Tag Archives: features

Android 11 features zero in on security, privacy

New Android 11 features will likely not represent a major shift for the enterprise, but industry observers believe they will help IT professionals better manage mobile devices.

Google released the first developer preview of the updated OS last month, with a final release expected in the third quarter of 2020. Among the changes are a few items — including improved biometric support and limited-time permissions for applications — that experts said would affect businesses.

Eric Klein, an independent analyst, said the improvements reflect Google’s larger efforts to appeal to enterprise customers.

Eric KleinEric Klein

“The way in which they’re approaching their overall strategy as an organization — from Chrome to the cloud and G Suite [productivity applications] — they’re continuing to refine their assets for business use,” he said.

A focus on privacy and security

Android 11, per the preview, includes changes intended to bolster privacy and security. One feature offers users greater control over what applications can do; it lets users — or IT administrators — give apps one-time-only permissions to access such things as location data or a phone’s camera and microphone.

According to Google, this builds on an Android 10 feature, in which users could permit an application to access such data and features, but only while the app was in use.

Andrew HewittAndrew Hewitt

Forrester analyst Andrew Hewitt said the granular data control offered by this feature is in line with modern enterprise security.

“[It] is more philosophically aligned [than before] with a zero-trust strategy — where a user only has access to what they need, and nothing more,” he said.

Klein said the feature will work as part of an overall device management strategy to help prevent bad actors from taking user data.

“There are many ways enterprises are protecting themselves that are well-known, basic security hygiene: restricting application usage, blacklisting apps — things of that nature,” he said, adding that controlling app permissions is a further step along that journey.

Android 11 will also reportedly include greater biometric support, notably by making it easier to integrate biometric authentication into apps and allowing developers to determine which biometric inputs — like fingerprints, iris scans and face scans — they consider strong or weak.

Hewitt said such a feature will interest IT professionals as they look to eliminate passwords — a frequent pain point in ensuring enterprise security.

“While passwordless authentication still remains immature in adoption, it’s certainly on the minds of many mobility management professionals,” he said.

Other effects on the enterprise

While security improvements are an integral part of Android 11, they are not the only ones set to have an impact on companies.

Holger MuellerHolger Mueller

Holger Mueller, vice president and principal analyst at Constellation Research, said he saw changes like improved 5G support — including a feature that determines whether a device is on a metered or unmetered network and adjusts data traffic accordingly — as new and necessary steps for Android.

The implementation of new messaging and chat “bubbles” — notifications that float on top of other applications and thus enable text conversations while multi-tasking — was taken as a heartening sign for productivity.

“[It’s] good to see Google not giving up on messaging,” he said. “The new messaging will likely improve [the] everyday user experience on Android.”

Hewitt said that with Android 11, Google has implemented new processes and options to ensure OS updates do not break app compatibility. Google announced methods, for example, to help developers test for compatibility by turning changes on or off — making it easier to determine which new OS behavior might pose problems.

“[Compatibility] has been a perennial issue in enterprise mobility,” Hewitt said.

Competing with iOS

Klein said the improvements in Android 11 — especially those related to privacy and security — reflect Google’s desire to compete for the enterprise. He noted Android’s reputation for security has long lagged behind that of iOS.

“There’s a perception that it’s just not secure — that hasn’t gone away yet,” he said. “Many [administrators] will say, ‘I’m not trusting an Android device. I’m not trusting my employees with Android devices.’ That perception is still there, and it’s something Google has to overcome. I think they are overcoming it.”

Google, Klein said, has historically faced criticism for the cadence of its security patches and its reliance on partners to push out those patches. The company has been working to improve that process, he said.

“In order to [compete] effectively — to ensure that peace of mind IT requires for mass rollouts — they’re going to have to … show they’re serious about security and privacy,” he said.

Go to Original Article
Author:

Salesforce adds new features to Trailhead Live and Go mobile app

Salesforce has added two new features to both Trailhead Live and the Trailhead Go mobile app, making it easier to connect with other users and learn on the go.

