Jamf Protect adds powerful telemetry to protect Mac enterprise

Security and privacy go hand in hand in the connected enterprise. So as we approach the holiday break, there’s good news for security-conscious Mac-using enterprises from Jamf: powerful new telemetry tools in Jamf Protect.

We know that enterprise users don’t just have a responsibility to keep things secure, they also need to prove they’re doing so. Beyond that, many regulated industries must maintain ever more complex security event logging and insight to show how hard they’re working to protect their systems.

Announced in September and made available in an update this week, Jamf Protect (first introduced in 2019) now offers rich endpoint telemetry data collection along with a new offline deployment mode that streams telemetry data directly to a SIEM (Security information and Event Management console) for businesses that must meet high compliance requirements.

The idea is to “empower security teams with the rich audit telemetry they require, while adhering to the strictest data-handling requirements for organizations with high-compliance needs,” said Michael Covington, Jamf’s vice president of portfolio strategy. His company recently acquired telemetry data security firm Zecops.

The company says the update means its protection software now meets the requirements of President Biden’s Executive Order 14028 improving the nation’s cybersecurity.

Among other things, this extensive 44-page document mandates minimum security goals that must be met across the federal government, including logging, log retention, and log management. The goal is to harden national security at every possible level. 

The latest update to Jamf Protect brings the software into line with these requirements, so enterprise Macs can meet the high demands of compliance. That means it gathers the kind of data required for stringent incident investigation, including tools to capture endpoint telemetry, and stream that data to customer-owned data repositories and SIEMs. This isn’t a new capability — it was included in the company’s compliance reporting tool, and is now available to all Jamf Protect customers.

The telemetry data is important. (Jamf maintains that while it is gathered, personal data is not.) It includes system data, threat detection logs, and network traffic details.

This kind of data is meat and drink to security professionals as it helps them identify threats, monitor them, and hunt them down.

Threat hunters will be able to analyze macOS activity logs in near real-time using a single endpoint agent. That’s important, as especially in the event of significant attacks on company systems, professional security operatives will look to such telemetry before locking down against the attack. Attacks don’t always operate at one level, so it’s sensible to check for any associated activity before locking down. The most sophisticated attackers build in background attacks to supplement the main thrust.

That’s the kind of activity sophisticated telemetry can sometimes help reveal.

Jamf Protect also gains a new offline deployment mode for customers with high compliance requirements.

While Apple continues to improve security across all its products on a platform level, there are always some sections of its user base who require solutions more focused on specific needs.

This, of course, is what the entire Apple-in-the-enterprise third-party ecosystem seeks to serve. “At Jamf, our mission is to bridge the gap between what Apple provides and what the enterprise requires,” said Covington. The nature of partnership and mutual support is, of course, the real social network. Beware imitations.

In this case, Apple and its partners are raising the walls to protect the ecosystem – something that’s happening on every platform now. You probably need to vet your own security systems, too.

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

http://www.computerworld.com/category/security/index.rss