NIS2 Directive: What does it mean to security teams?

Month: February 2023

Author: February 24, 2023 by IO

Source: https://www.jamf.com/blog/nis2-what-it-means-to-security-teams/

In the first blog of this series, we introduced the changes that are coming with the new Network and Information Security directive, or NIS 2. The new directive is expected to be written into law by the European Union member states by September 2024, giving organizations less than 2 years to get ready and compliant.

In Article 21 of the EU regulation text approved last December, the EU lays out the foundations of what it sees as the new gold standard for cybersecurity: a blueprint of measures to manage cybersecurity risk. These measures are meant to enhance existing security practices and unify the approach to safeguard users, systems and networks. In this blog, we will look at how the measures in the directive should guide Information Security teams on how to move forward.

NIS 2 establishes that the entities it covers need to take appropriate measures to protect their systems, and implement policies on:

  • Risk analysis
  • Incident handling
  • Business continuity and crisis management
  • Testing and auditing
  • Encryption
  • Multi-factor authentication
  • Supply chain security
  • Human resources and training

Such policies must improve the overall security posture of a company when preventing, managing, controlling and remediating threats.

Prevention is better than cure

When it comes to cybersecurity, prevention is two-pronged: equal importance must be given to the technology and to the users that rely on it. As the work environment has greatly changed, the threat landscape has grown with just as much speed. Attackers have evolved their approach to develop clever ways to obtain valuable organizational data and are targeting users more and more aggressively. Lack of information and education around cybersecurity may leave technology users exposed, so NIS 2 has specified user training as one of its mandates, as well as basic cybersecurity hygiene. Practices such as multi-factor authentication, applying updates and patches regularly, enforcing acceptable use policies, content filtering and controlling user permissions fall under this category.

On the other side of the prevention equation, there must be technology set up to constantly monitor threats and stop them before they can grow. Companies must employ a security solution capable of protection from known ransomware, trojans and unwanted programs, producing real-time alerts of attacks or suspicious activity. When procuring a security solution, it is also essential to know what it can offer in threat intelligence and how the critical telemetry data gathered from endpoints can be leveraged by companies to identify unknown threats as well as mitigate risk from known threats. A key question to consider is: can it keep on top of new threats and how does it remediate them, today and in the future?

Keep calm and carry on

Responding to incidents is a critical function of a successful security program. Acting in a timely manner is key in shutting the issue down and getting endpoints back behind the shield. NIS 2 addresses this and requires organizations to have robust plans to respond to incidents. IT teams must have continuous visibility of what’s happening on a device. A comprehensive remediation planmay include steps to isolate devices and users from the network, lock and quarantine equipment, remove unwanted files, recover data and restore the device to its rightful state while upholding compliance, in accordance with NIS 2 directives by “increasing the level of harmonisation of security and reporting requirements to facilitate regulatory compliance for entities.”

All these steps and contingencies aim to ensure business continuity, as required by NIS 2. Due to the nature of the organizations covered by the directive, disruptions to their work may result in societal and economic impacts for large groups of people. To minimize damages, security solutions with multiple layers of protection can mitigate risk while managing the entire fleet of devices, with minimal interference from one over the other.

At the onset of a significant incident, companies need to act fast in reporting to the competent authorities. For NIS 2, the EU has tightened the requirements regarding reporting incidents. While previously there was no need to report incidents affecting a small number of users, it will become an obligation of businesses to report any event or circumstance that could adversely impact systems if these could cause material and non-material losses.

Casting the safety net wide

A defense-in-depth strategy, capable of addressing both external cyber threats and usage behavior risks, is best to provide thorough coverage of security needs. To achieve this level of protection in the past, companies had to use products from multiple vendors. It’s just as well that today there are more holistic solutions available, as NIS 2 increases the responsibility of companies regarding each part of its supply chain. Organizations will be required to verify and consider the vulnerabilities of suppliers as part of their own security strategy. This requirement effectively expands the reach of NIS 2 and should help strengthen the block’s defenses, as it will undoubtedly have a ripple effect far beyond Europe.

Increased liability and further responsibilities for companies also feature in other parts of the text approved by the EU. In the next and last blog of the series, we will look at what NIS 2 means to the c-suite and management executives and how it will affect high-level decision-making in the cybersecurity space for many years to come.


How to streamline healthcare IT workflows with automation

Month: February 2023

Author: February 23, 2023 by LM

Source: https://www.jamf.com/blog/jawa-jamf-automation-webhook-assistant/

The digital transformation of work, increasing mobilization and user choice all have tremendous impact not only on enterprise organizations, but also in the healthcare space.

Today, modern healthcare IT and InfoSec teams need to balance the desire to enable modern devices – connecting users, resources and data – with the ability to manage diverse risk.

The solution to successfully modernize healthcare device management: IT process automation with Jamf. Of particular note to this discussion is the Jamf Automation and Webhook Assistant (JAWA), an open-source utility on Jamf Marketplace/GitHub.

In our webinar, Reinventing IT: Cutting Through Complexity with Automation, we discuss IT concerns unique to healthcare, how manual IT tasks can be automated with integration frameworks like JAWA, and how automation can solve key user and IT problems at scale.

We also learn how Cincinnati Children’s Hospital Medical Center uses Jamf automation tools and frameworks to scale, stabilize and secure mobility and deliver new patient and clinical experiences on iOS, iPadOS and tvOS devices.

Manage, secure and extend Apple in healthcare

Presenter Adam Mahmud, Jamf Sr. Product Marketing Manager, Healthcare, discusses the growth factors and trends in healthcare technology.

The broad adoption of cloud, mobile and hybrid work has introduced new requirements that must be managed, posing significant challenges to the security of modern healthcare.

Whether the concern is how to ensure staff are properly accessing sensitive data, or how to manage organizationally owned devices provided for patient use, the challenge is the same: providing the best user experience, while maintaining security and compliance.

Mahmud explores the Jamf solutions offered to manage and secure any Apple footprint, including not only core Jamf products, but patented industry workflows:

  • Healthcare Listener – automated bedside device management
  • Jamf Setup and Reset – simple provisioning and app refreshment
  • Virtual Visits – video conferencing automation

Power of automation

When it comes to streamlining device management, the key to freeing up workers from the drudgery of repetitive tasks is workflow automation.

As discussed by Chris Ball, Jamf Senior Sales Engineer, HiEd/Healthcare, successful automations are enhanced workflows that simplify success at scale.

The core pillars required for successful automation include:

  • Scalability
  • Dependability
  • Customizability
  • Extensibility
  • Precision

Jamf Pro includes powerful automations to simplify IT process management and automate device management tasks. Ball demonstrates how it’s also easy to expand your automation capabilities by using additional adjacent systems such as Jamf’s webhooks and the Jamf Automation and Webhook Assistant (JAWA).

Ball presents a detailed workflow for how JAWA may be used for device enrollment events, as well as different kinds of communication flows.