Trailhead Live, which features training sessions about Salesforce-related topics with instructors in real time, now includes expert-led Q&As during live broadcasts, enabling viewers to ask instructors questions during sessions. Sessions can also now include live chat capabilities, giving viewers the opportunity to speak with one another. Live is no longer only available to desktop users; it is also available on the Trailhead Go mobile app.

“While it’s great to follow a recorded video, the reality is that at some point you want to be able to interact in real time with a trainer,” said Nicole France, vice president and principal analyst at Constellation Research. “Live training sessions — even virtual ones — are the only way to do that.”

Learning on the go

Live was one of the most requested Trailhead features on both the mobile app and desktop site, said Amber Boaz, a Salesforce MVP and Salesforce solution architect at Rapid7.

“Lots of users learn in different ways, and Trailhead Live fills a hole in Trailhead functionality,” Boaz said.

Trailhead is Salesforce’s free customer success learning platform, enabling both users and nonusers to gain skills in the CRM giant’s systems.

Greg Grothaus, a Salesforce administrator at Cloud Pathfinder and a platform app builder, has logged 20 to 30 hours on Trailhead Go since its launch at Dreamforce 2019, and three to five hours with Trailhead Live. For the most part, he finds the app helpful when he doesn’t have access to his laptop or a full web browser and is a way to fill his time when he has a few minutes to spare.

In the old days when we had downtime during a commute, we would listen to audiobooks. Now we can get job skills, for free.
Greg GrothausSalesforce administrator, Cloud Pathfinder

“In the old days when we had downtime during a commute, we would listen to audiobooks,” he said. “Now we can get job skills, for free.”

Grothaus is currently working toward his third Salesforce certification — Sales Cloud consultant. This is the fourth most-sought certification after administrator, platform app builder and platform developer I, according to the Mason Frank Salary Survey 2019/2020. The survey also showed that 94% of survey respondents use the Salesforce training tool.

Boaz also uses the Go app in her spare time, in place of mindlessly scrolling through Twitter or playing Candy Crush.

“Hour for hour though, I do more Trailhead on my laptop than my phone,” she said.

Trailhead Go shortcomings

While the Trailhead Go mobile app makes it convenient for Salesforce users to study for certifications and learn more about the product, it is not a replacement for the desktop site.

Trailhead Go screenshot
This personalized homepage on the Trailhead Go app provides a link to Trailhead Live materials.

Trailhead Go users are able to do the reading portions of training modules from the app, but when they need to do any hands-on work in a sandbox, the app asks users to open a Salesforce training environment, moving them from the app to the full website version of Trailhead.

“To do the work in the sandbox, you really need a mouse and a keyboard,” Grothaus said.

Trailhead Go is currently only available for iOS, while the full site is available on any device.

The reason for an iOS-only mobile app is that a high proportion of the Trailhead audience is likely on some form of iOS device, France said.

“Nevertheless, Salesforce is definitely missing a trick in not making it available to Android users as well,” she said.

Trailhead users who want to take advantage of real-time broadcasts can view the schedule in advance on the Trailhead Live webpage.

Go to Original Article
Author:

Using Azure AD conditional access for tighter security

As is standard with technologies in the cloud, the features in Azure Active Directory are on the move.

The Azure version of Active Directory differs from its on-premises version in many ways, including its exposure to the internet. There are ways to protect your environment and be safe, but that’s not the case by default. Here are two changes you should make to protect your Azure AD environment.

Block legacy authentication

Modern authentication is Microsoft’s term for a set of rules and requirements on how systems can communicate and authenticate with Azure AD. This requirement is put in place for several security benefits, but it’s also not enforced by default on an Azure AD tenant.

Legacy authentication is used for many types of attacks against Azure AD-based accounts. If you block legacy authentication, then you will block those attacks, but there’s a chance you’ll prevent users trying to perform legitimate tasks.

This is where Azure AD conditional access can help. Instead of a simple off switch for legacy authentication, you can create one or more policies — a set of rules — that dictate what is and isn’t allowed under certain scenarios.

You can start by creating an Azure AD conditional access policy that requires modern authentication or it blocks the sign-in attempt. Microsoft recently added a “report only” option to conditional access policies, which is highly recommended to use and leave on a few days after deployment. This will show you the users still using legacy authentication that you need to remediate before you enforce the policy for real. This helps to ensure you don’t stop users from doing their jobs.

