
Detecting known malware is one thing, but when it comes to finding novel attacks, identifying malicious users or suspicious processes, things get more difficult. When you are out hunting for threats in your environment, you need something that understands Apple users and how macOS functions to help guide your way through the massive collection of data.
Jamf Protect will analyze all of the data collected on devices and sift out suspicious and malicious behaviors to make your job easier.
Jamf Protect utilizes custom-designed behavioral analytics to identify malicious and suspicious behavior on Mac. By making it easy to understand the context of the device when the alert was raised and the logic of why an alert was raised, you can triage alerts at speed with confidence.
MITRE ATT&CK for the Mac
You can feel confident that your threats on endpoints are managed with Jamf Protect’s analytics as its core analytics are mapped to the MITRE ATT&CK framework. Of course, you want to minimize the noise in alerts raised by Jamf Protect. By focusing the analytics on how Mac is attacked instead of watching for attacks on a non-existent Windows registry, you can ensure that your alerts are high-fidelity for the platform that you are protecting.
- Behavioral Analytics: Extensive behavioral detections to identify suspicious or malicious activity.
- Customized Analytics: Adapt Jamf Protect’s analytics by customizing them to your unique environment.
- Threat Hunting: Create your own analytics to hunt for threats that specifically target your environment.
- MITRE ATT&CK: Core analytics are mapped to the MITRE ATT&CK framework.
Gain visibility into your Mac fleet activity
Behavioral attack detection designed to find the suspicious and malicious.
Apple has taken a strong stance on security and every Mac comes preloaded with XProtect, Gatekeeper, MRT, among other protections. With Jamf Protect, you gain visibility into the native Mac-security tools as well as enterprise-grade detections on potential impactful behaviors. Get fine-grained insights into activities on your Mac fleet for threat hunting and compliance.
Furthermore, securing corporate data on employee endpoints is critical. Taking a proactive approach becomes imperative to prevent intentional, or even unintentional, exposure of restricted data and to hunt for potential threats. An auditing and compliance solution such as Jamf Protect provides organizations with an in-depth view of critical system and user actions that occur on a device, ultimately giving a 360 degree and birds-eye view across the entire fleet using Mac enterprise security software.
macOS Security Tool visibility
To manage risk on Mac, you need to know what apps are running on macOS and when users are running them. This level of transparency provides insight into apps that macOS deems dangerous and those that may be inappropriate or unauthorized by the organization; even when the user overrides macOS — or maybe especially then. With Jamf Protect you have full visibility into all of the activity of the security tools built into macOS.
Unified Log Forwarding
Regulated industries must contend with not only ambitious digital initiatives to grow the bottom line, but also navigate and implement a plethora of compliance and audit controls designed to protect the creation and retention of sensitive information. Non-compliance could result in litigation, regulatory disciplinary actions and steep fines. Ensuring that you always have full oversight of activity on your Macs from one central system of record is necessary to maintain compliance. With Jamf Protect, you can make certain that all of the Unified Log data that you need from macOS is pushed to your system of record.
All good compliance and security standards start by determining a secure baseline of configuration for your devices. Enforce and monitor your devices for adherence to the CIS macOS benchmarks using Jamf.
- Visibility: Gain full insight into relevant activity on your Mac fleet by forwarding selected data from your devices’ Unified Logs to your SIEM or other central systems of record.
- Benchmarks: Ensure your Macs maintain their OS hardening baselines for the CIS macOS benchmarks and quickly flag any deviations.
- Aligned with Apple: Rely on macOS frameworks designed for visibility to minimize device impact while ensuring compliance.
Not convinced yet that Jamf Protect can secure your Mac environment?
That's ok. Continue reading or contact your Jamf representative to discuss a solution that addresses your unique needs.
Remediate security incidents with minimal side effects
Incident remediation that helps users and IT without getting in their way.