Automation in practice: Cincinnati Children’s Hospital Medical Center

Finally pulling together how all these powerful tools can be put to practical use, Walter Dobbins, Lead Administrator, Client Systems, Cincinnati Children’s Hospital Medical Center, explains how his organization uses technology to improve outcomes and partner in the care and wellness of their patients.

Over the past five years, the hospital’s focus has changed to becoming a more mobile workforce implementing iOS devices for nursing care, and more importantly improving patient experience.

He’s seen iOS devices for nursing care and patient experience grow in number significantly, from managing around 1,000 mobile devices, to managing over 1,800 macOS devices and over 7,500 iOS, iPadOS and tvOS devices, with the majority of iPadOS and tvOS devices placed in patient rooms as part of their wellness care.

The IT teams struggled to handle the growth with existing management systems. The solution to make their management as seamless as possible: Jamf Pro, Healthcare Listener and Jamf integrations such as JAWA for automations.

To hear more about Cincinnati Children’s Hospital Medical Center’s experience with Jamf Pro, JAWA and their successful results with automations, get in touch with us.


Meeting the changing needs of learners in higher education

Month: February 2023

Author: February 22, 2023 by MatP

Source: https://www.jamf.com/blog/technology-enhanced-learning-for-higher-education/

The pandemic may have accelerated digital growth and innovation from necessity alone. It forced organizations to address the urgent need for remote work and remote learning, cloud computing and global connectivity. But it’s gone further than that, and the tech is now here to stay. Technological skills are a must as workplaces in all sectors continue to transform.

The challenge for higher education: meeting the needs and expectations of learners along with an awareness of the most in-demand skills in our changing workplaces.

We are seeing a digital transformation in education, and the importance of taking advantage of the best educational technology tools available. This includes not only preparing students with the skills they need for the future, but also ensuring the proper management and security of both devices and data.

Ensuring that skills meet future needs

As digital transformation ripples out through the economy, a growing number of industry sectors are fighting to attract workers with skills in AI/ML, cloud computing, social media and product management.

An initiative by the World Economic Forum: the Reskilling Revolution platform, has reached more than 350 million people around the world since its launch in January 2020. This program aims to prepare the global workforce with the skills they need to future-proof their careers.

In theory, the skills needed in the workforce should drive higher education to meet those needs.

But according to research reports by the Organization for Economic Co-operation and Development (OECD), despite the clear and growing need for information and communication technology (ICT) skills, a declining number of students are going into higher education for ICT.

How does higher education need to adapt?

Higher education in general still reflects a more traditional view of education. You go to a class, listen to an expert, then show what you have learned by writing an essay.

We are seeing that innovations are not always readily adapted in higher education to reflect how students learn. Instead of embracing and educating change, fears can block necessary tech adoption.

The HolonIQ site references some aspects of what change could look like. This research and analytics platform for the global economy provides insights on new learning and teaching approaches, as well as the impact of disruptors such as ChatGPT, TikTok and AI.

The disruptive nature of these apps is an example of how technology, reflecting changes in society, can have an impact on education. The question is: does higher education hold onto its traditional values and approaches, or adapt to the changing needs of society and industry?

Although not all disruption is positive, choosing not to innovate is equally damaging and can cause a divide between what higher education offers and what society expects.

What are students expecting, based on their K-12 experience?

Students entering higher education post-COVID are already experiencing a transformation with more hands-on technology experience, and new modes of assessment.

In some education systems, we have seen the use of technology level the playing field, and positively impact learner outcomes through the choice of a less traditional education system.

We may see that students start choosing higher education destinations based more on the skills taught in relation to future employability prospects rather than the traditional status of the university.

How does technology help?

The widespread deployment and availability of technology is providing easier access for many learners: opening up possibilities for students when education is more affordable and no longer location dependent.

Remote learning offers an option to support more mature students that may have work or family commitments. Students can now access more educational opportunities online than ever before and can learn in a time and space that works for them.

This system also supports workers to develop new skills to enter developing industries.

What is needed to support change?

Jamf is ready to support higher education as it navigates these changes that are necessary to prepare the workforce of the future.

Jamf’s innovative solutions such as remote deployment and classroom support can help ensure that technology enhances and supports the educational experience of both staff and learners.

Prepare students for tomorrow’s workplace with Jamf.


Evasive cryptojacking malware targeting macOS found lurking in pirated applications

Month: February 2023

Author: February 23, 2023 by Jamf Threat Labs

Source: https://www.jamf.com/blog/cryptojacking-macos-malware-discovered-by-jamf-threat-labs

During routine monitoring of our threat detections in the wild, we encountered an alert indicating XMRig usage, a command-line crypto-mining tool. While XMRig is commonly used for legitimate purposes, its adaptable, open-source design has also made it a popular choice for malicious actors. This particular instance was of interest to us as it was executed under the guise of the Apple-developed video editing software, Final Cut Pro. Further investigation revealed that this malicious version of Final Cut Pro contained a modification unauthorized by Apple that was executing XMRig in the background. At the time of our discovery, this particular sample was not detected as malicious by any security vendors on VirusTotal. Since January 2023, a handful of vendors have detected the malware. However, many of the malicious applications continue to go unidentified by most vendors.

Adware has traditionally been the most widespread type of macOS malware, but cryptojacking, a stealthy and large-scale crypto-mining scheme, is becoming increasingly prevalent. Given that crypto-mining requires a significant amount of processing power, it is likely that the ongoing advancements in Apple ARM processors will make macOS devices even more attractive targets for cryptojacking. While cryptojacking itself is not a new concept, this particular variant employs some novel tactics.

This malware makes use of the Invisible Internet Project (i2p) for communication. i2p is a private network layer that anonymizes traffic, making it a less noticeable alternative to Tor. This malware uses i2p to download malicious components and send mined currency to the attacker’s wallet.

While searching for other examples of malware that use i2p routing, we found that the techniques of this sample were similar to those reported by Trend Micro in February 2022. Despite the similarities, there were still discrepancies and unanswered questions, such as why this particular sample went undetected by all vendors on VirusTotal, even though the malware family had already been documented.

In their report, Trend Micro speculated that the Mach-O sample may have arrived in a DMG package for Adobe Photoshop CC 2019. However, they were unable to find the DMG itself. Given that we were seeing a very similar scenario play out with Final Cut Pro, we also wanted to identify where this malware was coming from.

In an attempt to pinpoint the source of the malware, we turned to a Pirate Bay mirror and searched for torrents of Final Cut Pro. We downloaded the most recent torrent with the highest number of seeders and checked the hash of the application executable. It matched the hash of the infected Final Cut Pro we had discovered in the wild. We now had our answer.

We observed that the torrent was uploaded by a user with a yearslong track record of uploading pirated macOS software torrents, many of which were among the most widely shared versions for their respective titles:

After a thorough analysis of the torrent upload DMGs, we discovered that the uploader was the source of the malware we found and also confirmed it to be the source of the previously reported samples. Furthermore, we found that virtually every one of the dozens of uploads that began in 2019 was compromised with a malicious payload to surreptitiously mine cryptocurrency.

