September 03, 2021
Use Jamf Protect to Keep macOS Security Up to Date
Enterprises need a single go-to tool for securing endpoints.
Vince Kasparian
Enterprises and employees are quickly adopting macOS devices for their everyday work experience. MacOS penetration in U.S. enterprises rose to 23 percent in 2020, up from 17 percent in 2019, according to IDC. The adoption of high-performance Apple silicon chips will only accelerate that trend.
Apple’s M1 system-on-a-chip provides a CPU that is 2.5 times faster than the performance of the Intel chipset previously used, while only utilizing 25 percent of the power ― a CPU that is faster and more efficient than reportedly 80 percent of the PCs sold last year. With an increase in performance and battery consumption, Apple’s M1 chipset provides a significant advantage to the overall end-user experience, especially for users on the go, with a notable uptick in battery performance.
Discover how CDW security services can help you protect your organization.
The Need for Endpoint Protection
This adoption trend has drawn more attention to how macOS fits into enterprise security schemes. As Apple provides more upgrades like this and enterprises allow users to work outside the office, providing enhanced security alongside same day support has become a central pillar to the work-from-home model. Enterprises need a true endpoint detection and remediation security tool that looks at the following:
- Prevent:
Direct threat prevention by taking action against attacks before they can harm the device
- Monitor:
Full visibility into the events as they occur on the device, aiding with incident investigation and identifying more subtle or persistent threats
- Detect:
Quickly be alerted to malicious or suspicious actions with applications, scripts, etc. that could potentially indicate a breach or compromise of accounts and/or data
- Remediate:
Efficiently and effectively clean up after an attack, sanitizing affected devices while bringing them back into compliance
Centralizing Security for macOS Devices
As Apple continues to innovate in hardware like the new M1 chipset and its macOS releases, enterprises are hesitant to roll out these security products due to uncertainty around best practices in managing Apple devices. Often, this results in months of deployment delays while attackers are spending more time attacking this growing segment of users.
With Jamf Protect, enterprises can provide holistic endpoint security by keeping their devices up to date with the latest threat monitoring, prevention and remediation support while continuing to provide same day support for Apple’s latest macOS-based releases and security features.
What Is Jamf Protect?
Jamf Protect is a cloud-native, macOS-focused antivirus and EDR (endpoint detection and remediation) security tool that provides same day support for not only the Apple’s M1 chipset, but for future hardware products and Mac operating systems. Adding a complete EDR solution solves many of the security challenges present in the enterprise space today, with minimal impact to the end-user experience.
Jamf Protect supports:
- Controlled collection of security data
- Controlled isolation and remediation
- Endpoint compliance assessment
- Detect and hunt of macOS threats
- Security threat insights
- Seamless macOS upgrades on day of release
Enterprises have found it tough to solve these challenges for macOS devices and have even moved users away from utilizing macOS devices. Jamf Protect solves these challenges, ensuring that your enterprise’s IT and security teams can perform these tasks efficiently.
What Does Jamf Protect Offer?
Jamf Protect solves these challenges and helps remove the existing barriers for organizations that want to empower their workers with macOS devices. By providing enterprises enhanced security features and multiple tool connectors, Jamf Protect prevents, monitors, detects and remediates threats to keep your enterprise devices consistently secure.
What Does Jamf Protect Offer?
Threat prevention should be every enterprise’s number one security priority. Preventing threats from taking hold and damaging systems is generally the preferred approach of most security teams. How do we stop a cyberthreat before it affects the devices within the network environment?
With Jamf Protect, macOS systems are protected by a threat database. This is an extensive database of signatures managed by MITRE to identify known macOS malware using the industry standard Common Vulnerabilities and Exposures (CVE) model. As known macOS-specific threats are detected, preventive measures execute that automatically block the process and quarantine the file, while notifying your IT team of the details behind the triggered alert.
With Jamf Protect, Mac endpoints are protected. Jamf Protect provides a threat database, repository of signatures and certificate information to known macOS malware. As threats are found within the database, Jamf Protect automatically blocks the process and quarantines the file and then notifies your IT team.
Every organization is unique and faces its own specific threats. In the event a threat is not captured by macOS anti-virus or malware, enterprises then can create threat prevention plans. These plans are a set of tasks that look to detect and prevent threats found by your IT team from growing into an issue for other organizational macOS devices.
The combination of Jamf Protect’s built-in threat repository database and custom security plans offers a way to make sure threats are stopped in their tracks before they harm end-user devices.
How Jamf Protect Monitors
Gain visibility into Mac native security tools all while detecting potentially harmful behaviors running on your enterprise devices. In gaining visibility, Jamf Protect utilizes 70+ built-in security analytics to ensure the device is properly configured to provide the best security solution. These analytics are based on the Center of Internet Security (CIS) benchmarks for macOS. CIS’s mission is to identify, develop, validate, promote and sustain best practice solutions for cyber defense and thereby harden a variety of operating systems by minimizing the attack surface. Adding these benchmarks ensures your enterprise is collecting the proper data to best align your Mac fleet with the industry’s best practices on securing against security threats and known attacks.
Expanding off the insights built-in, Jamf Protect provides enhanced monitoring capabilities into suspicious and malicious activities happening on an end-user’s device. Performing security scanning across files, processes, applications and more offers assurance that you are gaining all the information pertaining to your endpoints.
All the security alerts can then be forwarded to a SIEM (security information and event management) tool like Azure Sentinel or Splunk to provide unified logging or visualizing data to gain further insight.
For those not familiar with it, SIEM is a set of tools and services that offer a holistic view of the enterprise security information collected while also providing centralized event log management by consolidating data from numerous sources.
How Jamf Protect Detects
Jamf Protect analyzes all data collected on your devices to detect suspicious and malicious behaviors. To do so, Jamf Protect performs behavioral analysis of the end-user’s macOS device that maps to the security guidelines of the MITRE ATT&CK framework. Jamf Protect allows your enterprise to customize the behavioral analytics to your enterprise environment by encompassing the best solution to protect your end-user devices while minimizing noisy security alerts.
How Jamf Protect Remediates
Cyberthreats have become more advanced through the years. What happens if a macOS device is compromised? How do we remediate the threat quickly and efficiently? What is the impact to the end user during a remediation?
An enterprise security team always needs to be able to remediate a threat quickly and efficiently as its detected on a device or across your environment. Your enterprise is able to set up a customized remediation landscape to manually or automatically block and quarantine known bad processes, applications and/or files while not interrupting the end user’s daily workflow.
In combination with Jamf Pro, Jamf Protect provides advanced remediation by being able to manage the entirety of your Apple environment. By integrating Jamf Pro, enterprises can customize the end-user experience (tailored notifications) and provide automated incident response when an attack is suspected. With these two feature sets, the IT security team can enhance the overall security of the device while transferring knowledge to reinforce proper security protocols.
Vince Kasparian is an Emerging Technology Engineer and has been with CDW for eight years. His responsibilities include helping design, create and implement services for both Microsoft and Apple around device endpoint management and security. Vince is a Jamf Certified Tech, working toward being a Jamf Certified Admin.