However, this change will severely limit mobile phone email applications. The only ones officially supported with modern authentication are Outlook for iOS and Android, and Apple iOS Mail.

Implement multifactor authentication

This sounds like an obvious one, but there are many ways to do multifactor authentication (MFA). Your Microsoft licensing is one of the factors that dictates your choices. The good news is that options are available to all licensing tiers — including the free one — but the most flexible options come from Azure AD Premium P1 and P2.

With those paid plans, conditional access rules can be a lot nicer than just forcing MFA all the time. For example, you might not require MFA if the user accesses a Microsoft service from an IP address at your office or if the device is Azure AD-joined. You might prefer that both of those scenarios are requirements to avoid MFA while other situations, such as a user seeking access on a PC not owned by the company, will prompt for extra authentication.

MFA doesn’t have to just be SMS-based authentication. Microsoft’s Authenticator App might take a few more steps for someone to set up the first time they register, but it’s much easier to just accept a pop-up on your mobile device as a second factor of authorization, rather than waiting for an SMS, reading the six-digit number, then typing it into your PC.

Without MFA, you’re running a high risk of having an internet-exposed authentication system that attackers can easily try leaked credentials or use spray attacks until they hit a successful login with a username and password.

The other common attack is credential phishing. This can be particularly successful when the threat actor uses a compromised account to send out phishing emails to the person’s contacts or use fake forms to get the contact’s credentials, too. This would be mostly harmless if the victim’s account required MFA.

Accounts in Azure AD will lock out after 10 failed attempts without MFA, but only for a minute, then gradually increase the time after further failure attempts. This is a good way to slow down the attackers, and it’s also smart enough to only block the attacker and keep your user working away. But the attacker can just move onto the next account and come back to the previous account at a later time, eventually hitting a correct password.

Azure AD conditional access changes are coming

The above recommendations can be enabled by four conditional access baseline policies, which should be visible in all Azure AD tenants (still in preview), but it appears these are being removed in the future.

baseline protection policies
Microsoft plans to replace the baseline protection policies with security defaults

The policies will be replaced by a single option called Security Defaults, found under the Manage > Properties section of Azure AD. The baseline policies helped you be a bit more granular about what security you wanted and the enablement of each feature. To keep that flexibility, you’ll need Azure AD Premium once these baseline policies go.

Turning on Security Defaults in your Azure AD tenant will:

  • force administrators to use MFA;
  • force privileged actions, such as using Azure PowerShell, to use MFA;
  • force all users to register for MFA within 14 days; and
  • block legacy authentication for all users.

I suspect the uptake wasn’t enough, which is why Microsoft is moving to a single toggle option to enable these recommendations. I also hazard to guess that Microsoft will make this option on by default for new tenants in the future, but there’s no need for you to wait. If you don’t have these options on, you should be working on enabling them as soon as you can.

Go to Original Article
Author:

Virtualization-Based Security: Enabled by Default

Virtualization-based Security (VBS) uses hardware virtualization features to create and isolate a secure region of memory from the normal operating system. Windows can use this “virtual secure mode” (VSM) to host a number of security solutions, providing them with greatly increased protection from vulnerabilities in the operating system, and preventing the use of malicious exploits which attempt to defeat operating systems protections.

The Microsoft hypervisor creates VSM and enforces restrictions which protect vital operating system resources, provides an isolated execution environment for privileged software and can protect secrets such as authenticated user credentials. With the increased protections offered by VBS, even if malware compromises the operating system kernel, the possible exploits can be greatly limited and contained because the hypervisor can prevent the malware from executing code or accessing secrets.

The Microsoft hypervisor has supported VSM since the earliest versions of Windows 10. However, until recently, Virtualization-based Security has been an optional feature that is most commonly enabled by enterprises. This was great, but the hypervisor development team was not satisfied. We believed that all devices running Windows should have Microsoft’s most advanced and most effective security features enabled by default. In addition to bringing significant security benefits to Windows, achieving default enablement status for the Microsoft hypervisor enables seamless integration of numerous other scenarios leveraging virtualization. Examples include WSL2, Windows Defender Application Guard, Windows Sandbox, Windows Hypervisor Platform support for 3rd party virtualization software, and much more.