This discovery presented a rare opportunity to trace the evolution of a malware family. What started as a rudimentary and conspicuous scheme had iterated through three distinct stages of evolution into something with creative evasion techniques. As far as we could tell, only samples from the first generation of this malware family have been reported on.

Our findings were made even more significant by the ability to trace the timeline of when the samples entered circulation in the torrent community, when they started being submitted to VirusTotal, and when vendors started to successfully detect the different stages of this malware. This provided valuable insights into the progression of the malware and its evolution and allowed us to better understand the tactics and techniques used by those behind the malware.

Life, uh… finds a way

As we mentioned, our Final Cut sample was evading AV detection while the samples previously reported were being detected across the board. Having found the direct source of this malware, we had the luxury of directly comparing the samples. We observed clear delineation points where the samples started to use new obfuscation techniques. Many of these techniques were not present in the first-generation samples that were previously reported on.

So, what changed?

The first-generation samples used the AuthorizationExecuteWithPrivileges API to gain elevated privileges, which were needed to install the Launch Daemon for persistence. However, this process involved a conspicuous password prompt stating that the application needed to make changes. Later first generation samples changed to a user Launch Agent, which would not require the conspicuous prompt. However, the second-generation samples that began to appear on the Pirate Bay in April 2021 had no traditional persistence methods, such as Launch Daemons or Launch Agents, that were observed. Instead, the malware seems to rely on the user launching the application bundle to start the mining process.

Later variants of the malware mask its malicious i2p components within the application executable using base64 encoding. We compared the third-generation pirated Final Cut Pro to a genuine copy and observed that it was significantly larger, weighing in at 11.9MB compared to the standard 3.7MB. This is due to the presence of two large base64 encoded blobs and shell commands within the application executable.

Just Push Play

When the user double-clicks the Final Cut Pro icon, the trojanized executable runs, kicking off the shell calls to orchestrate the malware setup. Contained within the same executable are two large base64 blobs that are decoded via shell calls. Decoding both of these blobs results in two corresponding tar archives. One contains a working copy of Final Cut Pro. The other base64 encoded blob decodes to a customized executable responsible for handling the encrypted i2p traffic. Once the embedded data has been decoded from base64 and unarchived, the resulting components are written to the /private/tmp/ directory as hidden files. After executing the i2p executable, the setup script uses curl over i2p to connect to the malicious author’s web server and download the XMRig command line components that perform the covert mining. The version of Final Cut Pro that is launched and presented to the user is called from this directory and eventually removed from the disk.

  1. User downloads and double-clicks application bundle
  2. Trojanized executable runs
  3. Working base64 encoded Final Cut Pro executable extracted
  4. Base64 encoded i2p executable extracted and disguised as mdworker_shared on execution
  5. The Miner executable is pulled from the command and control server
  6. Mining begins disguised as mdworker_local process

Gaslight

All of this rapid staging on the launch of the application bundle is handled by the series of shell calls embedded in the malicious binary. We observed three different iterations of this shell setup loop. The earlier iteration was less involved and existed in a fairly readable format when dumped via the strings utility:

In the later iterations, the script has been converted to an oversized one-liner. This longer script also handles building the configuration file settings for the miner:

The bash loop in this malware has a distinctive feature that was iterated on, but first appeared in 2019 samples. Despite our condemnation of the actions of malware authors, it’s hard not to be intrigued by the clever use of the following commands:

(APID=$$;(while true; do sleep 3;(pgrep -x 'Activity Monitor' > /dev/null) && break;done;); [ \"$I2PD_PID\" != \"\" ] && kill -9 \"$I2PD_PID\" > /dev/null 2>&1; [ \"$PIDW\" != \"\" ] && kill \"$PIDW\" > /dev/null 2>&1; [ \"$PID\" != \"\" ] && kill \"$PID\" > /dev/null 2>&1; pkill \"._${r_nme}\"; pkill \"._${r_i2}\"; kill \"$APID\" > /dev/null 2>&1;); exit) & echo $! > \"/tmp/i2pd/._pid\");

The script runs a continuous loop that checks the list of running processes every 3 seconds, looking for the Activity Monitor. If it finds the Activity Monitor, it immediately terminates all of its malicious processes. As a result, if the victim notices that their CPU is running hotter than normal while unwittingly mining crypto for the attacker, and opens the Activity Monitor to confirm their suspicion, the malware stops its activity and hides until the next time the victim launches the application.

In the third and latest generation of the script, we found a deceptive technique more commonly found in Linux malware. The script uses the built-in bash command exec with the -a flag to launch malicious processes. The -a flag enables the setting of a custom name for the process, which appears in the output of commands like ps aux. To blend in with the other running processes, the malware author chose to set the process names to the paths of mdworker_local and mdworker_shared, which are the names of legitimate service processes related to the Spotlight feature. This makes it more challenging to notice the malicious processes and is yet another evasion technique employed by the malware. Nothing to see here!

Ventura Raises the Bar

As we described previously, the later iterations of this malware stopped relying on launchd for persistence and instead relied on the user launching the pirated software to initiate the miner. This approach allows the malware to steal CPU time for the duration of the active session and provides a high degree of stealth. However, this strategy’s success depends on the software’s regular launch by the victim.

In macOS Ventura, Apple has introduced security improvements that pose a new challenge to this approach. The more stringent codesigning checks in Ventura verify that all notarized apps are correctly signed and have not been modified by unauthorized processes, even after the first launch. This is an improvement from previous versions of macOS, where Gatekeeper would only validate applications during their initial launch and would regard the file as trusted once it was successfully launched.

image:alt_text

In this case, major torrent clients on macOS (namely Transmission and uTorrent) do not apply any quarantine attributes, thus bypassing the validation checks on a macOS Monterey system. However, on macOS Ventura, despite the lack of quarantine attributes, the modified version of Final Cut Pro failed to launch and we received an error message. This was because the malware left the original code signing intact but modified the application, thus invalidating the signature and failing the system security policy. The ongoing checks in Ventura make it more difficult to bypass this validation, unlike in previous versions where sidestepping it was possible by avoiding or removing the quarantine attribute.

On the other hand, macOS Ventura did not prevent the miner from executing. By the time the user receives the error message, that malware has already been installed. It did prevent the modified version of Final Cut Pro from launching, which could raise suspicion for the user as well as greatly reduce the probability of subsequent launches by the user.

One More Thing…

Before we declare this malware family DOA with the Ventura security updates, it must be noted that this error message was only seen on the pirated versions of Logic Pro and Final Cut Pro (both are Apple titles). At the time of writing, the pirated Photoshop uploaded by wtfisthat34698409672 still successfully launches both the malicious and working components on the latest version of macOS Ventura 13.2 and earlier. This seems to be due to a minor difference in how the executable in the working copy of Photoshop is called compared to how the Final Cut and Logic Pro executables are launched. These could likely be restored to working order with minor adjustments from the malware author.