Remediation of a security incident is where InfoSec and IT most often interact and sometimes clash. Security teams need information about an incident, need to investigate a machine, or even manipulate files and settings on a machine. IT often has to then address the end-users’ complaints when odd things start happening on their device due to the remediation activity. With Jamf Protect and Jamf Pro, incident response can be performed manually or automated using the tools that IT already uses to manage their Mac. End-users no longer need to be surprised about what’s happening on their device during incident responses thanks to your ability to customize their experience to your organizational standards.
Automated data gathering
When a security alert is raised, the first few questions are often the same. What happened, to whom, when and where? All of that basic data is in a Jamf Protect alert. When you start digging into whether this alert is really something to worry about, you often start by getting more data from the device. Whether you need files, configuration settings or logs from a device, Jamf Protect and Jamf Pro can help retrieve the needed information, without any consideration of where in the world the device may currently be located. With Jamf you can setup common incident response data gathering automation to simplify your triage efforts and reduce attacker dwell time on a device.
A breach happened and now you have an untrusted device or even untrusted user in your environment. Locking down a user or bringing a device back into trusted state can be difficult even for the most sophisticated security teams. Leverage Jamf to automate common incident remediation actions such as lock down your device, remove files, reset settings and even remotely redeploy macOS in a way that works with your existing management of your Apple fleet.
Educating your users is often considered the most important first layer of a defense in depth strategy. However, when a user makes a mistake, you need to reinforce that education. With Jamf Pro you can customize the experience a user has on their device when Jamf Protect detects malicious behavior or prevents malware. Guide them back to your secure training, data handling guidelines, or other safe conduct resources instead of just telling them that malware was blocked on their device. Help your users learn to act securely instead of scaring them outright.
- Customized experiences: Trigger custom end-user experiences (such as dialogs, kick-off videos, etc) to reinforce proper security training when macOS stops malicious software.
- Automated Response: Automate incident response procedures (like machine isolation, data collection, sample collection, etc) when an attack is suspected by leveraging Jamf Pro and Jamf Connect to automatically respond to Jamf Protect alerts.
- Align IT and Security: Create incident response workflows for security incidents that work with your procedures instead of against them using the tool you already use to manage Apple devices: Jamf.
Customize protections to develop feature-rich workflows
Extending protections through value-added integration with partner apps.
Jamf takes security seriously, as do its partners. That's why the ability to integrate trusted security solutions with Jamf Protect brings a world of flexibility and options to your fingertips. All working toward one shared goal: to further enhance the security posture of your Mac fleet by working with your existing infrastructure. By extending features, adding new capabilities and further customizing workflows necessary to monitor devices, detect Mac-specific threats, automate remediation and report compliance status in real time, Jamf Protect helps to mitigate risk end to end, across the entire enterprise.
Security that works with your environment
You have apps that you trust. Apps that work tirelessly to manage your devices by mitigating risk by reporting to your SIEM solution, managing your enterprise's authentication process by centralizing through an Identity Provider (IdP), visualize endpoint health data on customized dashboards for single-pane of glass management or creating powerful workflows to achieve compliance goals and remediation tasks.
Works well with others.
Jamf products work in conjunction with one another, bringing each program’s strength to form a larger, more cohesive platform known as Apple Enterprise Management (AEM). With AEM, Jamf Protect analytics can be configured to scan for devices missing the latest patches or running out of date apps. By integrating seamlessly with Jamf Pro, extension attributes are created automatically by Jamf Protect within Jamf Pro, allowing Smart Groups managed in Jamf Pro to target endpoints missing critical updates or the latest version of an app. Finally, policies running in Jamf Pro leverage the matches made in the Smart Groups to automatically update devices, bringing them into compliance.
Powerful API access
By using a modern Application Programming Interface (API), Jamf Protect allows IT to manage it through Terminal, making short work of incredibly complex scripts. But API access also allows for unprecedented integration with all first- and many third-party security solutions, further bolstering protections available to Mac through this efficient and highly secure method of communication between two applications.
- Customizable workflows: Streamline endpoint health reporting by connecting with your SIEM, enable enhanced workflows for automated remediation or much more, leveraging the tools in use by your enterprise for a customized experience.