With that goal in mind, we have been hard at work over the past several Windows releases optimizing every aspect of VSM. We knew that getting to the point where VBS could be enabled by default would require reducing the performance and power impact of running the Microsoft hypervisor on typical consumer-grade hardware like tablets, laptops and desktop PCs. We had to make the incremental cost of running the hypervisor as close to zero as possible and this was going to require close partnership with the Windows kernel team and our closest silicon partners – Intel, AMD, and ARM (Qualcomm).

Through software innovations like HyperClear and by making significant hypervisor and Windows kernel changes to avoid fragmenting large pages in the second-level address translation table, we were able to dramatically reduce the runtime performance and power impact of hypervisor memory management. We also heavily optimized hot hypervisor codepaths responsible for things like interrupt virtualization – taking advantage of hardware virtualization assists where we found that it was helpful to do so. Last but not least, we further reduced the performance and power impact of a key VSM feature called Hypervisor-Enforced Code Integrity (HVCI) by working with silicon partners to design completely new hardware features including Intel’s Mode-based execute control for EPT (MBEC), AMD’s Guest-mode execute trap for NPT (GMET), and ARM’s Translation table stage 2 Unprivileged Execute-never (TTS2UXN).

I’m proud to say that as of Windows 10 version 1903 9D, we have succeeded in enabling Virtualization-based Security by default on some capable hardware!

The Samsung Galaxy Book2 is officially the first Windows PC to have VBS enabled by default. This PC is built around the Qualcomm Snapdragon 850 processor, a 64-bit ARM processor. This is particularly exciting for the Microsoft hypervisor development team because it also marks the first time that enabling our hypervisor is officially supported on any ARM-based device.

Keep an eye on this blog for announcements regarding the default-enablement of VBS on additional hardware and in future versions of Windows 10.

Go to Original Article
Author: brucesherwin

How should organizations approach API-based SIP services?

Many Session Initiation Protocol features are now available through open APIs for a variety of platforms. While voice over IP only refers to voice calls, SIP encompasses the set up and release of all calls, whether they are voice, video or a combination of the two.

Because SIP establishes and tears down call sessions, it brings multiple tools into play. SIP services enable the use of multimedia, VoIP and messaging, and can be incorporated into a website, program or mobile application in many ways.

The APIs available range from application-specific APIs to native programming languages, such as Java or Python, for web-based applications. Some newer interfaces are operating system-specific for Android and iOS. SIP is an open protocol, which makes most features available natively regardless of the SIP vendor. However, the features and implementations for SIP service APIs are specific to the API vendor. 

Some of the more promising features include the ability to create a call during the shopping experience or from the shopping cart at checkout. This enables customer service representatives and customers to view the same product and discuss and highlight features within a browser, creating an enhanced customer shopping experience.

The type of API will vary based on which offerings you use. Before issuing a request for a quote, issue a request for information (RFI) to learn what kinds of SIP service APIs a vendor has to offer. While this step takes time, it will allow you to determine what is available and what you want to use. You will want to determine the platform or platforms you wish to support. Some APIs may be more compatible with specific platforms, which will require some programming to work with other platforms.

Make sure to address security in your RFI.  Some companies will program your APIs for you. If you don’t have the expertise, or aren’t sure what you’re looking for, then it’s advantageous to meet with some of those companies to learn what security features you need. 

Go to Original Article
Author:

Microsoft offers few upgrades for Skype server in 2019

Microsoft added no significant end-user features to on-premises Skype for Business in 2019, closing out the year with a December update that mostly fixes bugs.

Microsoft’s lack of investment in Skype server underscores how the company views the product as a placeholder for businesses not yet ready to move to the cloud.

In recent updates, Microsoft extended location-based routing to Skype for Business mobile clients. The feature, now a standard component of modern business phone systems, helps companies reduce PSTN costs by keeping audio traffic in-network when possible.

Microsoft also this year began a phased replacement of the Skype server’s IT control panel, which is based on outdated technology. Another update gave IT admins new tools for automating user settings on a large scale.

