Endpoint protection built exclusively for Mac.

Prevent macOS malware, detect and remediate Mac-specific threats, and monitor endpoints for compliance with Jamf Protect.

Endpoint security purpose built for Mac.

Jamf Protect logo

Jamf Protect puts the spotlight on Apple, helping security and IT teams with Mac in organizations of all sizes.

Scale your teams through security tools that understand the Mac platform. Jamf Protect helps maintain Mac endpoint compliance, address antivirus needs by preventing macOS malware, control Mac application within the organization, detect and remediate Mac-specific threats, all while maintaining minimal impact to the device and the end-user experience.

The Jamf approach to securing Mac.

Apple builds one of the strongest out-of-the-box security platforms on the market. However, determined attackers are continuously finding new and innovative ways to attack macOS that traditional security tools do not completely defend against. At Jamf, we believe that effectively securing Mac requires an approach that aligns with Apple instead of forcing Apple to adapt to existing security tools for convenience.

Simply put: it’s virtually impossible to place the square peg in the round hole without leaving something out. That’s why one-size-fits-all-solutions aren’t as effective, because they lose some of the nuances and subtleties that are intrinsic to Mac.

Jamf Protect builds off of Apple's core security approach for macOS and amplifies it with better preventions, stronger controls, broader visibility and remediation that adapts to your environment — without compromising security or Apple’s signature user experience. By further aligning with the Endpoint Security Framework in macOS, Jamf Protect supports the latest Apple software and hardware on the day of release, including Big Sur and M1 based Macs. Allowing you to upgrade your devices on your schedule - not ours.

Warning triangle with exclamation point

Prevent

With comprehensive insight into Mac-specific malware, Jamf Protect meets your antivirus needs by preventing known malware from running on your devices and quarantining them for later analysis. Jamf Protect can lock down unwanted software and limit its execution by configuring restrictions based on a variety of factors. Advanced preventions may be enabled when integrated with Jamf Pro, creating policy-based workflows that run automatically in the background. Learn more

Detect

Defend against sophisticated attacks on your Mac. Jamf Protect provides full visibility into events on devices, even if offline or remote. With a deep understanding of normal activity on macOS and the ability to adapt to your environment, you will quickly be alerted to malicious actions of applications, scripts and users to minimize downtime. Detections provide full context behind the activity on your devices and make investigations on Mac simple. Learn more

Monitor

The right visibility with minimal end-user impact is key. Gain granular insights into your Mac fleet's activities for device health, threat hunting and compliance. Always be aware when devices deviate from your OS hardening configurations with active alerting so you know the moment a device falls out of scope or is affected by Mac-specific threats — and together with Jamf Pro — bring them back into the fold. Learn more

Remediate

Isolating machines, eradicating unwanted files and getting devices back into a trusted state after Jamf Protect raises an alert is easy and automated. When IT uses Jamf Pro and Jamf Connect, security teams can leverage tools that manage their endpoints in an effort to best remediate issues, even remotely. Get devices safe and users productive again, with minimal disruption. Learn more

Integration

By leveraging Jamf's software along with 3rd-party offerings, a whole host of capabilities can be opened up. Working with messaging apps to extend real-time notifications to your smartphone or other mobile devices. Forwarding alerts to your SIEM or dashboard solution in order to provide unified logging or visualizing data to gain futher insight into comprehensive device health data provide a small sampling of the myriad integration options. Learn more

Compliance

Ensure device compliance with health data monitoring and remediation of device's found to be out of scope with your organization's policies. Detecting threats and eliminating malware are only part of the equation to maintaining your Apple fleet. Actively ensuring that devices have - and maintain - the proper configurations necessary to keeping your Mac performing optimaly while reducing risk. Learn more

Threat Prevention and Antivirus

Keep your users safe from Mac-specific threats without impacting their experience.

Antivirus designed for the Mac Experience

Protecting your users from malware is a basic requirement of any organization and continues to be one of the biggest problems for endusers due to the problems traditional antivirus tools cause on Macs.

Deploy a modern antivirus solution to your Macs designed to make threat prevention feel like a part of the operating system instead of a drain on your devices and employees. Jamf Protect is designed to prevent known Mac targeted malware, trojans, adware, ransomware, grayware, and even PUPs from executing and interfering with your users or their devices.

