#protection #microsoft #tips_and_trends

Macs Are an Enterprise Security Risk — Just Like Windows Machines

by Roark Pollock

February 22, 2018

access_time 7 min read

Got Macs? Great. I have one too. Are your’s locked down? If not, your enterprise has a potentially serious security weakness.

It’s a fallacy to believe that Macintosh computers are inherently secure and don’t need to be protected against hacking or malware. Many think Macs are indeed arguably more secure than Windows desktops and notebooks, due to the design of the Unix-oriented kernel. Certainly, we see fewer security patches issued for macOS from Apple, compared to security patches for Windows from Microsoft.

Fewer security defects is not zero defects. And safer doesn’t mean 100% safe.

Some Mac Vulnerability Examples

Take, for example, the macOS 10.13.3 update, issued on January 23, 2018, for the current versions of the Mac’s operating system. Like most current computers running Intel processors, the Mac was vulnerable to the Meltdown flaw, which meant that malicious applications might be able to read kernel memory.

Apple had to patch this flaw — as well as many others.

For example, another defect could allow malicious audio files to execute arbitrary code, which could violate the system’s security integrity. Apple had to patch it.

A kernel flaw meant that a malicious application may be able to execute arbitrary code with kernel privileges, giving bad guys access to anything on the device. Apple had to patch the kernel.

A flaw in the WebKit library meant that processing maliciously crafted web content may lead to arbitrary code execution. Apple had to patch WebKit.

Another flaw meant that processing a malicious text message may lead to application denial of service, locking up the system. Whoops. Apple had to patch that flaw as well.

Don’t Make The Same Mistakes as Consumers

Many consumers, believing all the talk about how wonderful macOS is, choose to run without protection, trusting the macOS and its built-in application firewall to block all sorts of bad code. Bad news: There’s no built-in anti-virus or anti-malware, and the firewall can only do so much. And many enterprises want to ignore macOS when it comes to visibility for posture monitoring and hardening, and threat detection / threat hunting.

Consumers often make these assumptions because they don’t know any better. IT and Security professionals should never make the same mistakes – we should know better.

If a Mac user installs bad software, or adds a malicious browser extension, or opens a bad email attachment, or clicks on a phishing link or a nasty ad, their machine is corrupted – just like a Windows machine. But within the enterprise, we need to be prepared to deal with these issues, even on Macs.

What To Do?

What do you need to do?

  • Install anti-virus and anti-malware on corporate Macs – or any Mac that has access to your organization’s content, servers, or networks.
  • Monitor the state of Macs, just like you do with Windows machines.
  • Be proactive in applying patches and fixes to Macs, again, just like with Windows.

You should also remove Macs from your corporate environment which are too old to run the latest version of macOS. That’s a lot of them, because Apple is pretty good at maintaining old hardware. Here is Apple’s list of Mac models that can run macOS 10.13:

  • MacBook (Late 2009 or newer)
  • MacBook Pro (Mid 2010 or newer)
  • MacBook Air (Late 2010 or newer)
  • Mac mini (Mid 2010 or newer)
  • iMac (Late 2009 or newer)
  • Mac Pro (Mid 2010 or newer)

When the next version of macOS comes out, some of your older machines may drop off the list. They should drop off your inventory as well.

Ziften’s Viewpoint

At Ziften, with our Zenith security platform, we work hard to maintain visibility and security feature parity between Windows systems, macOS systems, and Linux-based systems.

In fact, we’ve partnered with Microsoft to integrate our Zenith security platform with Microsoft Windows Defender Advanced Threat Protection (ATP) for macOS and Linux monitoring and threat detection and response coverage. The integration enables customers to detect, view, investigate, and respond to advanced cyber-attacks on macOS devices (and also Windows- and Linux-based endpoints) directly within the Microsoft WDATP Management Console.

From our perspective, it has always been important to give your security teams confidence that every desktop / notebook endpoint is protected – and thus, the enterprise is protected.

Believe it or not, 91% of enterprises say they have some Macs. If those Macs aren’t protected, and also properly integrated into your endpoint security systems, the enterprise IS. NOT. SECURED. It’s just that simple.

To learn more about how Ziften can help, read Ziften: Cloud and Enterprise Endpoint Security Software.