Otherwise, the vendor’s July and December updates contained mostly bug fixes and security tweaks for the Skype server. In years past, those updates would have included significant features for the Skype product. But more recently, the vendor has focused its research and development efforts on cloud-based Microsoft Teams.

Consequentially, many organizations are not even bothering to purchase the latest iteration of Skype server, version 2019, released last October, said Tom Arbuthnot, principal solutions architect at Modality Systems, a Microsoft-focused systems integrator.

Instead, those customers are sticking with the previous iteration, version 2015. Microsoft has scheduled extended maintenance for the 2015 and 2019 versions of Skype to end simultaneously in 2025, giving businesses little incentive to make the costly switch.

“I don’t see load and loads of people upgrading to 2019. They will string out 2015 until they are ready to go to Teams,” Arbuthnot said. “[Microsoft is] disincentivizing you from going to 2019.”

The 2019 server introduced new ways to integrate the on-premises product with cloud services, such as cloud voicemail and Azure Active Directory. It also uses more recent security protocols. But it offers virtually no new end-user features compared to what was added to the 2015 version.

Microsoft’s decision to stop investing in its on-premises unified communications product stands in contrast to Cisco. The rival vendor has continued to enhance the features of the messaging app Cisco Jabber even while building out a cloud portfolio based on the Webex suite.

Microsoft appears more focused on winning subscribers to Office 365, a cloud-based suite of productivity apps that includes Teams. In particular, the company has taken aim at the collaboration app Slack, a competitor to Teams.

Microsoft announced last month that Teams had gained 20 million daily active users, more than Slack’s 13 million. But those figures still represent only a fraction of Microsoft’s base of customers, which includes 200 million commercial users of Office 365.

Microsoft has not revealed how many organizations are still using Skype, but it likely remains one of the most-installed UC apps in the market. More than 100 million people used Microsoft Lync as of 2015 when the product was rebranded to Skype for Business.

Meanwhile, Microsoft has announced that it will shutter Skype for Business Online, a cloud-based product within Office 365, on July 31, 2021.

Go to Original Article
Author:

For Sale – Lenovo ThinkCentre M93p, i5 4690K 3.5-3.9 GHz, Blu-Ray, Windows 10 Pro,

Lenovo ThinkCentre M93p

Windows 10 Pro Activated through Microsoft Upgrade Program and fully updated
Nero 16 Platinum HD
Intel Core i5 4690K 3.5 GHz Quad Core CPU (K for overclockable) Max Turbo Frequency 3.9 GHz
Pioneer BD-RW BDR-207DBK (Blu-Ray)
DVD-R
Multi Media Card Reader
2 x USB2 + 6 x USB3
8 GB DDRAM3 1600 MHz
500 GB HDD

1 GB DDRAM5 EVGA Nvidia GeForce GTX 650 PCIE GRFX Card 2 x DVI + HD Audio

Onboard HD Audio
Intel HD 4600 GRFX 2 GB (on the CPU)
Onboard 2 x Dual Display Port

Aerocool Integrator 600w PSU

This is a very fast capable PC. It’s actually a Business Workstation described as cutting edge computing for large enterprise by Lenovo.

I bought this to keep for myself hence some of the upgrades. I swapped out the PSU to accommodate the GRFX Card that I already had but I decided to get a SFF M93p instead so this is now surplus to requirements.

Lenovo M93p (£150)
Windows 10 Pro Activated through Microsoft Upgrade Program and fully updated
Nero 14 Platinum
Intel Core i5 4670 3.4 – 3.8 GHz Turbo Mode CPU
8 GB DDRAM3
500 GB HDD
DVD-R/RW
2 x USB2 + 6 x USB3
ATI Radeon HD5450 1 GB PCIE GRFX Card + HD Audio

Onboard HD Audio
Onboard 2 x Dual Display Port

Keyboard & Mouse

Go to Original Article
Author:

Adobe Sign introduces updates targeting mobile device users

Adobe Sign updates this week brought new features supporting mobile devices and new integrations with Microsoft cloud products including SharePoint, Dynamics, PowerApps and Flow, Teams and Azure.