Mac Threat Prevention tailored to your environment

Your devices, the software your users rely on, and your users are unique to your organization. With that comes threats from untrusted software and targeted attacks. Prevent these risks in your environment with Jamf Protect. Threat prevention capabilities can be extended to block the execution of applications that you identify as dangerous or that may be used to target your environment.

  • AntiVirus: Prevent known Mac malware, adware, ransomware, potentially unwanted programs (PUPs) from executing on organizational devices.
  • Threat Intelligence: Stay protected by taking advantage of Jamf’s extensive knowledge of macOS malware through ongoing leading-edge research and third-party feeds.
  • Quarantine: When malware is identified, automatically remove it from the user’s environment and quarantine it for later analysis.
  • Manage Applications: Keep your environment clean by controlling unwanted applications and preventing access to applications not approved by corporate policy.

Detect sophisticated attacks on your Mac

Behavioral attack detection designed to find the suspicious and malicious.

Detecting known malware is one thing, but when it comes to finding novel attacks, identifying malicious user or suspicious processes, things get more difficult. When you are out hunting for threats in your environment, you need something that understands Apple users and how macOS functions to help guide you the way through the massive collection of data. Jamf Protect will analyze all of the data collected on devices and sift out suspicious and malicious behaviors to make your job easier.

Behavioral Analytics

Jamf Protect utilizes custom designed behavioral analytics to identify malicious and suspicious behavior on your Macs. By making it easy to understand the context of the device when the alert was raised and the logic of why an alert was raised, you can triage alerts at speed with confidence.

MITRE ATT&CK for the Mac

You can feel confident that your threats on endpoints are managed with Jamf Protect’s analytics as its core analytics are mapped to the MITRE ATT&CK framework. Of course, you want to minimize the noise in alerts any alerts raised by Jamf Protect. By focusing the analytics on how Mac is attacked instead of watching for attacks on a non-existent Windows registry, you can ensure that your alerts are high-fidelity for the platform that you are protecting.

  • Behavioral Analytics: Extensive behavioral detections to identify suspicious or malicious activity.
  • Customized Analytics: Adapt Jamf Protect’s analytics by customizing them to your unique environment.
  • Threat Hunting: Create your own analytics to hunt for threats that specifically target your environment.
  • MITRE ATT&CK: Core analytics are mapped to the MITRE ATT&CK framework.

Gain visibility into your Mac fleet activity

Behavioral attack detection designed to find the suspicious and malicious.

Apple has taken a strong stance on security and every mac comes preloaded with XProtect, Gatekeeper, MRT, among other protections. With Jamf Protect, you gain visibility into the Mac native security tools as well as enterprise-grade detections on potential impactful behaviors. Get fine grained insights into activities on your Mac fleet for threat hunting and compliance.

Furthermore, securing corporate data on employee endpoints is critical. Taking a proactive approach becomes imperative to prevent intentional, or even unintentional, exposure of restricted data and to hunt for potential threats. An auditing and compliance solution such as Jamf Protect provides organizations with an in-depth view of critical system and user actions that occur on a device, ultimately giving a 360 degree and birds-eye view across the entire enterprise.

macOS Security Tool visibility

To manage risk on Macs, you need to know what apps are running on macOS and when users are running them. This level of transparency provides insight into apps that macOS deems dangerous and those that may be inappropriate or unauthorized by the organization. Even when the user overrides macOS. Maybe especially then. With Jamf Protect you have full visibility into all of the activity of the security tools built into macOS.

Unified Log Forwarding

Regulated industries must contend with not only ambitious digital initiatives to grow the bottom line, but also navigate and implement a plethora of compliance and audit controls designed to protect the creation and retention of sensitive information. Non-compliance could result in litigation, regulatory disciplinary actions and steep fines. Ensuring that you always have full oversight of activity on your Macs from one central system of record is necessary to maintain compliance. With Jamf Protect, you can make certain that all of the Unified Log data that you need from macOS is pushed to your system of record.

CIS Benchmarks

All good compliance and security standards start by determining a secure baseline of configuration for your devices. Enforce and monitor your devices for adherence to the CIS macOS benchmarks using Jamf.

  • Visibility: Gain full insight into relevant activity on your Mac fleet by forwarding selected data from your devices’ Unified Logs to your SIEM or other central systems of record.
  • Benchmarks: Ensure your Macs maintain their OS hardening baselines for the CIS macOS benchmarks and quickly flag any deviations.
  • Aligned with Apple: Rely on macOS frameworks designed for visibility to minimize device impact while ensuring compliance.