Epilogue: The Danger of Pirated Applications

Pirated software delivered over peer-to-peer networks makes for an ideal malware delivery mechanism for multiple reasons:

1. Until macOS Ventura, file quarantine was a keystone piece in the macOS malware strategy. Applying the quarantine attribute to downloaded files has historically been an “opt-in” affair and major torrent clients willfully opt out of applying the quarantine attribute to the files they download, thus eliminating one of the biggest security hurdles for malware authors.

2. For any remaining hurdles, the malware author has an unwitting collaborator in the user that downloaded the pirated application. The user has a strong potential to be coaxed into manually disabling other security features, like Gatekeeper. Take for example this text from the README.txt :

If you have issues with image (annoying image/application is damaged messages pretending you cannot open things) run in Terminal: sudo spctl --master-disable

(Note: this command is used to entirely disable Gatekeeper functionality. Consider that there is no follow-up instruction for re-enabling it.)

3. There is also a psychological component. The user knows they are doing something illegal, and it is not surprising when Apple’s built-in security prevents them from running pirated Apple software. Furthermore, if the user eventually suspects that they may have inadvertently run malware on their work computer, they are far less likely to explain what actions took place to anyone in the Security or IT departments.

Jamf Protect specifically reports on whether Gatekeeper has been disabled on any endpoints.

image:alt_text

All known versions of this malware family are detected and blocked by Jamf Protect Threat Prevention.

Discovered malware samples were shared with Apple. As of version 2166, XProtect signatures have also been updated to defend against this threat.

IoC’s

Universal Binaries

c19e78df3b3462064b9d78bc138674a7e8df28c7

7628d90cfd311bfd4997729a232ca77a6d443619

62ed66c1835ef5558ce713467f837efde508d5e4

69fd812cf3760dc3dff5d41972cc635de9a0844d

53fd50b23372a73e74e7cdc370f51ac560a1130f

c56046c322316233d23db034670496756a6942fe

d510b4c602404767f9ef75f5a48017d2b3743c4c

bce251548798f159e99e71e68b65bbb4a9607296

6ee76d296abf8da0f98d23f545ba4aa7c69e8211

cea42a9b59cfa262453b508ea21d96f87bb793da

e99f8ec210b26270894f16fe9c43f1203c13fb32

bebe1ad82d595434c6ef529cb4f75f4937a04e5f

c10079ed5885c64c0da6302bc91adf5b293aef4c

140790186d0c60a604c5dd9f9d2c8dbc500da1c9

2defaf34319b6255db45c8bebf55d5095a41bed8

d86695fb9e56e03253503781f42f1069a5cc10d1

f6348b7b79e48b5d2c13b8aa560c795d7a2c21d8

278290e9b2517fa208bb019a0dc53a5a78995d84

cf685bb0fe5e078ea28a25a7cf8774b168787db4

96667da937efd370197fd94cc9a80b4fb3e8c153

2b28169bdaee62eaaec708a9fa245b1c1e6c0e29

325a470ec2ee3319f996723496689d052f3c3b47

a605e20250e66726a58699a2ae4f7264c8c2e4e2

3ab040271882eb6c3a028498c7469450610ef7b8

8ed83d6593bb0c7404f4571c91a4a80022088922

687ec2b7d79ed6f953c7f519044b7117d12bdafa

53bea5f857571d73b7b4a1f6db1edd340d453bca

68f4979c04b4753a9f275f29c00d4b260f4c2ec0

97fbb98f1ecbb2533204eca2967cf4117e388f22

8907721154fc4079f9fc68e58c0ca742ffc1c9af

89f2bb7f96317837514bbae70d47ac1e00626ac1

5e4792e459f1107cf83ce3293141f9ba3026b015

95f71894eec20f9727ff1311ad078de38ae4e774

2ae591a3e14d77a9bc077fe61712c6b77f71fc11

DMGs

b5dd15e765ed5839a7d2c16c50e6cf3334c4b894

3a714063188b24f0392c163d7910be00216a5f04

a72b548ca570d8c74ed4c465716c4e37328f9bc1

f35bddfbb82ae1b137cbd454bc18f2b859cc5882

c5b34662f22f35f3995144b24015309bbe318cd9

7da20852d79f7443b88449e8ed18e092c2aaa3bb

699da2b8d35f344121d93a74adf89349d3c8d922

11e4f795551e6db0fe9a9c52eec35f134b089478

7312b319b84be6bde845b10ea61619c33473f784

5aae6e00b3ab0b32a8c75a2952674d7665b3f705

6b987ffc3fd6a2bcfb931426be4118cd943737da

c64c21d2e08cb8a28e31c4d883a1e75fd1c7851b

0e73071ceb9d2481361777b33b8443ec0acb0793

ebd417f4ab9e7bb6deaacab9de1611df67908317

8e4dff96e1740764d60fbff8cfae8c673f1a7a3f

828fb69b80e60de6f6206fd63b496cc0923082f4

11ee7a59ecd287628ff251b435777f6d4429e40c

05b7e1864b7b570a339c8072830cdd9bcbf21d1a

eb3a1808bd24026314bec69caadbc882f1976982

cc9afb9efea37aee31cd74fb064de4b732fb84b3

c8d230830d0912236c48c31ad11b93707088ce9f

0cc8e03a08baa73379ac6c55cbb18fa78b87923d

4f0ba59e2ee80ff854bca33944f825d4c8cfe23e

163d9ce53deadd54ad50d7d0120b5db550724689

33d79b8ee94f7bd0a542863cd5a8926d8e0263d9

048a93a696f1bf0bdf6f6e3506d65d21a4a9f681

d4d1c97c5803162e452c79811d61e1487c9cfe62

9e387d79fd6412715a5a4bca02b7e27a08299c4b

dfcf0b6af4593f32060176768164702f45cb556b

e857a9c520402ccc6abe3244c1e93ac9e2a6ac3d

e857a9c520402ccc6abe3244c1e93ac9e2a6ac3d

5eb0e95aa6cc68ec05103561b02d38d4f69e4980

c222fe1be761f05c665c40c14781e40f97460569

c3d062bc3fa3b4ecfc68e69a7dc26d9e0ac56538

901a08aa9996fa95e4a844c24eb7b81da0b52923

9e04ca30e6ae20e8d2bbf2772a93145bd4b5b8c6

90835a1173e9ed414e8240d0e14acb13f73f642f

be30f974111ad50312f654db9e040c6ab99d054c

b48927641b53e363d7183fe7faaaa7be8b01cec9

PKGs

cedd8f8ae61dc47130c34b39d9795083cc90ac1f

Bash Scripts

fbdf0af70f95d3c87cf8bcacc2d6673d9ccd4620

8701f8b0aeb2c66298eb1b4297d98664f8c1f1b9

5b304a1da9f56e8ffdfb68940fdd0bc2887d2eb9

ecffd9553c67478a55f7303f6cadf356101f9216

80f2682d60303ea9098444a35cb35e697ae18187

638ef84a29c747419027c306833d6420d351b244

 

Jamf Threat Labs is comprised of experienced threat researchers, cybersecurity experts and data scientists, with skills that span penetration testing, network monitoring, malware research and app risk assessment primarily focused on Apple and mobile ecosystems.

 


AI + ML: what it means for IT and InfoSec

Month: February 2023

Author: February 21, 2023 by JV

Source: https://www.jamf.com/blog/ai-ml-what-it-means-for-it-and-infosec/

We continue the AI and ML-focused series with this third and final blog that places the two front and center. Not just that, but both technologies are compared and contrasted based on how they impact information technology and security and some of the critical roles that are defined within each department.

Does AI spell the end of IT by being able to manage itself? How about ML, does its inclusion undermine the need for human security professionals to triage and remediate incidents? While the answer to those and similar questions varies on a multitude of levels, the short answer is: probably not.

This is not a slight to either human professionals or the prowess of the advanced technologies, but rather to say that there is still much more that we can collectively learn from one another as you’ll no doubt see below. Furthermore, some technologies aren’t as fully baked at this point in time, referring to known issues that will undoubtedly work out over time but as they exist today are better suited to augmenting existing teams and enhancing processes.

But first, let’s have a brief recap of AI and ML.

AI recap

The first blog in this series answered the question “What is AI?” while providing a clear explanation of what artificial intelligence isn’t. It also dove into the cybersecurity space to highlight the benefits organizations are gleaning by incorporating AI-based solutions into their security strategy to identify and thwart novel threats to their security posture.

ML recap

Next in the series, we answered the question “What is ML?”, a subset of AI known as machine learning. In the second blog, we explain the similarities and differences between AI and ML – and yes there is clearly a difference – while discussing some use cases for implementing endpoint security that includes ML to discover zero-day attacks, provide deep insight into endpoint telemetry data and automate tailoring of protections against threats on the fly to name a few.

Impact on information technology and security

It’s a fairly safe bet that most advancements in technology impact the custodians tasked with managing the devices that access and interact with data – as well as their respective security. AI and ML are not exempt from this, with both technologies actively being included in several ways that benefit a variety of tasks performed by IT and Security teams.

But does better include making life easier for various stakeholders or will the inclusion of AI/ML spark the flame that will detonate the careers of IT and Security professionals worldwide?

Anything can happen, surely. But as Mark Twain said best, “the rumors of my death are greatly exaggerated.” In this case, the state of the union sees great promise for information technology and security professionals currently working, as well as prognostications continue to bode well for those seeking to get a role in IT and InfoSec for the foreseeable future.

Still, anything can happen, right?

Right. So, let’s look at five of the top IT and Security roles – applicable to any industry – to see just how they stack up against AI/ML to gain a better understanding of how these advanced technologies really impact the persons in these roles.

Software Developers

Application and services developers are crucial to the security posture of organizational devices, data and the overall health of the infrastructure. Put simply: if the software is developed using outdated security protocols – or devoid of them entirely – then security on many levels suffers greatly. This extends through all processes and workflows making it much harder to protect against threats and attacks from bad actors.

One of the greatest concerns is that AI can write effective, secure code, seemingly eliminating the need for seasoned devs. For example, ChatGPT has been used to cobble together complete neural network code or a Javascript function. But can it be relied upon to take over development in a full-time capacity?

Some would argue no because, unlike humans, AI cannot fully comprehend nor ask the requisite questions to fully flesh out what a customer is looking for in a solution. Furthermore, many development roles from entry-level to senior levels require a mix of both technical knowledge and communication skills alongside a clear understanding of the software development lifecycle (SDLC). Mid-to-senior roles often find themselves managing teams of coders and programmers, requiring greater communication skills as well as project management, clear understanding of how apps are developed and how they function in real-world environments and the ability to maintain impeccable documentation relating to developed solutions.

AI may not be ready to tackle such dynamic roles that often require a subtle understanding of human traits and communication that is both direct and indirect – sometimes even unspoken. On the flip side, AI is more than capable of performing code reviews, vulnerability scanning with vulnerability prioritization and even aiding in the development of code, with such tools as GitHub Copilot, which is based on the OpenAI Codex. This cloud-based plugin was developed by GitHub and OpenAI works by autocompleting code right from within your integrated development environment (IDE).Among the assistive features are to:

  • Generate solutions to programming problems
  • Describe the input code in English
  • Translate code between supported programming languages
  • Converting comments into runnable code
  • Autocomplete chunks of code, methods and/or functions

Systems Administrators

Managing devices, applying patches and generally ensuring that users remain productive on the devices they’re using for work – and able to access organizational resources securely with little to no interruption is the crux of the sysadmin’s role. Sometimes IT’s function is separate from the Security team, other times they are one and the same, depending on the organization’s structure.

That said, the role often sees admins dealing with a lot of moving parts. Some of it requires technical skills, others require soft skills – but all necessitate a clear understanding of the tasks and how they impact stakeholders at all times. Failure to do so may result in downtime, loss of data and just as important, potential loss of revenue.

Solutions like mobile device management software have yet to fully incorporate AI or ML into their codebase, but many solutions have implemented automation to significantly aid IT in their quest to manage an ever-expanding list of device types – both personal and company-owned. These automations can also be extended by integration with other solutions, like endpoint security to further address incident response and remediate identified threats. But still, the workflows, even automated ones, are not typically tied to AI/ML, leaving SA as a largely “human-managed” role.

Security Analysts

The Swiss army knife of the InfoSec world! From actively monitoring endpoints for threats to upholding best practices, implementing secure processes and workflows to reviewing and analyzing reports to managing any number of security controls on and off the network. Security Analysts, depending on the organization’s requirements for that role, could potentially be responsible for any number of tasks related directly to the security posture of the organization.

Regardless of how broad or granular your role may be, there are a number of functions that can be addressed through ML technology. This is not an endorsement that ML should be used to eliminate the human component from this role, but rather to identify some of the crucial tasks that ML has proven to handle quite well – and in some cases – far better than its human counterpart thanks in no small way to the increased productivity capability of leveraging computing resources to make short work of tedious tasks, such as:

  • Proactively monitor endpoints and networks for anomalous behaviors
  • Respond to detected incidents in real-time
  • Correlate telemetry data and review reports to identify threats
  • Dynamically assess endpoint health and network traffic, adapting protections on the fly to fortify protections
  • Perform threat hunting using multiple resources to identify and prevent both known and unknown threats and risky behaviors
  • Integrate with other solutions to automatically remediate compliance issues
  • Provide a holistic solution that comprehensively protects as it learns from deviations to baselines, heuristics and comparative analysis and normal business operations

In this space, ML can perform a lot of the heavy lifting. Not all perhaps, but quite a significant amount. That said, computers aren’t perfect – neither are humans for that matter – but when computers can and inevitably break down, humans are still required to perform these tasks. Not to mention that, like the other roles mentioned here, IT and Security-related roles require something of a human touch and understanding…that’s something that even the most sophisticated AI/ML architecture available today simply cannot replicate.

IT Auditor

When it comes to compliance, auditors are called upon to verify that systems, software, hardware, data and users are all operating within the parameters required of the regulatory governance that guides the region, industry and/or organization. More specifically, they are there to prove that each process and workflow – and everything tied to or that uses them – are compliant.

For regulated environments, compliance is table stakes to business continuity. Without it or worse, should they fail to meet compliance requirements, the consequences could be dire for the organization and/or its stakeholders.

Hence why the criticality of getting compliance right also requires the human touch. Not that computing systems and advanced technology like ML aren’t leveraged to ensure that endpoints are aligned with policies but that they also remain that way. In the event that an endpoint falls out of compliance, policy-based management executes to mitigate the risk, bringing the affected endpoint(s) back into compliance.

Many ML-based solutions are aligned with frameworks that support multiple compliance initiatives. This is a tremendous help for IT when ensuring compliance remains top of mind for all required processes, workflows, functions, users and equipment. But at the end of the day, a human is responsible for maintaining this assurance, stepping in when something slips past the layers of security to mitigate the risk manually and to interface with third-party auditors performing assessments of an organization’s compliance with regulations.

Digital Forensics Examiner

Investigating cyber crimes and gathering digital evidence lies at the core of the computer forensics analyst roles. Following the trail to figure out how bad actors penetrated an organization’s defenses, identifying what they took and how are some of the key requirements of this job.

It requires technical and security knowledge, criminal and legal awareness and a healthy dose of programming won’t hurt either. Another requirement: the investigator must be a human. Even though a majority of the investigative work revolves around technology and specialized software is used on dedicated computers to gather, store and analyze forensic evidence, the role (as of this writing) requires a highly trained and authorized individual, like a certified examiner or member of law enforcement to not only find evidence of crimes but also may be called upon to testify in a court of law to validate their findings – a critical function neither AI nor ML are legally able to provide.

Interested in finding out more about the future of AI and ML-based technologies?

Specifically, how they can be leveraged to enhance your cybersecurity defense-in-depth strategy and strengthen your organization’s security posture.


Supporting UDL with Apple technology

Month: February 2023

Author: February 21, 2023 by MatP

Source: https://www.jamf.com/blog/universal-design-for-learning-apple-technology/

What is UDL?

Universal Design for Learning (UDL) is an approach that supports all learners in the access to and sharing of learning. At its core, UDL is an approach that looks to utilize a variety of teaching and learning methods, so that all learners benefit in a way that helps them achieve their best. The Office of Educational Technology talks specifically to funding that supports the development of UDL.

Rather than a fixed pedagogy, UDL looks at developing approaches that enable learners to access content and share their own learning in a variety of ways.

Now this may sound like supporting specific needs, but it goes beyond that to meet ALL learners needs, not just react to the needs of specific students.

Accessibility is not just about supporting individuals, but about access for all.

The Cambridge dictionary has two definitions for accessibility:

“The fact of being able to be reached or obtained easily”

and

“The quality of being easy to understand”.

With this as a starting point, what is the impact on education and classroom practice?

We often use the term differentiation in schools to determine how we meet the needs of learners. Tasks are differentiated to meet students’ general needs, made easier to understand for those that need it, or providing extension activities for those needing more challenge.

With UDL, the design of the learning takes into account the different approaches a student might choose to take. Technology can play a huge part in supporting both the teacher and the learner in designing these new approaches.

The challenge in the classroom

Often differentiation is done in groups, where traditional “lower ability” learners get additional support.

Accessibility is about providing opportunities for the learner to both access the learning AND share what has been learned.

For example, consider a child who has difficulty reading. There could be a number of reasons why they are struggling – age, new to the language, dyslexia, and so on. If we provide them with written instructions to direct a task, they instantly struggle to access the activity. This is very different to them struggling to do the activity by the way, the only barrier apparent at first is that they can’t read what they have to do.

So a solution might be to tell them what to do, this way hopefully they understand the verbal instruction. The problem though, is that they only get that bit of information once, whereas the students with the written instructions can check multiple times. Therefore although it looks differentiated, it isn’t equal.

Let’s look at another example.

A child is asked to share what they have learned about the Battle of Agincourt. The task is to create a presentation and present it to the class. But what if one of the students in the class (usually more than one by the way) is an introvert? The idea of presenting in front of a group is way outside their comfort zone, and although they know a great deal, they feel so uncomfortable that they don’t present it well or show everything they know.

A solution could be reading off their slides instead, that way they don’t miss anything. The problem though, is that they are not creating a very effective presentation. They also aren’t presenting it in an effective way, so the task really doesn’t develop anything, other than cementing a fear of talking in front of people.

Both examples are not only true, but also happen in classes every day. They are not designed to cause learners to fail, but often result in that outcome.

So how can technology help?

In scenario one, if verbal instructions support the learner, why not record the instructions alongside a visual demonstration of the task? It’s simple to use either iPad’s built-in screen recording or voice notes functions, or perhaps even more advanced tools like Showbie’s verbal feedback on documents. That way the learner can see what is being asked as well as hear the instruction. It also means that the learner can replay the instructions as many times as they need. A further advantage is that they are hearing language being used alongside a visual representation of what is being talked about, further helping develop their language skills.

From the teacher’s point of view, the additional work is limited, because they already give the instruction verbally and no doubt model it in some way visually. Doing this with technology means it is easier to replay and essentially, save teacher time.

In scenario two, what if the learner had to create a verbal presentation, but it didn’t need to be ‘performed’ live? By using iPad’s screen record function, or a tool like Clips to create a voiceover or other elements, a learner can create a presentation, adding a voiceover that explains the slides, which is exported as a video to be shared to the class. The learner is completing the task in the same way, but technology has provided a way to overcome the initial block of standing in front of the class.

Choice is a powerful learning tool, empowering students to work in a way that supports them. Using Jamf Teacher can effectively support learners and teachers by providing clear pathways to allow learner choice, without overwhelming them with unlimited options. Simply removing distractions of unneeded apps on the device, giving access to supportive content through the internet, and directing access to ask for more help, without making it obvious to the rest of the class, can have a huge impact on individuals.

These are simple solutions that use very basic accessibility tools to support learners, and in these cases supports ALL learners, regardless of their additional needs.

This is just the tip of the iceberg when you start to explore how technology can support learners. When you utilize the opportunities that technology provides, you start to see what learning can really look like. The important thing is to look at what you are actually trying to develop in the classroom, what is the learning intention?

If it is about developing handwriting, then that’s the focus for the output, but if that’s not the focus, what alternative ways can learners engage in the information and share what they have learned? Video, drawings, music, acting, paintings, photography, the list is endless. When you reconsider what ways a learner can show what they have learned, you provide equity to the learning.

Tools helping teachers, supporting learners

Now let’s look at how instructors can support learners.

We have already explored how the use of video can support transfer of information and the option to replay and so on. From an assessment and feedback point of view, audio feedback recorded onto work, or even video feedback so they can see exactly what is being referred to, will make feedback and assessment more personal and meaningful. It also allows for feedback to be more instant and as a side effect, reduce teacher workload.

The use of technology in the classroom goes beyond learning design as well. Even before teachers start to redefine their learning and teaching, learners using technology have the option to make it easier to access learning. In iOS for example, there are a whole suite of accessibility tools that can be utilized by the learner to make learning more accessible.

Using the speech to text and text to speech functions as highlighted in the activity below, clearly shows how accessibility can support learning.

Let’s say I have asked the students in my class to write something descriptive about a photo we are looking at. Verbally they are all capable of using some very descriptive words and phrases to identify what they can see in the picture. Then I ask them to write it down. BLOCK. The students that struggle to spell are instantly disadvantaged, and end up using words that they know how to spell rather than the more descriptive words that they can’t spell.

So how about if we use the speech to text function instead? Rather than trying to write the tricky descriptive words that they undoubtedly know, they say them into their iPad. The speech is then transformed into text and the students can now see how the word is spelled.

In addition, students can highlight the text and allow the iPad to read back the sentence they have just devised, thus checking if punctuation is needed. This whole process not only develops greater skills, but also enables students to show what they know and also enables them to review their work.

This really is just scratching the surface of possibilities, but it does show the impact that technology can have in supporting learners and ensuring that there is a more equitable approach in schools.

What tools can you use that help ALL learners achieve? 

Sign up for Jamf School


Jamf releases Jamf Pro 10.44

Share me

Month: February 2023

Jamf Pro 10.44.0 is now available which includes the following features.
  • You can now customize push notifications to end users when an App Installer package has an available update and the app is open on the user’s computer.
  • Jamf Pro now provides additional functionality, transparency, and reporting capabilities for managed software updates by MDM commands for both computers and mobile devices.
  • Payload lists for Computer and Device configuration profiles are now alphabetized and searchable!
To see all the new features and changes check out the release notes.
https://learn.jamf.com/bundle/jamf-pro-release-notes-current/page/New_Features_and_Enhancements.html

Ready to manage your Apple Devices with Jamf Pro?

Start Trial

Top security priorities: identity and access controls

Month: February 2023

Author: February 16, 2023 by HH

Source: https://www.jamf.com/blog/top-security-priorities-identity-and-access-controls/

If you wanted to break into Edna Mode’s house, you’d have to get through her security system: a handprint scanner, a passcode, a retinal scanner and voice recognition software. And her drop-down machine guns too I suppose. While maybe a bit extreme, Edna is actually following NIST recommendations for multi-factor authentication, which suggest having two or more of the following:

  • Something you know (like password or PINs)
  • Something you have (like a cryptographic identification device or token)
  • Something you are (biometric information)

Access control is a key concept in cybersecurity—it’s critical for securing your data and systems. Making sure only the appropriate people have access to your company data can be tricky, and involves a variety of tools and procedures. In this blog, we’ll go through some key access controls to consider implementing in your organization.

Device management

The very beginning of identity and access control is knowing what devices are associated with your organization. Mobile device management (MDM) and enterprise mobility management (EMM) solutions—together known as unified endpoint management (UEM)—allow you to:

  • Keep close records of who has what device
  • Know device information and compliance status
  • Determine what applications each user can access
  • Enforce password policies
  • Wipe or lock lost or stolen devices

UEM also simplifies device inventory when you implement a bring your own device (BYOD) program. User-initiated enrollment means people who need to access your resources can do so conveniently with their own device, while IT and Security teams can rest assured that company resources are being accessed by approved personnel.

UEM helps app deployment by pushing app installations onto user groups or by providing an approved app catalog for users to install as needed.

Zero-touch deployment

Access control with your endpoints begins at deployment. Ideally, the only person who needs to use their device is the user associated with the device’s primary account. Zero-touch deploymentachieves this by including automatic configurations on the devices before it’s shipped directly to the user. This means that the employee, regardless of their proximity to the office, can be automatically enrolled with their company’s MDM right after the employee removes it from the shrink-wrapped box. Conveniently, their devices already include the configuration profiles, security and software necessary for them to get to work quickly. Because of this, and the minimal need for IT intervention, everyone can focus on higher priorities and stay productive.

Account management and authentication

A key requirement in access control is good account management. This can look like:

  • Requiring multi-factor authentication (MFA)
  • Centralizing account access through a directory service or single sign-on (SSO) provider
  • Creating access granting and revoking processes for onboarding and offboarding
  • Enforcing password policies with unique passwords

When creating user accounts, roles should be strictly assigned with the least privilege needed to get their job done. And using cloud identity providers can enforce your password policies for simple SSO that removes the need for users to remember and manage passwords for many accounts. These providers’ MFA ensures that account credentials are only authenticated when user identity is verified.

Zero Trust Network Access

Locking down access to company resources can no longer rely on your company’s network perimeter—employees are working from unsecured networks everywhere. Zero Trust Network Access (ZTNA) creates secure access microtunnels from employee devices to business apps on demand, as long as the user and device successfully prove their identity. Unlike VPN, ZTNA checks verifies identity each time the user requests access to an app instead of giving holistic access to the company network. ZTNA’s least privilege access makes it more secure than VPN, preventing lateral network movements and man-in-the-middle attacks.

Key takeaways

  • Mobile device management simplifies keeping track of device inventory and user accounts
  • Zero-touch deployment and user-initiated enrollment into your MDM streamlines employee access to company resources securely
  • Cloud identity providers, MFA and SSO make account authentication simpler and more secure
  • ZTNA’s strict identification process adds another layer of security

Get in touch with us


Jamf Safe Internet protects everywhere that students learn

Month: February 2023

Author: February 17, 2023 by JL

Source: https://www.jamf.com/blog/jamf-safe-internet-students-learn-safely-everywhere/

Prevention over inspection balances safety and privacy

Designed to help schools protect minors from harmful content on the internet, Jamf Safe Internetallows school admins to keep students safe online with a “prevention over inspection” approach to student and user privacy.

“With technology now firmly embedded in the student experience, there is a growing need for digital safety to eliminate cyberattacks and prevent students from accessing unsafe content. Jamf combines best-in-class network threat prevention and a vast content-filtering database to block unsafe and malicious content so that students can safely learn online from anywhere.”

— Senior Director of Education Strategy Suraj Mohandas, Jamf.

Why schools use content filtering to keep students safe

Some might think that content filtering is fairly straightforward: assemble a list of sites that contain inappropriate or dangerous content and ensure that students have no access to them.

But it’s more than that. Smart filters and continual research can prevent access to self-harm sites, threats, cyberbullying (cyberbullying has been linked to suicide) and more. So it’s not just about preventing inappropriate images, keeping students from distractions, or safe YouTube for schools. it’s about caring for the mental health of students, and for their safety.

So how does such a sophisticated school web filter actually work?

Jamf recently acquired Wandera: a content filtering provider with a long pedigree of protecting users in government, healthcare, and enterprise. Jamf Safe Internet is underpinned by this technology and expertise.

