Here at Jigsaw24, we spend a lot of time talking about how secure Apple devices are. But what is it that makes them so safe, how do your third party endpoint security tools work with devices to keep you safe? And how much of a factor should this be when you’re choosing a device? We asked Apple Enterprise Solutions Architect, Jack Hollister, to answer some key questions…
“Understanding the native features available within the Mac environment and how endpoint security products use and interface with them is a key part of assessing the different products on the market,” explained Jack. “When you’re deploying devices at scale, this combination of native protection and the ability to integrate with third parties is essential.”
In any device using a T2 or M1 chip, all files on the internal storage are encrypted with AES-256 by a dedicated engine, which protects how files are accessed and modified. As the encryption key is kept locally on the chip and not shared with the CPU, data protection is ensured.
The devices are designed to be secure from the second they’re turned on. When a T2 or M1-chip enabled Apple device powers on, the ROM verifies that the bootloader is signed by Apple, then authenticates the kernel and UEFI firmware before loading the OS. The macOS bootloader’s signature is verified by the firmware. Once this is completed, native security policies such as System Integrity Protection (SIP) and Signed Kernel Extensions are applied, keeping users safe.
Yes. Apple devices arrive encrypted at-rest, which means any data is kept encrypted when you’re not using it. When you set up your device, you’re given the option to associate a local user account password with unlocking the disk. Once this is in place, your device’s storage cannot be accessed without the associated chip – making it impossible for malicious actors to access your data if all they have is your storage media.
There are three key functions built into macOS that provide device security.
· XProtect A signature-based anti-malware tool with a feature set similar to endpoint security tools like Sophos and Symantec.
· Gatekeeper Ensures your device only executes trusted software.
· Malware Removal Tool The function that XProtect utilises for the destruction of malicious files.
XProtect provides protection against signature-based malware. Apple automatically provide signature updates to devices to ensure that Mac devices can defend against malware threats, independent of any system upgrades you may or may not wish to install. However, in macOS 10.15 and up, XProtect goes further, checking the contents of applications when they’re first launched, and again when they’re changed.
When a known malware threat is detected by XProtect, it is blocked from executing, and the user is shown a notification and given the option to move the software to the trash.
Gatekeeper containerises and verifies applications as they are launched, which is a long-winded way of saying it ensures users only open trusted applications. When a user downloads and opens an app, plugin, or installer package from anywhere other than the App Store, Gatekeeper verifies the software is from an identified developerand has beennotarised by Apple as free of known malicious content.
The first time a user tries to open the app, Gatekeeper will ask them to approve the opening and launch of the app, which prevents any malicious executable code hidden within a data file from running. It also opens the application in a read-only location, which prevents any automatic loading of plugins that are contained within it.
Malware Removal Tool is the function in macOS which issues XProtect updates. It also remediates against infections, monitors malware activity, and revokes Developer IDs from malicious applications.
Apple’s built-in security tools are designed to give users a level of security protection out of the box. They’re designed to prevent everyday users from downloading unsafe applications. Although these tools are great, in a business environment they’re just the beginning. Any IT team will want to build on them in order to provide more protection against malware, audit against discoveries, remove viruses from their Mac estate and remedy security threats. To do this, we need a well-administer, Apple-focused MDM solution, in addition to third-party endpoint security software…
Coming up in part two of our Apple security series, how mobile device management solutions can help with security and compliance. To find out more about our Apple services, drop your details in the form below, call the team in 03332 400 888 or email business@Jigsaw24.com.
Just drop your details in the form and one of the team will be in touch.
*We would like to send you information on our latest special offers as well as relevant news, articles and event invites. Click here for examples. We’ll always treat your details with respect and the information you provide will only be used to better target the communications you receive. You can read our full Privacy Notice here.
Let’s be honest. A stay in hospital is nobody’s idea of fun. But thankfully, technology is playing a key role in improving...
With an effective mobile device management solution, you can stay in control of your IT and make hybrid working productive.