Delinea | Privileged Access Management Blog

Endpoint Protection for Mac: Securing your Enterprise Endpoints

Written by Delinea Team | Dec 10, 2019 8:00:17 AM

Apple products continue to grow in popularity. With strong iPhone X and 11 sales, Apple is boosting its smartphone market share. And it’s not just consumer products where we’re seeing growth. Enterprises are using Macs more and more and Delinea is seeing significant growth in these devices and operating systems.

Endpoints present a significant security risk: 85% of cyber attacks enter through compromised endpoints

As IT teams work to bring all endpoints under management as part of a least privilege strategy, it’s key that their tools provide similar functionality for both Windows and Mac machines, but also account for the differences in these platforms. macOS has different file types, applications execute and install differently, and macOS uses a separate app store. When managing macOS endpoints and their privileged accounts, fewer applications actually require root access.

So why does this matter? Endpoints present a significant security risk: 85% of cyber attacks enter through compromised endpoints (SANS Institute). And a key attack vector is used to compromise those endpoints: local admin accounts. Local admin accounts on user devices are often left in place by mistake, which makes those machines vulnerable to attack. To mitigate this risk, many security regulations and best practice security frameworks mandate least privilege protection. Privilege management tools protect your vulnerable Windows and macOS endpoints from attack and help you comply with regulatory requirements for least privilege.

Privilege Manager is the most comprehensive privilege and application control solution that operates at a massive scale. With Privilege Manager, available both on-premise and in the cloud, you can prevent malware from exploiting Windows and macOS applications by removing local administrative rights from endpoints while minimizing friction that slows productivity.

Critical Features for Organizations with macOS Endpoints

A critical step in the Privileged Access Management lifecycle is discovering accounts because you can’t manage what you don’t know exists. Discovering endpoints and applications that require privileged access allows you to bring those accounts under management. Privilege Manager provides:

  • Windows & Mac Account Discovery on Endpoints – Privilege Manager identifies all local accounts on agent-installed endpoints and flags those with local admin rights. A single, comprehensive view makes management easy.
  • Application Discovery for Administrative or Root Privileges – The most powerful applications installed on endpoints is those that require administrator credentials or root privileges to run. Privilege Manager discovers all applications that run on endpoints through its Learning Mode, giving you a precise snapshot of how these applications are used before you implement any changes. You can set up discovery policies to target any new application action that requires administrator or root access, so no privileged action goes unnoticed.

Continued Improvement of macOS Endpoint Management and Protection

Delinea continues to make incremental improvements to Privilege Manager to simplify the management of macOS endpoints. With our recent 10.6 release, Privilege Manager now enables you to:

  • Detect and act upon an application that is being installed via a drag/drop into the Applications folder via a policy that can allow or deny standard users from installing applications by copying them into this folder
  • Detect applications that require admin access either because the app bundle has a privileged helper or it has a codesign entitlement
  • Elevate macOS applications on-demand via Ctrl-click or context menu action

And with our Privilege Manager 10.7 release, available today, we’ve added the following macOS features:

  • Support for macOS Catalina
  • Support macOS command-line filtering and target specific commands on macOS using wildcards and regular expressions
  • Support the Network Share Filter on macOS which allows admins to use a network share as a source location that can then be allowed, denied, elevated, etc., allowing admins to target a large set of applications in a much more manageable way
  • Support PKG files on macOS for a file upload

Fast-growing teams can manage and secure hundreds of thousands of machines through Privilege Manager

Proactive Windows and Mac endpoint protection based on least privilege means less time and resources spent detecting an infection, chasing down cybercriminals once they’ve already entered your network, and remediating the damage. Enterprises and fast-growing teams can manage and secure hundreds of thousands of Windows and Mac machines through Privilege Manager, with built-in application control, real-time threat intelligence, and actionable reporting that demonstrates value to executives and auditors.