According to Mike Prizament, senior product marketing manager at Adobe, the company emphasized improving user experience on mobile because nearly half of its users start the signing process on their phones. “If 50% of people check their email, and then they try to start signing a document on their phone, we want it to be as easy as possible,” he said.

The Adobe Sign updates include the following:

Improved mobile signing experience: Adobe Sign enables users to zoom in on areas they need to sign and provides mobile-friendly navigation buttons that guide the signer through required fields. The company said these functionalities are available on mobile web and don’t require users to download an app.

New home screen interface: The Adobe Sign home screen has a new design intended to make the main e-signature tools more visible and accessible. The tools let users send out a document for signatures, track document status and manage the signing process. Users can send documents from the Adobe Sign home screen for people to sign instead of emailing the document or sending paper copies, according to the company.

 The new Adobe Sign home screen.
The new Adobe Sign home screen.

New manage page: The new page lets managers responsible for sending documents for signatures track or modify the process. The user can check to whom the documents were sent, determine whether a recipient opened the document yet, change or cancel recipients and archive the documents.

Adobe Sign allows two different levels of account sharing on the manage page: view only and full access. The view-only sharing mode allows the main manager to share the account to team members so they are given access to only view the status of the task. The full-access sharing mode gives complete control to team members to take over the manager’s account in case the person is taking a vacation or leaving the company, according to Adobe.

The new Adobe Sign manage page.
The new Adobe Sign manage page.

Users can swap back and forth between accounts in a drop-down menu on the manage page.

Integrations with Microsoft cloud productivity products

Adobe Sign has updated integrations with the following Microsoft products:

  • Microsoft SharePoint: Users can create and embed digital forms that can be filled, signed and reused. The update is intended to help customers collect information from a large number of people inside and outside the company. Data from the forms is automatically saved and mapped back to a SharePoint list.
  • Microsoft Dynamics 365: E-signatures works with Dynamics 365 Sales in more languages, including German, French and Japanese.
  • Microsoft PowerApps and Power Automate in the Government Community Cloud: Users can add signing workflows when a new document is uploaded in SharePoint, then route final documents and create an audit trail to OneDrive/SharePoint.
  • Microsoft Teams: Team members can send documents for signatures and manage, track and get notifications for the status of important documents. The Adobe Sign integration in Teams is certified as part of the Microsoft 365 Certification program, ensuring that enterprise data privacy and security are protected from third-party developed applications in Microsoft 365.
  • Microsoft Azure: Adobe Sign is now available in Microsoft Azure in Europe and stores all data, content and information within the EU.
  • Microsoft Azure Active Directory: Microsoft Azure Active Directory enterprise customers can use single sign-on to send Adobe Sign to their employees via the Adobe admin console within 30 minutes.

“Signature is a key component to identity, and identity is a key component to trusted commerce. Adobe has a huge potential to leverage over 1 billion PDF users in the future of legal signing authority,” said R “Ray” Wang, principal analyst and founder at Constellation Research.

He said the latest integrations with Microsoft products will enable tools such as Dynamics 365 Sales, Microsoft SharePoint, Teams and other apps to take advantage of signature from Adobe.

Wang said Adobe ultimately competes with DocuSign, a cloud service providing e-signature technology.

Adobe sees a big potential still ahead for the market of e-signatures, citing IDC research sponsored by Adobe that found 80% of enterprise document processes still rely on paper. “There’s still a huge opportunity there, and this is a big area that Adobe Sign looks to solve together with Adobe Document Cloud,” Prizament said.

Go to Original Article
Author:

Jamf Protect offers visibility, protection for macOS admins

MINNEAPOLIS — Compliance and behavioral analysis features in endpoint security tool Jamf Protect may lessen IT concerns about adopting macOS devices in the enterprise.

Jamf Protect offers a kernel-less — or kextless — approach to endpoint security, which was announced here at Jamf Nation User Conference (JNUC) 2019, Jamf’s annual user conference. The platform offers day-one support of new macOS security features, insight into compliance across an organization’s fleet of macOS devices and behavior-based malware detection.

