Jamf touts big boost to enterprise security at JNUC

Jamf opened its annual JNUC event for Apple admins today with a slew of announcements focused on device management and security, a new Jamf Trust app, further information on its recently announced ZecOps deal and other updates likely to be of interest to Apple IT professionals.

The company also committed to supporting Microsoft Device Compliance on Macs later this year, with support for Google’s context-aware zero trust framework (BeyondCorp) on iOS devices in early 2023.

In advance of JNUC, I spoke with Jamf CEO Dean Hager, who explained the philosophy behind what the company is announcing. Ultimately, it’s a continuation of Jamf’s core mission, which is to bring complex enterprise tech integration into the 21st century by ensuring not only that it supports Apple’s tech, but that its implementation is married to the kind of consumer simplicity you expect on Cupertino’s platforms.

“We’ll kick off the event by asking two simple questions: ‘Do your users love their work technology?’” he said. “‘Does your organization trust all the access that is coming in from that technology?’ And it’s our view that you should see a resounding ‘yes’ to both. We believe that through the melding or the combining of management, software and security software, we feel like that combination is what makes that love and trust possible.”

Jamf also confirmed that it now manages 29 million Apple devices worldwide with 69,000 customers — that’s up 15% since earlier this year. Complex simplicity makes a difference.

Here’s what Jamf unveiled at the start of JNUC 2022

The Jamf Trust app binds user identity to a device so that Jamf’s security services are dynamically configured according to user identity and role. This casts a protective cloak across the enterprise, placing protections around application access and making powerful enterprise-class protection consumer simple.

What this means in effect is that Jamf can now ensure macOS and iOS devices are configured correctly and secured against cyber-attacks from first boot.

Jamf Trust in action. The system can automatically react to an incoming threat, warn the user, explain the problem and alert the security monitoring system.

Next month, Jamf Protect will gain rich endpoint telemetry data collection along with a new offline deployment mode that streams telemetry data directly to a SIEM (Security Information and Event Management) system for customers with high-compliance requirements.

To support this new feature, the company has already scanned over 430 million unique domains. “By measuring a multitude of dimensions of these sites, including top-level domains, subdomain entropy, domain compositions and brand impersonation, Jamf has been able to identify and block more than 122,000 zero-day phishing attacks just in the last year,” the company said.

Coming in early 2023, Jamf plans a new Remote Access feature that will empower IT admins to authenticate and take remote control of any Mac in their fleet — both physical and virtual — directly from within Jamf Pro.

Jamf already ensures its systems are ready to install when Apple’s own operating systems ship. Last year, it began work to make third-party apps easier to manage and update with App Installers in the company’s App Catalog.

The company now monitors more than 1,000 titles that are frequently used by its customers with more than 100 available App Installers. IT can use the latter to install fully patched and updated versions of the apps they need.

Since it can happen at the MDM end, endpoints are protected against accidental installation of unapproved or unverified apps. The company is preparing to introduce improvements in its App Installer user notifications system, along with simplifying App installation within Self Service, to ensure only apps relevant to the user and authorized by IT are displayed in their customized app catalog.

The company also improved its patented Smart Group technology by synthesizing multiple layers of data, including user, device, and new-risk data into security workflows that enable organizations to identify threats and act on threat data automatically. Among other things, this exploits Jamf’s ability to block access to a device or to specific device capabilities if a compliance problem is detected.

The company also hinted at additional work with cloud identity providers such as Okta. It can now enforce use of Private Access to ensure only protected devices with encrypted data can run enterprise apps, while automatically blocking compromised users and devices.

As noted, the company is also looking to ease pain points in authorization. Microsoft Device Compliance will be available to Jamf-protected Macs later this year, while Google’s context-aware zero trust framework (BeyondCorp) will be available to iOS devices in early 2023. These protections are already available on iOS and Mac, respectively.

Jamf says the combination of all these new zero-trust capabilities will deliver multiple layers of organizational protection through device health scores and Smart Groups to block non-compliant usage at device, network, and cloud layers. 

Hager explained the approach maximizes the potential of zero trust. “We would rather talk about trusted access,” he said. “That’s where the Microsoft and the Google integration comes in.

“Because, let’s face it, if Jamf senses that something is wrong with a device or person, we can block that device immediately. We can shut off that device at the network level. With our private access, or Microsoft and Google through their integration with us, they can shut off access so we actually have the ability to block access at the device level, at the network level, and at the cloud level. And honestly, I don’t know of anybody else in the industry that can do that. And as a result, an organization can trust every point of access that’s coming in.”

Hager also pointed out how Jamf Protect can create viable barriers between personal and enterprise use of a device, protecting privacy while protecting the device – and the business. It’s all about maintaining Apple’s “relentless focus on the person” in the enterprise, Hager said on stage at JNUC.

Those plastic access cards/badges everyone loses should be consigned to the landfill of history. Starting next year, Jamf will integrate SwiftConnect’s cloud platform so that organizations can provide employees with digital employee badges accessed through Apple Wallet on the iPhone and Apple Watch and authenticated through the employee’s cloud identity. It basically means your watch or iPhone will be your office key.

Reassuringly, this integration between Jamf Trust and SwiftConnect’s cloud platform will also integrate with cloud identity, credential management, and access control industry leaders including Microsoft, Okta, Google, HID, Lenel, Genetec, and others.

Apple will support Declarative Device Management in Macs starting next year.

Coming next month, Jamf will support this functionality. It means devices will proactively report their status in real-time, which means IT can automate or make better decisions around device protection. In related news, Jamf and AWS last week announced their new partnership to automatically enroll virtual EC2 Macs into Jamf Pro when they are provisioned through the AWS portal.

There is more coming from the event, so stay tuned as I dig deep into the announcements from the show.

Please follow me on Twitter, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

http://www.computerworld.com/category/security/index.rss