Apple @ Work is brought to you by Mosyle, the leader in modern mobile device management (MDM) and security for Apple enterprise and education customers. Over 22,000 organizations leverage Mosyle solutions to automate the management and security of millions of Apple devices daily. Request a FREE account today and discover how you can put your Apple fleet on auto-pilot at a price point that is hard to believe.
As we continue with our series on Apple’s enterprise security design, I want to look at the Endpoint Security framework. While it’s only a couple of years old, I believe it’s a crucial part of Apple’s enterprise “pitch” in the future.
About Apple @ Work: Bradley Chambers has been managing an enterprise IT network since 2009. Through his experience deploying and managing firewalls, switches, a mobile device management system, enterprise-grade Wi-Fi, 100s of Macs, and 100s of iPads, Bradley will highlight ways in which Apple IT managers deploy Apple devices, build networks to support them, train users, stories from the trenches of IT management, and ways Apple could improve its products for IT departments.
Table of contents
If you’ve ever used a Windows PC in the workplace, you know that some of the “management tools” that get installed end up causing significant problems for day-to-day usage. I still hear stories from friends of mine who are required to use PCs for their jobs, and they talk about how slow they are because of all the extra bloatware installed.
Honestly, I get both sides. I get the side of IT who is trying to protect company resources. But, I also get the side of the end-user who wants to get their job done. This scenario is why the Endpoint Security API is so important for Apple.
Endpoint Security is a C API for monitoring system events for potentially malicious activity. You can write your client in any language supporting native calls. Your client registers with Endpoint Security to authorize pending events or receive notifications of prior events that have already occurred. These events include process executions, mounting file systems, forking processes, and raising signals.
Learn more about Apple’s Endpoint Security API
If you want to watch a video to learn a bit more about it, check out this video from WWDC 2020. TL;DW: The Endpoint Security API is the modern replacement for apps that want to connect at the Kernal level. Any time a new version of macOS would be released, apps that ran at this level were always problematic. Because of this problem, organizations had to delay upgrading to the newest version of macOS, which would actually lead to potential security problems as their devices weren’t patched for the latest threats and vulnerabilities.
One of the first apps to be released using this new API released with Catalina was Jamf Protect. Jamf Protect extended the built-in macOS security tools like XProtect and Gatekeeper for improved reporting, compliance, and security posture while working off Apple’s API to provide a kextless security tool.
Going forward, any vendor making an enterprise security tool for Mac should be using Apple’s Security Endpoint API.
Why does Endpoint Security matter?
Apple’s endpoint security API shows that Apple recognizes that XProtect and Gatekeeper are not enough for enterprise IT departments. So instead of burying their head in the sand and letting security vendors built intrusive software that makes the Mac run worse, they went to work on the way to give enterprise security vendors a path to a reasonable solution. The Endpoint Security API lets them build their tools in a way that preserves the Mac experience for end-users using Apple at Work.
For security vendors, building around this API shows their customers that they care about the Mac experience, and they will also easily stay compatible with future macOS versions.
FTC: We use income earning auto affiliate links. More.