Apple @ Work is exclusively brought to you by Mosyle, the only Apple Unified Platform. Mosyle is the only solution that integrates in a single professional-grade platform all the solutions necessary to seamlessly and automatically deploy, manage & protect Apple devices at work. Over 45,000 organizations trust Mosyle to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
Yesterday, we saw one of the largest IT outages in history, and it looked a lot like what many people had predicted would happen when the year 2000 hit and the Y2K bug occurred. Yesterday, people around the world began seeing the “blue screen of death” as they began their work day. This error caused delays for banks, airlines, railways, cellular providers, TV and radio broadcasters, and grocery stores. It only affected Windows, though.
A problem in a security update from CrowdStrike caused the error. You can read their blog for more information. CrowdStrike is a fantastic company, and they make incredible products. Their products are simply some of the best security tools in the industry, but unfortunately – accidents can happen.
Macs were unaffected, though – and there’s a good reason. Here’s how Apple protects the Mac mass outages like what the world witnessed on Friday.
About Apple @ Work: Bradley Chambers managed an enterprise IT network from 2009 to 2021. Through his experience deploying and managing firewalls, switches, a mobile device management system, enterprise grade Wi-Fi, 1000s of Macs, and 1000s of iPads, Bradley will highlight ways in which Apple IT managers deploy Apple devices, build networks to support them, train users, stories from the trenches of IT management, and ways Apple could improve its products for IT departments.
Apple’s Endpoint Security framework
The root of the problem is that CrowdStrike’ss tools run at very deep levels on Windows. On the Mac, they can’t run at those levels – anymore. Apple’s Endpoint Security Framework is a modern API toolkit designed to help security vendors build security solutions for the Mac. It was introduced in macOS 10.15 Catalina and provides a comprehensive set of tools and services to monitor and secure endpoints.
The framework allows developers to monitor various security-related events, such as file system access, process creation, and network connections. This enables real-time monitoring of activities on a Mac, but it does it in a way that protects user privacy and also limits how low a level it can run. Apple designed the framework to respect user privacy and provide transparency. Applications using the Endpoint Security Framework must obtain explicit user consent to monitor and block activities, ensuring users know the security measures applied to their devices.
Apple’s Endpoint Security framework replaced the Kernel Extension (kext) based security mechanisms. These Kernel Extensions had deep access to the system, running in the kernel space. This level of access posed significant security risks and potential stability issues because a malfunctioning kext could crash the entire system.
Do you understand it now? Apple’s Endpoint Security framework was developed to modernize how companies interact with macOS from a security point of view. Apple recognized that as it became one of the most used endpoints in the enterprise, it needed a modern way to handle endpoint monitoring for enterprise IT and security teams. When Apple made this change, it was a major transition for security vendors. They had to change how their tools worked to be compatible with future macOS versions.
9to5Mac’s take
Apple was right. Building a modern enterprise API for endpoint detection was not easy, and the entire industry had to transition with them. Apple’s framework is how it should be done. An endpoint security tool should not be able to crash a system to the point where it’s unusable.
This is one of the ways Mac users are able to protect themseveles against things like the CrowdStrike outage from happening. When Windows PCs were offline on Friday, customers and businesses alike could rely on their Mac.
Because of Apple’s ecosystem and things like the Endpoint Security Framework, the company is significantly less exposed to third-party problems like what we saw with CrowdStrike and Windows PCs.
So while IT admins raced to save the day on Friday, businesses that rely on the Mac (and iPad) were in the clear. In fact, in many instances, Macs were what kept the lights on – ranging from hospitals to small businesses and much more. This is the perfect example of the Apple ecosystem doing what it does best: putting users, privacy, and security first.
Apple @ Work is exclusively brought to you by Mosyle, the only Apple Unified Platform. Mosyle is the only solution that integrates in a single professional-grade platform all the solutions necessary to seamlessly and automatically deploy, manage & protect Apple devices at work. Over 45,000 organizations trust Mosyle to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
FTC: We use income earning auto affiliate links. More.
Comments