Security and privacy go hand in hand in the connected enterprise. As we head into the holidays, there's good news for security-conscious businesses using a Jamf Mac: powerful new telemetry tools in Jamf Protect.

Because complex security is sexy

We know that business users not only have a responsibility to keep things secure, but they also have to prove that they do. Beyond that, many regulated industries must maintain increasingly complex security event logs and information to show how hard they are working to protect their systems.

Announced in September and available in an update this week, Jamf Protect (first introduced in 2019) now offers rich collection of endpoint telemetry data, as well as a new offline deployment mode that streams telemetry data directly to a SIEM (security information and event management console). ) for companies that need to meet high compliance requirements.

The idea is to "give security teams the rich audit telemetry they need, while adhering to the most stringent data processing requirements for organizations with high compliance needs," said Michael Covington, vice president of strategy for Jamf portfolio. His company recently acquired telemetry data security firm Zecops.

What this means for the business

The company says the update means its protection software now meets the requirements of President Biden's Executive Order 14028 to improve the nation's cybersecurity.

Among other things, this comprehensive 44-page document mandates minimum security goals that must be met across the federal government, including registration, records retention, and records management. The goal is to strengthen national security at every possible level.

The latest Jamf Protect update brings the software into compliance with these requirements, so commercial Macs can meet stringent compliance requirements. This means it collects the type of data needed for rigorous incident investigation, including tools to capture endpoint telemetry and transmit that data to SIEM and customer-owned data repositories. This is not a new feature; it was included in the company's compliance reporting tool and is now available to all Jamf Protect customers.

What data is collected?

Telemetry data is important. (Jamf argues that while it is collected, personal data is not.) This includes system data, threat detection logs, and network traffic details.

This type of data is meat and drink for security professionals, helping them identify, monitor, and hunt threats.

Threat hunters will be able to analyze macOS activity logs in near real time using a single endpoint agent. This is important because, especially in the case of large attacks against corporate systems, professional security guards will look at this telemetry before blocking the attack. Attacks don't always work on one level, so it's a good idea to check for any associated activity before blocking. More sophisticated attackers incorporate background attacks to complement the main attack.

This is the kind of activity that sophisticated telemetry can sometimes help reveal.

Jamf Protect also benefits from a new offline deployment mode for customers with high compliance requirements.

The real social network

As Apple continues to improve the security of all its products at the platform level, there are still certain sections of its user base that require more focused solutions for specific needs.

That is, of course, what Apple's entire third-party ecosystem in the enterprise seeks to serve. “At Jamf, our mission is to bridge the gap between what Apple offers and what the company needs,” Covington said. The nature of association and mutual aid is of course the true social network. Beware of imitations.

In this case, Apple and its partners are putting up walls to protect the ecosystem, something that is happening now on all platforms. You probably also need to check your own security systems.

Follow me on Mastodon or join me at AppleHolic's bar & grill and Apple discussion groups on MeWe.

Copyright © 2022 IDG Communications, Inc.

Share This