- Automate Remediation: Integrating with Jamf Pro adds expanded capabilities due to the extensive communication and remediation workflows built-in, allowing for detections triggered in Jamf Protect to be automatically processed remediated in Jamf Pro.
- API access: Establish secure communications between Jamf Protect and your apps using a modern programming interface to exchange data with partner applications to extend functionality, capabilities and automate tasks.
Ensure the status of your devices
Knowing endpoint health data + what needs remediation = minimized risk.
A key piece of information necessary for securing Mac is endpoint health data. More specifically, knowing what is running on any device and to what degree is pivotal to IT when making decisions, dispatching security teams to investigate or enabling remediation to administer corrective actions and workflows in order to mitigate risk, thus ensuring compliance with enterprise policies and/or regulations.
In-depth insight into what’s going on beneath the surface and in the background of your device is imperative when trying to assess the security posture of your fleet. By keeping your finger on the pulse of Mac with real-time reports and alerts, IT can shift to a proactive method of management to mitigate risks before they can grow into something far more difficult to contain.
Knowledge is power
The ability to monitor and maintain saliency into the most critical network and system processes — including user activity — will help meet your endpoint compliance and auditing programs and goals. Put simply: maintaining endpoint security is critical.
Yet, power without perception is of little use when mitigating risk and remediating devices if there are no details as to which devices are at risk, to what degree or what type of remediation is needed to bring Mac into compliance. This is where the Compliance Reporter functionality flexes its muscle by delivering detailed reporting data to add context and acting as a foundation in determining the best course of action.
- Device insight: Obtain endpoint health data in real-time, making data actionable, allowing IT to dispatch additional support to investigate, mitigate or remediate, as needed.
- Regulation compliance: Align your monitoring, detection and remediation processes with industry best practices, based on CIS benchmarking standards out-of-the-box.
- Stream in real-time: Share compliance and audit data captured by Compliance Reporter in Jamf Protect with your SIEM or other data analysis tools to augment and gain deep visibility into your Mac fleet and minimize non-compliance.
What makes Jamf Protect the right choice for Mac?
The tight integration between macOS and Jamf Protect is the first of its kind, meaning your users will have the same seamless experience they're used to from Apple while letting Jamf and IT keep devices performing optimally. Simply put: Jamf is a master of macOS – not a student of multiple OSes. This dedication to Apple allows for the best protection for Mac, end users and their data.
How long does it take Jamf Protect to be made compatible with newer versions of macOS?
Jamf is committed to providing same-day support. A philosophy that applies to all Jamf products. Jamf Protect does not rely on separate agents that require recompiling or redevelopment each time macOS is updated, this allows you the flexibility to upgrade on your schedule — not ours. When you do decide to upgrade, Jamf will always be ready to help you make short work of your projects.
Jamf Protect detects known Mac malware, but can it detect 0-day and other unknown threats?
With its own team of internal security professionals and partners, Jamf is dedicated to detecting and testing macOS-related issues. This includes working directly with Apple to patch against unknown threats. Additionally, Jamf Protect includes behavioral analytics to assess app behavior, alerting IT the moment something appears off, allowing your team to spring into action to investigate.
All the security products we’ve used have a considerable negative impact on endpoint resources. How is Jamf Protect any different?
Because of its native, purpose-built integration with macOS, since there is no need to rely on agents or bolt-on dependencies which often lead to degraded performance, Jamf Protect always performs efficiently, utilizing only the resources necessary to keep your macOS endpoint security running optimally.
Will Jamf Protect secure devices enrolled in my 3rd-party MDM?
Certainly. You can expect the same level of performance from Jamf Protect regardless of the MDM used to manage devices. With that said, by integrating with other Jamf products, like Jamf Pro, expanded workflows can be created to triage infections quickly. Additionally, automatic remediation is possible because of the partnership between Apple and Jamf’s product line.
Is support included when using Jamf Protect?
Yes, and it begins with a dedicated team of customer support staff, engineers and security personnel focused on one goal: to help you get the maximum performance of your Apple products.
Our security is based on best practices - put it to the test.
Want to learn more about Jamf Protect?
Read to get started?
Jamf Protect is now available worldwide