Jamf move improves enterprise security and compliance for macOS

Enterprise device management company Jamf has acquired new tools from cmdSecurity designed to help business-using Macs make the platform even more secure and to protect compliance in regulated industries.

It’s yet another clear signal of the extent to which the status of Apple’s platforms in business has changed.

Securing the endpoints

Jamf has acquired various tools and technical assets developed by cmdSecurity, a company whose founder wrote the security guidance for the use of Macs by the US government. The purchase includes the macOS security and compliance suite, cmdReporter, the developers of which, Daniel Griggs and Eric Metzger, have also joined Jamf.

“We see a continued demand for security and compliance within the enterprise. This acquisition will only deepen Jamf’s expansion of those capabilities,” said company CEO Dean Hager.

Life at the edge

The security and compliance suite works like a security motion camera detector that watches anything running on, communicating with, or authenticating into a Mac. It will collect and stream macOS telemetry data to security and incident-event management (or other) logging tools. It does so while maintaining compliance and auditing IT security requirements.

The information it gathers can help monitor for intrusion detection (potentially in real time) and can also be used to prevent use of prohibited applications, stop data loss, and handle additional security functions.

cmdReporter supports commonly used endpoint telemetry data and automated macOS configuration audits, including CIS, NIST 800-53, NIST 800-171, and the DISA STIG.

[Also read: Apple publishes in-depth M1, Mac, and iOS security guide]

What’s really interesting is that this tool exceeds security benchmark auditing requirements, including those that have been impossible to meet with native macOS. To achieve this, it makes no use of kernel extensions (kexts) and has been developed from the ground up to make light demands on the processor, with peak usage of just 8% CPU.

Compliance in the remote enterprise

The compliance aspect is particularly valuable as Apple’s platforms continue to penetrate new enterprise markets, including regulated industries. Users in healthcare, government, energy, and education demand Mac security solutions that can also keep systems in compliance; the tool may help Jamf continue to build presence as Mac deployments in those industries continue to increase.

Remote working has also surfaced the challenges of endpoint security protection across every enterprise, which certainly appears to be part of what has driven Jamf to make this acquisition.

Josh Stein, senior director of security product strategy, said:

“Compliance and auditing standards exist to ensure that a baseline of security best practices are in place to guard against the myriad of cybersecurity risks that have the potential to cause damaged reputations and financial losses.”

As I see it, this makes it an essential component for the kind of intelligent endpoint security monitoring tools for Macs that Jamf already provides, such as Jamf Protect and Jamf Pro.

The addition of the tool will expand the security provided by these solutions, and will give Macs more clout in those regulated industries that would like to adopt them but need to remain in tune with compliance regulation.

To bravely go where no Mac has been before

The acquisition also brings the Apple-in-the-enterprise company a much better opportunity to work with what looks like a collection of interesting clients. The cmdsec website claims organizations already making use of cmdReporter include NASA, the US Patent and Trademark Office, the US Department of Agriculture, JPL, NOAA, and Johns Hopkins Applied Physics Laboratory.

The tool will very likely also be of interest across other sectors, including banking customers who are also migrating to the Mac.

More detailed information concerning how the Jamf acquisition can help companies meet auditing and accountability requirements is available here.

Please follow me on Twitter, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.