![](\"https:\/\/images.idgesg.net\/images\/article\/2023\/04\/unknown-100940153-small.jpg\"\/)
<\/p>\n
The Apple-focused enterprise solutions provider ecosystem is growing apace<\/a> to match the rapidly expanding need<\/a> of enterprise IT. Jamf recently introduced a new anti-spyware solution<\/a> for high-value targets. Today, competitor Kandji officially introduced its\u00a0Endpoint Detection & Response (EDR)<\/a>) solution, which aims to fight malware on the Mac.<\/p>\n I caught up with Weldon Dodd, Kandji’s senior vice president for community, to find more.<\/p>\n \u201cApple\u2019s footprint in the enterprise has grown rapidly,\u201d Dodd said. \u201cWith this growth, attention from threat actors has mounted for the Mac ecosystem. While Apple computers are secure, they are not impervious to threats. There are thousands of malware variants that can exploit vulnerabilities of apps running on a Mac, or bypass native security systems.\u201d<\/p>\n Weldon Dodd,\u00a0Kandji senior vice president for community.<\/p>\n The torrent of attacks is unlikely to slow as Apple\u2019s place in these markets continues to grow<\/a>. Cisco says 59% of new hires choose a Mac and 65% of existing workers switch to Apple\u2019s platform when they get the chance. Add a touch of mobile and the nature of business tech has transformed, with digital device penetration<\/a> still only at the beginning of full realization of potential<\/a>.<\/p>\n \u201cApple is the platform of choice for more and more workers today. Especially as larger enterprises adopt them, it becomes a bigger focus for bad actors,\u201d said Dodd.<\/p>\n In that context, IT is being asked to deploy and maintain more and more tools to achieve compliance and protection.<\/p>\n \u201cThe solution is a way for IT to roll endpoint protection tooling in with their device management tooling,\u201d said Dodd. \u201cThey can handle the management and protection of their Apple devices without having to maintain multiple agents. It is not a standalone endpoint detection and response system. It has been built natively into Kandji\u2019s Device Management offering.\u201d<\/p>\n Kandji\u2019s protection is deployed via the company\u2019s existing Device Management tools<\/a>, including its eponymously named Agent and Web app tools. The company says the protection analyzes incoming files for malware signals and enforces custom allow\/block lists, which works to automatically identify and kill malicious files.<\/p>\n Dodd said the software leverages Apple\u2019s technologies to the furthest extent possible. \u201cWe are using nearly every security API provided by Apple,\u201d he said.<\/p>\n The primary API used is Apple\u2019s Endpoint Security Framework (ESF). This kernel-based solution helps the system spot and respond to threats in real time and is similar to Windows ETW (Event Tracing for Windows). Its existence was enabled by Apple\u2019s decision to deprecate Kernel Extensions from its systems<\/a> with the introduction of macOS Catalina.<\/p>\n Kandji uses these APIs to, \u201ccollect system data and events [that] are the foundation for Device Harmony, and we use APIs for resource management \u2014 always prioritizing user work over the Kandji Agent\u2019s, and to gather contextual information on system events to enhance threat detection,\u201d Dodd said.<\/p>\n Dodd claims fast threat detection with little impact on Mac system resources.<\/p>\n It works like this: devices managed by the company already rely on Kandji Agent, which is notified by the ESF of each file system event as it takes place in a process that poses \u201calmost no CPU overhead,\u201d Dodd said.<\/p>\n \u201cWe leverage Apple’s methodologies, so our agent uses system resources as efficiently as possible. For example, the Kandji Agent takes advantage of Apple\u2019s asymmetric multi-processing, so it dynamically uses performance or efficiency cores in Apple Silicon Macs, making sure the user always has the compute power they need.”<\/p>\n Security is informed by millions of malware definitions, data from the world\u2019s leading threat feeds, and the company\u2019s nine-strong team of threat researchers who curate detection methods and prevention strategies on current and future Mac malware variants. Dobbs told me the system can detect known variants from multiple Advanced Persistent Threat (APT) groups (such as NSO Group<\/a>) on a Mac. The system also has rules in place to identify some unknown variants based on identifying points in the malware.<\/p>\n Of course, protection of any kind is only part of the solution. Educating employees around good security practices is always the first line of defense. And even the most security-savvy user can be misled. \u201cAttackers are constantly coming up with innovative ways to breach systems,\u201d Dodd said. \u201cEventually someone will accidentally click that link or do something to allow malware onto their computer.<\/p>\n \u201cA well-designed campaign can trick anyone, especially if it happens to come at the right place and right time. And in some cases, malware is spread to systems through compromised software that does not require any user intervention. It is on the company to build the protections so it’s ready for any possibility.\u201d<\/p>\n Please follow me on\u00a0Mastodon<\/a>, or join me in the\u00a0AppleHolic\u2019s bar & grill<\/a>\u00a0and\u00a0<\/em>Apple<\/em>\u00a0Discussions<\/em><\/a>\u00a0groups on MeWe.<\/em><\/p>\n http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" The Apple-focused enterprise solutions provider ecosystem is growing apace<\/a> to match the rapidly expanding need<\/a> of enterprise IT. Jamf recently introduced a new anti-spyware solution<\/a> for high-value targets. Today, competitor Kandji officially introduced its\u00a0Endpoint Detection & Response (EDR)<\/a>) solution, which aims to fight malware on the Mac.<\/p>\n<\/p>\n