Not convinced yet that Jamf Protect can secure your Mac environment?

That's ok. Continue reading or contact your Jamf representative to discuss a solution that addresses your unique needs.

Remediate security incidents with minimal side effects

Incident remediation that helps users and IT without getting in their way.

Remediation of a security incident is where Security and IT most often interact and sometimes clash. Security needs information about an incident, needs to investigate a machine, or even manipulate files and settings on a machine. IT often has to then address the end-users’ complaints when odd things start happening on their device due to the remediation activity. With Jamf Protect and Jamf Pro, incident response can be performed manually or automated using the tools that IT already uses to manage their Macs. End-users no longer need to be surprised about what’s happening on their device during incident responses thanks to your ability to customize their experience to your organizational standards.

Automated data gathering

When a security alert is raised, the first few questions are often the same. What happened, to whom, when, and where? All of that basic data is in a Jamf Protect alert. When you start digging into whether this alert is really something to worry about, you often start by getting more data from the device. Whether you need files, configuration settings, or logs from a device, Jamf Protect and Jamf Pro can help retrieve the needed information, without any consideration of where in the world the device may currently be located. With Jamf you can setup common incident response data gathering automation to simplify your triage efforts and reduce attacker dwell time on a device.

Customized remediation

A breach happened and now you have an untrusted device or even user in your environment. Locking down a user or bringing a device back into trusted state can be difficult even for the most sophisticated security teams. Leverage Jamf to automate common indent remediation actions such as these. Lock down your device, remove files, reset settings, and even remotely redeploy macOS in a way that works with your existing management of your Apple fleet.

End-user education

Educating your users is often considered the most important first layer of a defense in depth strategy. However, when a user makes a mistake, you need to reinforce that education. With Jamf Pro you can customize the experience a user has on their device when Jamf Protect detects malicious behavior or prevents malware. Guide them back to your secure training, data handling guidelines, or other safe conduct resources instead of just telling them that malware was blocked on their device. Help your users learn to act securely instead of scaring them outright.

  • Customized experiences: Trigger custom end-user experiences (such as dialogs, kick-off videos, etc) to reinforce proper security training when macOS stops malicious software.
  • Automated Response: Automate incident response procedures (like machine isolation, data collection, sample collection, etc) when an attack is suspected by leveraging Jamf Pro and Jamf Connect to automatically respond to Jamf Protect alerts.
  • Align IT and Security: Create incident response workflows for security incidents that work with your procedures instead of against them using the tool you already use to manage Apple devices: Jamf.

Customize protections to develop feature-rich workflows

Extending protections through value-added integration with partner apps.

Jamf takes security seriously, as do its partners. That's why the ability to integrate trusted security solutions with Protect brings a world of flexibility and options to your fingertips. All working toward one shared goal: to further enhance the security posture of your Mac fleet by working with your existing infrastructure. By extending features, adding new capabilities and further customizing workflows necessary to monitor devices, detect Mac-specific threats, automate remediation and report compliance status in real-time - Jamf Protect helps to mitigate risk end to end, across the entire enterprise.

Security that works with your environment

You have apps that you trust. Apps that work tirelessly to manage your devices by mitigating risk by reporting to your SIEM solution, managing your enterprise's authentication process by centralizing through an Identity Provider (IdP), visualize endpoint health data on customized dashboards for single-pane of glass management or creating powerful workflows to achieve compliance goals and remediation tasks.

Works well with others

Jamf products work in conjunction with one another, bringing each program’s strength to form a larger, more cohesive platform known as Apple Enterprise Management (AEM). With AEM, Protect analytics can be configured to scan for devices missing the latest patches or running out of date apps. By integrating seamlessly with Jamf Pro, extension attributes are created automatically by Protect in Jamf Pro, allowing Smart Groups managed in Pro to target endpoints missing critical updates or the latest version of an app. Finally, policies running in Pro leveraging the matches made in the smart groups automatically update devices, bringing them into compliance.

Powerful API access

By leveraging a modern Application Programming Interface (API), Protect allows IT to manage it through Terminal, making short work of incredibly complex scripts. But API access also allows for unprecedented integration with all 1st-party and many 3rd-party security solutions, further bolstering protections available to Mac through this efficient and highly secure method of communication between two applications.

