Securing Apple in the Enterprise – endpoint security for macOS

One of the biggest misconceptions when it comes to virus protection is that macOS don’t need to be protected.

With the growth of the OS market share from 3.12% in 2011 to 17.44% as of June 2022*, the expanding Mac footprint has made the Apple platform become a more attractive target, with the volume of threats per Mac increasing proportionally.

According to an investigation by Atlas VPN, it reported 674,273 new malware samples were found in 2020, up from just 56,556 samples detected in 2019.

MacOS is still considered safer than Windows. Apple, as we know runs on UNIX, which comes with better security and permission features, it is stricter by default as to what users are allowed to install and execute, and its gate keeping functions prevent unsigned apps from running on the machine.

Even so, lower risk does not equate to no risk.

We can see this in the continued emergence and detection of new Mac specific malware, which highlights Apple’s core built-in security, Apple Gatekeeper, is not susceptible to vulnerabilities, and Apple security patches may not be as effective as before. And thanks to malware-as-a-service, hackers can easily purchase ready-made malicious codes, tailor these to their needs, and create an entirely new threat.

It makes perfect sense then, that adding additional layers of dedicated protection to beef up your endpoint security, or managed endpoint security, can keep your client’s Mac fleet and sensitive data secured against existing and emerging threats.

While there’s many third-party security solutions available, your best bet is one that is built exclusively for macOS to manage endpoint protection through identification and mitigation like Jamf Protect.

Jamf Protect extends Apple’s native security tools with a comprehensive macOS endpoint protection. It is designed to help businesses identify, prevent and resolve threats across Mac devices. The application allows users to gain advanced visibility and compliance across remote devices, and sends automated alerts in case suspicious activities are detected across scripts and software.

Jamf Protect endpoint security maintains secure baselines for compliance, that allows you to configure devices to “known good” standards. Any anomalies can then be detected and quarantined. Its network threat prevention not only prevents cyber threats like block phishing attacks, credential theft, crypto jacking attacks, and zero-day defences, it has a robust content filtering with real time blocking and filtering of prohibited or unwanted content, and enforce acceptable use policies.

We can’t talk about security without mentioning the importance of Zero Trust Network Access (ZTNA). In the Zero Trust model, no user or device is trusted to access a resource until their identity and authorisation are verified.

It’s often difficult to implement Zero Trust or to be more effective at preventing breaches if users are connecting through VPNs, where access is granted holistically, providing users access to the entire network of resources.

ZTNA’s granular approach provides a comprehensive support to safeguard the company’s devices and data by granting users access only to what they need when they need it. The advantage of modern ZTNA replacing legacy enterprise VPN means there is no need for deploying VPN hardware, managing certificates or configuring IP addresses.

Organisations can balance security protection while providing users the necessary access to resources and data with Jamf Private Access – a fast-remote access solution which is based on the ZTNA framework. It offers a seamless experience that protects end-user privacy, has low latency connections, works with any ownership model, and integrates with cloud identity providers to offer secure access to devices and company resources.

Pro tip: Begin by securing your devices, users, and data in your remote or hybrid environment using modern ZTNA, then build in your security.

Businesses can connect Jamf Protect for endpoint connection, with Jamf Pro for device management, and Jamf Connect or Jamf Private Access for identity and access solutions, to fully facilitate investigation management, machine isolation, threat response and security configuration administration.

For enterprise, we recommend the Jamf Business Plan which includes Jamf Protect, Jamf Pro, Jamf Connect, and Jamf Threat Defence (mobile security).  See Jamf pricing plans.

Conversation starters on macOS security.

1. What is your Apple strategy?
2. What kind of sensitive information do your end-users handle?
3. How do you measure your security maturity? What benchmarks do you use?
4. What are your security goals? Are you seeking any certifications or compliance standards?
5. How do you manage your networking circumstances such as connections to untrusted network i.e. public WiFi?

Most of the tools for improving macOS security today are similar to Windows systems – firewall, VPN, antivirus and password manager. Having a Mac security solution that provides proper protection is probably the most important thing you can do to secure your clients’ Mac fleet.

Pro tip: Be sure to also consider your operational security, such as not clicking on links or attachments in unsolicited email.

Source and credit:

1. Some content in this article is extracted from ‘Manage and Secure Apple at Work‘ webinar held on 3 August 2022.
2. Operating Systems Global Market share. Statcounter Global States.