As the use of macOS in the enterprise increases, the landscape of security threats evolves, said David McIntyre, CISO and CTO of Build America Mutual, a financial services company in New York.

“There were so many more threats for Mac than I thought, so we had to add something to fight them off,” McIntyre said.

The origin of Jamf Protect

The announcement of a Jamf endpoint protection tool aligns with the company’s acquisition of Digita Security, a macOS endpoint security management company, earlier this year.

A lack of security management is one of the biggest hindrances to macOS adoption in the enterprise, said Patrick Wardle, co-founder at Digita Security and current principle security researcher at Jamf. Most enterprise organizations that consider deploying macOS devices have existing Windows machines that they manage, and as such they have a Windows-focused desktop management infrastructure.

“In an ideal world, the single pane of glass for Windows and Mac endpoint management would work, but feature parity is largely missing for the macOS components of these tools,” Wardle said.

What can Jamf Protect do?

Jamf Protect offers kextless management; instead of kernel extensions, it builds on the EndpointSecurity framework that Apple provides. Kext files extend Mac OS X kernels and can bloat a desktop with additional code. With the release of macOS 10.15 Catalina, Apple deprecated kernel extensions to encourage a kextless approach.

“It’ll be huge for us if we can get rid of apps that use kext files,” said Tom O’Mahoney, a systems support analyst at Home Advisor in Golden, Co. “Hopefully that’s the future of all desktop management.”

It’ll be huge for us if we can get rid of apps that use kext files — hopefully that’s the future of all desktop management.
Tom O’MahoneySystems support analyst, Home Advisor

Some kernel extensions only work with certain versions of Mac OS X and can prevent users from booting desktops after OS updates. Admins must troubleshoot this issue by searching through all of the OS’ kext files and determining which non-Apple kext file is causing the issue, as Apple automatically trusts kext files that have its developer ID.

“The kextless approach prevents a lot of issues that our current endpoint manager has with macOS updates,” said Brian Bocklett, IT engineer at Intercontinental Exchange, a financial services company in Atlanta, Ga.

Jamf Protect will also provide visibility into an organization’s entire macOS fleet. Admins can view the status of macOS devices’ security configurations and settings in the Insights tab of Jamf Protect and compare this data to endpoint security standards published by the Center for Internet Security (CIS).

Jamf Protect screenshot
Jamf Protect’s Insights tab

Michael Stover, a desktop engineer at Home Advisor, which has roughly a 90-10 split on Windows and macOS devices, said that macOS visibility is a common compliance issue.

“The CIS benchmarks are probably the biggest selling point for us,” he said. “It would be game-changing to see all that configuration data in one place and compare it to the benchmarks.”

The behavioral analysis style of macOS threat detection also drew some interest from JNUC 2019 attendees. This approach to malware detection identifies actions that files or software try to execute and searches for anomalies. If Jamf Protect finds instances of a phantom click, a common malware tactic, it can alert IT professionals to the suspicious behavior.

Jamf Protect forgoes attempts to recognize specific instances of malware; instead it recognizes the actions of potentially malicious software. Jamf Protect also detects software with an unfamiliar developer ID attempting to access data, install additional software or take actions that could invite malware onto a desktop.

“You don’t need to have every bank robber’s photo to know that someone running into a bank with a ski mask and a weapon is trying to rob that bank,” McIntyre said. 

Still, some aspects of Jamf Protect gave macOS admins pause, including the behavior analysis style of threat detection. In a Q&A after the Jamf Protect session ended, several attendees asked if the tool provides a more proactive approach for threat prevention and if Jamf Protect had any way to prevent false positives before they happen.

Spotify, for example, includes the suspicious phantom clicks as part of its UI, so users running Spotify could generate false positives. IT professionals can add exceptions to the behavioral analysis with Spotify and other similar cases, but it’s difficult to anticipate every exception they’ll need to add.

Additionally, some organizations require security standards far stricter than those of the CIS, and Jamf Protect doesn’t allow organizations to add their own benchmarks or customize the CIS benchmarks.

Jamf Protect is generally available as a paid subscription service for commerical U.S. customers, according to Jamf.

Go to Original Article
Author: