Jamf Launches New Apple Device Security Offerings: 5 Things To Know
The Apple enterprise specialist unveils Jamf Protect for macOS endpoint protection, along with enhanced identity security for Apple mobile devices.
Apple device management software maker Jamf announced its expansion into providing endpoint protection for macOS devices, in connection with its JNUC 2019 conference.
JNUC, or Jamf Nation User Conference, is taking place this week in Jamf's home city of Minneapolis, with more than 2,000 Apple IT administrators expected to attend.
Jamf reports having more than 35,000 customers and managing 15 million Apple devices. Jamf's flagship product, Jamf Pro, is an enterprise mobility management offering for managing and securing devices including Macs, iPads and iPhones.
Jamf's recent growth has been driven in part through increased efforts with channel partners, company executives have told CRN.
"This has probably been the greatest year of channel expansion that we've ever had," said Jamf CEO Dean Hager in a recent interview. He cited momentum with large partners including SHI International and Insight Enterprises, "coupled with hundreds of geographic channel partners."
Meanwhile, Jamf announced the acquisition of Digita Security, a startup that's developed a security offering purpose-built for Macs, in July.
Now, the company is formally unveiling its macOS endpoint security offering while also announcing enhanced identity security for mobile devices.
What follows are five things to know about Jamf's new Apple device security offerings.
For Jamf's expansion into macOS endpoint protection, the company is unveiling the launch of the Jamf Protect offering.
Following the acquisition of Digita Security in July, Hager explained that Jamf Pro does have the ability to issue security-related policies—such as a policy that users must have a complex password or that all Macs need to be encrypted.
What Jamf Pro doesn't do is look for behaviors of the system—or perhaps the user—that could indicate that there may be a security threat, Hager said.
"Jamf Pro doesn't monitor for those types of unique threats that could be occurring on the device," he said.
To fill that gap, Jamf Protect uses native Apple security tools—paired with on-device analysis of macOS device activity—to develop telemetry that is customized for each organization's security team, the company said.
The offering provides in-depth visibility into a fleet of macOS devices, enabling improved responses and enhanced blocking of threats, according to Jamf.
The offering leverages Jamf’s "Apple-first and Apple-only approach," making Jamf Protect "unique in how it provides a granular view of native macOS security capabilities and an analysis of real-time events,” said Josh Stein, director of product strategy for Jamf Protect, in a news release.
Jamf Protect monitors activity across the system, "enabling security teams to take action against Mac-based threats which may otherwise go unnoticed, all while allowing organizations to embrace new OS functionality from day one," Stein said.
Key capabilities of Jamf Protect include native tool visibility for gaining and extending visibility into the built-in security tools within macOS such as XProtect and Gatekeeper. This visibility enables enhanced awareness, reporting and compliance, Jamf said.
Jamf Protect also provides on-device activity analysis—providing real-time alerts and empowering organizations to address threats proactively—along with granular control over the data that is being collected and the location it's being sent to, the company said. This includes a capability to send data into existing SIEM (security information and event management) platforms.
In addition, by leveraging Apple’s recently released Endpoint Security Framework, customers "can support the latest and most secure macOS experience from the first day a new operating system is available," Jamf said in its release.
Jamf said that Jamf Protect has received CIS Benchmarks certification from the nonprofit Center for Internet Security. CIS Benchmarks are consensus-based configuration standards for security technologies.
Customers that use Jamf Protect will be able to audit against the CIS Benchmarks, enabling them to make sure their fleets are aligned with the CIS security standards.
With the certification, Jamf "has demonstrated its commitment to actively solve the foundational problem of ensuring standard configurations are used throughout a given enterprise,” said Curtis Dukes, executive vice president of the Security Best Practices and Automation Group at the Center for Internet Security, in the news release.
Jamf Protect is now generally available in the U.S. for commercial organizations.
In the news release, Hager pointed to the growth of the Mac in the enterprise in recent years, saying that "a security solution focused on increasing an organization’s Mac security posture is needed more than ever."
Jamf is now bringing "the same Apple expertise to security that we've brought to device management," he said.
Jamf Connect for Mobile
With Jamf Connect, organizations have been able to more easily provision Mac device users from cloud identity services, allowing for streamlined management of accounts and authentication. Now, the company is extending Jamf Connect to mobile devices. Users can now tap a single corporate identity on any mobile device, whether macOS, iOS or iPadOS, Jamf said.
Users can also now use an iPhone to get password-free access to their Mac, enterprise cloud resource or Windows computer, Jamf said. By combining Public Key Infrastructure with Jamf Connect, Jamf enables iPhones to replicate a smart card and FIDO Security Key to enable this password-free authentication through “most modern authentication systems," Jamf said in its release.