  • Customizable workflows: Streamline endpoint health reporting by connecting with your SIEM, enable enhanced workflows for automated remediation or much more, leveraging the tools in use by your enterprise for a customized experience.
  • Automate Remediation: Integrating with Jamf Pro adds expanded capabilities due to the extensive communication and remediation workflows built-in, allowing for detections triggered in Protect to be automatically processed remediated in Pro.
  • API access: Establish secure communications between Protect and your apps using a modern programming interface to exchange data with partner applications to extend functionality, capabilities and automate tasks.

Ensure the status of your devices

Knowing endpoint health data + what needs remediation = minimized risk.

A key piece of information necessary for securing Mac is endpoint health data. More specifically, knowing what is running on any device and to what degree is pivotal to IT when making decisions, dispatching security teams to investigate or enabling remediation to administer corrective actions and workflows in order to mitigate risk, thus ensuring compliance with enterprise policies and/or regulations.

Real-time visibility

In-depth insight into what’s going on beneath the surface and in the background of your device is imperative when trying to assess the security posture of your fleet. By keeping your finger on the pulse of Mac with real-time reports and alerts, IT can shift to a proactive method of management to mitigate risks before they can grow into something far more difficult to contain.

Knowledge is power

The ability to monitor and maintain saliency into the most critical network and system processes - including user activity - will help meet your endpoint compliance and auditing programs and goals. Put simply: maintaining endpoint security is critical.

Yet, power without perception is of little use when mitigating risk and remediating devices if there are no details as to which devices are at risk, to what degree or what type of remediation is needed to bring Mac into compliance. This is where the Compliance Reporter functionality flexes its muscle by delivering detailed reporting data to add context and acting as a foundation in determining the best course of action.

  • Device insight: Obtain endpoint health data in real-time, making data actionable, allowing IT to dispatch additional support to investigate, mitigate or remediate, as needed.
  • Regulation compliance: Align your monitoring, detection and remediation processes with industry best practices, based on CIS benchmarking standards out-of-the-box.
  • Stream in real-time: Share compliance and audit data captured by Compliance Reporter in Jamf Protect with your SIEM or other data analysis tools to augment and gain deep visibility into your Mac fleet and minimize non-compliance.

FAQs

Thumbs-up

What makes Jamf Protect the right choice for Mac?

The tight integration between macOS and Protect is the first of its kind, meaning your users will have the same seamless experience they're used to from Apple while letting Jamf and IT keep devices performing optimally. Simply put: Jamf is a master of macOS – not a student of multiple OSes. This dedication to Apple allows for the best protection for Mac, end-users and their data.

Clock

How long does it take Jamf Protect to be made compatible with newer versions of macOS?

Jamf is committed to providing same day support. A philiosophy that applies to all Jamf products. Protect does not rely on separate agents that require recompiling or redevelopment each time macOS is updated, this allows you the flexibility to upgrade on your schedule - not ours. When you do decide to upgrade, Jamf will always be ready to help you make short work of your projects.

Binoculars

Jamf Protect detects known Mac malware, but can it detect 0-day and other unknown threats?

With its own team of internal security professionals and partners, Jamf is dedicated to detecting and testing macOS-related issues. This includes working directly with Apple to patch against unknown threats. Additionally, Protect includes behavioral analytics to assess app behavior, alerting IT the moment something appears off, allowing your team to spring into action to investigate.

Levels adjusted on vertical sliding scales

All the security products we’ve used have a considerable negative impact on endpoint resources. How is Jamf Protect any different?

Because of its native, purpose-built integration with macOS, since there is no need to rely on agents or bolt-on dependencies which often lead to degraded performance, Jamf Protect always performs efficiently, utilizing only the resources necessary to keep your endpoints secured.

Smartphone with a padlock over it

Will Jamf Protect secure devices enrolled in my 3rd-party MDM?

Certainly. You can expect the same level of performance from Jamf Protect regardless of the MDM used to manage devices. With that said, by integrating with other Jamf products, like Pro, expanded workflows can be created to triage infections quickly. Additionally, automatic remediation is possible because of the partnership between Apple + Jamf’s product line.

Group of individuals forming a team

Is support included when using Jamf Protect?

Yes, and it begins with a dedicated team of customer support staff, engineers and security personnel focused on one goal: to help you get the maximum performance out of your Apple products.

Our security is based on best practices - put it to the test.

Want to learn more about Jamf Protect?

Read to get started?

Jamf Protect is now available worldwide