Apple @ Work is brought to you by Mosyle, the only Apple Unified Platform. Mosyle is the only solution that fully integrates 5 different applications on a single Apple-only platform, allowing Businesses to easily and automatically deploy, manage & protect all their Apple devices. Over 38,000 organizations leverage Mosyle solutions to automate the deployment, management, and security of millions of Apple devices daily. Request a FREE account today and discover how you can put your Apple fleet on auto-pilot at a price point that is hard to believe.
Now that the Mac is a premier endpoint in the enterprise, it’s starting to move into the phase where it needs first-class tools for IT and security teams to gather data from the device. A newly available from Red Canary aims to make gathering endpoint data on macOS even easier.
About Apple @ Work: Bradley Chambers managed an enterprise IT network from 2009 to 2021. Through his experience deploying and managing firewalls, switches, a mobile device management system, enterprise grade Wi-Fi, 100s of Macs, and 100s of iPads, Bradley will highlight ways in which Apple IT managers deploy Apple devices, build networks to support them, train users, stories from the trenches of IT management, and ways Apple could improve its products for IT departments.
Red Canary Mac Monitor is an incredibly powerful and comprehensive dynamic analysis tool designed specifically for macOS and gathering data. Leveraging the team at Red Canary’s deep knowledge of the Mac and using the latest APIs from Apple, Mac Monitor brings together a wealth of security data in one place and is designed as the macOS equivalent of Microsoft Sysinternals’ Procmon.
Mac Monitor is an invaluable tool for security researchers and teams, offering a plethora of analysis capabilities; whether you’re looking to validate suspicions regarding unusual system activity or conducting in-depth threat research, this tool will be invaluable. The team at Red Canary notes they have extensively utilized Mac Monitor for generating telemetry, executing Atomic Test Harnesses, and meticulously examining the forensic artifacts that are left behind.
Red Canary notes they’ve also used Mac Monitor to conduct more complicated threat research, including work that led to the discovery of an exploitable vulnerability in Apple’s Gatekeeper tool (CVE-2023-27951).
Red Canary has released Mac Monitor as a stable beta so security teams and put it through the paces and improve the product. The growth of endpoint data across every industry is growing at a rapid pace, and it’s showing no signs of slowing down. Red Canary recognized the huge potential of Apple’s Endpoint Security API – an equivalent to Microsoft Event Tracing for Windows – to enhance their detection and gathering capabilities on macOS endpoints. Since Apple only offers an API, they lacked a reliable method to gather, analyze, enrich, and evaluate macOS events. Red Canary’s work here could be very useful for IT and security teams looking to collect more data from a macOS endpoint.
Apple @ Work is brought to you by Mosyle, the only Apple Unified Platform. Mosyle is the only solution that fully integrates 5 different applications on a single Apple-only platform, allowing Businesses to easily and automatically deploy, manage & protect all their Apple devices. Over 38,000 organizations leverage Mosyle solutions to automate the deployment, management, and security of millions of Apple devices daily. Request a FREE account today and discover how you can put your Apple fleet on auto-pilot at a price point that is hard to believe.
FTC: We use income earning auto affiliate links. More.
Comments