The power behind Jamf Safe Internet

We use our own vetted database to classify domains into categories. We keep this database up-to-date in a few ways:

  • Through integrations with partners like the Internet Watch Foundation (IWF) and UK Counter Terrorism
  • By buying new URL lists when adding a new category
  • With machine-learning models that automatically classify domains into categories when the confidence level that the site is inappropriate is above a certain threshold
  • Through a team of data scientists and analysts responsible for vetting domains that are in question that continually check that already categorized domains are accurate
  • Giving admins the ability to block/allow a specific domain in the console or request a reclassification from the Safe Internet Dashboard

Who can use Jamf Safe Internet?

New to Jamf Safe Internet: Chromebook filtering.

Jamf Safe Internet protects any student using a MacOS, iOS, iPadOS or ChromeOS.

Seamless integration with Jamf device management

To deliver this powerful content filtering capability simply, Jamf Safe Internet integrates seamlessly with Jamf School. Jamf Safe Internet can be deployed to an existing fleet, or built right into the zero-touch deployment workflows school admins know and love. This means your students have a safe and secure learning environment everywhere they learn— from the moment they unbox their devices.

Already a Jamf Pro customer? You can integrate your instance with Jamf Safe Internet as well— through UEM Integration in settings.

Customized content control in one click.

With Jamf Safe Internet, you have the option to dive right in and create the perfect policy payload for you, all within the Jamf Safe Internet Portal.

Although Jamf Safe Internet gives you the ability to customize granular policies, admins can also select easy, pre-defined rules that quickly set your policy to get started.

  • Safe Internet configures your policy to block content that is non-compliant with regional child internet safety regulations. This includes Adult, Extreme, Gambling, Illegal, Third-party proxies and Tobacco site categories.
  • High Bandwidth blocks content that consumes a large amount of data. This includes audio and video, social media, gaming, and cloud and file storage.
  • Unproductive Content blocks social media and gaming to keep your students focused.

If an IT admin does want to fully customize the experience, they can expand each category and see what is blocked by default. For example, if there is a need to allow or block a certain social media domain, it’s easy to do individually, based on your school’s rules. When you are done adjusting your policy, just hit Save and Apply. And this is just one example of the many categories Jamf Safe Internet offers.

It’s worth noting, Jamf Safe Internet’s categories are not just about content filtering. By default malware, phishing attacks and spam are blocked to ensure a high level of device security and student safety.

Customized policies

Each school has different needs and scope. That’s why you can add custom rules to your policy.

Similar to the content categories mentioned above, once these domains are added to the list, you can use the allow/block toggle. So, whether you are getting yourself started and ensuring you cover your bases with the quick pre-defined rules or you are customizing exactly as you need — Jamf Safe Internet’s lightweight, performant domain name system (DNS) technology allows you to create and customize as you see fit.

Setup. Deploy. Filter. Report.

Security professionals know that threat management doesn’t stop with protective tools. You need to understand the effects of your work and enable proactive measures to adjust. And you’ll want thorough reporting to keep track of it all.

We believe that privacy is an important right for everybody: especially students and children. Our “privacy over inspection” approach allows schools to help children be safe on the internet without invading their privacy. Reporting on Jamf Safe Internet is clean and effective, offering two levels of details: Site and Category Usage reports for blocked URLs, and a Security Report for malware and malicious threats. Now you can understand your device usage and monitor the effectiveness of what you have put in place.

Jamf Safe Internet allows students to learn fearlessly with safe, private connections everywhere learning happens.

And that’s Jamf Safe Internet. Designed to bring powerful, easy workflows to wherever devices are used, allowing students to learn fearlessly with safe, private connections everywhere learning happens.


Misconceptions about mobile BYOD

Month: February 2023

Author: February 15, 2023 by HCW

Source: https://www.jamf.com/blog/trust-and-transparency-key-to-successful-bring-your-own-device-byod-program/

What is BYOD?

According to Zippia, 75% of employees use their personal cell phones for work.

A BYOD (Bring Your Own Device) program allows employers to offer a “bring your own phone” (or laptop, or tablet) to work option— wherever that work might be.

That’s where Jamf can help. Jamf BYOD provides organizations the ability to manage and secure corporate apps, resources, data, and business connections— while protecting employee privacy.

Worried about BYOD issues?

You aren’t alone. Until recently, company device management has been complete. Most users are only aware of MDMs that fully manage devices, and it’s sometimes difficult to wrap your mind around a device that is only partially managed.

You may worry about an inability to use common apps, or that the company’s mobile device security might slow your machine. IT might be worried about being unable to push necessary device/app configurations out to employee-owned devices.

Although it’s easy to see how some of these myths got started, with the right BYOD plan in place most of these worries are unfounded.

Let’s put those worries to rest!

Myth: BYOD allows company control of your device.

Myth busted: a good BYOD solution such as Jamf BYOD completely segments a device so that what is business stays business, and what is personal stays personal. Employee devices are partitioned into two containers (called “volumes” when it’s an Apple), and employers only manage the work volume side— with no ability to interact with the personal volume.

With Apple products in particular, the ability to separate mobile devices into two volumes is built right in. Personal privacy is a top priority for Apple, and a top priority for Jamf.

Myth: Mobile BYOD means organizations can access personal data.

Myth busted: nope! Data, as well as apps, keystrokes, and any other digital forms are kept strictly in one volume or another: work and personal. While an employee’s tech works and acts like one cohesive device, they can’t even copy and paste between personal and work sides. Users can even take a close look at the configuration settings and controls before they accept them, and they can remove the device from enrollment when they wish.

Myth: it’s difficult to enroll BYOD devices.

Myth busted: Not with Jamf! Apple’s User Enrollment combined with Jamf BYOD (specifically designed to work with it) makes the process smooth and straightforward:

  1. Users enroll their personal device into Jamf Pro with a few simple clicks.
  2. Users receive a second phone number designated for work purposes, on the work-related volume only.
  3. Employers offer apps and access designed for the specific employee after enrollment, and through Self Service employees can download any additional apps they need on their own.

Myth: There are some serious BYOD security risks.

Myth busted: employers can secure company data, access and apps using Jamf Trust, and our Trusted Access model. This solution ensures devices are:

  • Protected from inbound threats
  • Compliant with a company’s security baselines
  • Able to report their activity to security analytics tools

Myth: BYOD puts an increased burden on IT.

Myth busted: in fact, administrators using Jamf Pro will experience little difference between managing employee-owned and company-owned devices. Jamf Pro manages all of them in the same way (on the right side of the machine), and Jamf Connect and Protect encrypt connections and protect company data and apps through the same interface.

So what should a BYOD program be?

BYOD solutions should bring the right balance of usability, security and privacy to personally-owned mobile devices used for work.

For these devices, organizations can manage and secure only the portion of the device that is used for work.

Jamf can securely power your BYOD program while also respecting personal privacy.

Discover how Jamf device management can help your organization.