The future of security: smarter devices that protect themselves

Jamf officially completed its acquisition of Zecops this week. Why is this important and what might it mean to enterprise mobile security? Potentially, a lot.

To get an answer to the question, think about how security has evolved. as the proliferation of mobile devices has made traditional security protections even less effective than they used to be.

Mobile devices now account for 59% of global website traffic. But almost half (45%) of companies surveyed in the most recent Verizon Mobile Security Index say they have suffered a compromise involving a mobile device in the past 12 months.

Company firewalls only protect those inside the wall, and retrospective malware checkers by nature don’t detect an attack until it’s taken place.

Traditional security models have now been replaced by the concept of endpoint security, in which security is applied on a device, user, location, and even application basis. It’s this evolving understanding of security that contributes to today’s security industry buzzwords, things like zero trust, multi-factor authentication, and password-free security — all are components of the new approach.

Another tactic is the continued attempt to evolve security protection on the device itself, kind of like the Secure Enclave on Apple’s products. But it involves even more: developing systems that are smart enough to recognize whether they have been attacked.

But being able to deliver that kind of machine intelligence self-awareness requires access to a little information first, in the form of telemetry data.

Jamf already has a security solution for Macs that shows this direction of travel, called Jamf Protect. It can detect threats, monitor compliance, and automatically respond to some security incidents. When it was introduced in 2019, it showed a future for security protection. The ZecOps deal means the company now has technology it might be able to use to provide similar protection to iPhones and iPads, too.

Delivering that level of security is complex and requires access to telemetry, which is the kind of information Zecops is very good at grabbing. That explains why its security solutions are already used by governments, enterprises, and high-net-worth individuals to accelerate mobile security investigations. The solution is very good at taking data and identifying attacks and compromises at a deep scale.

The idea is that if a breach has taken place, the software will spot it, which is invaluable to the protection of corporate data. However, the goal must be that eventually the device itself will recognize and protect itself against any visibly recognize attack, making systems even more secure.

“ZecOps is the only available tool that provides the capability to extract, deliver, and analyze mobile device logs for signs of compromise or malicious activity,” said one “Department of State, a G7 government” customer, according to the company.

The tool works by capturing and analyzing logs from both iOS and Android devices at the operating system layer. It explores this telemetric data to identify suspicious events and has been designed to catch hidden zero- and one-click attacks. It will identify whether a device is attacked, how and when that attack took place, what impact it has, and then help inform effective incident response.

It’s a threat hunter for iPhones.

It’s important also to consider the kind of threats this solution may be able to fend off. This isn’t just a virus checker. It is smart and capable enough to identify some of the state-sponsored threats Apple built Lockdown Mode to protect devices against. The acquisition essentially gives Jamf a technology sufficiently robust to protect against espionage.

And at a deeply paranoid time in our global history, this level of protection is the degree of security every iPhone user requires.

Please follow me on MastodonTwitter, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.