Apple @ Work is brought to you by Kolide, endpoint security for teams that Slack. Kolide notifies your team via Slack when their devices are insecure and gives them step-by-step instructions on how to solve the problem. Meet your compliance goals using the most powerful, untapped resource in IT: end-users. Try Kolide for free today.
In 2004, I listened to a presentation from the IT Director of the internet service provider I was doing call center technical support for, and he made a comment that has stuck with me to do this day: Security is easy if you don’t care about the end-user experience. Finding the balance between security and usability is the true goal. I’d argue that usability and experience is the primary way Apple has distinguished itself in the enterprise and why it continues to grow to this day. A great example of Apple balancing security and usability is its Endpoint Security API.
About Apple @ Work: Bradley Chambers managed an enterprise IT network from 2009 to 2021. Through his experience deploying and managing firewalls, switches, a mobile device management system, enterprise-grade Wi-Fi, 100s of Macs, and 100s of iPads, Bradley will highlight ways in which Apple IT managers deploy Apple devices, build networks to support them, train users, stories from the trenches of IT management, and ways Apple could improve its products for IT departments.
- Macs don’t get viruses
- Macs don’t need security software
- All malware is a result of end users
I’ve heard these common statements over the years about the need for security software on the Mac. While some of them are true some of the time, none of them are true all of the time. The reality is that hoping your devices stay free of malware and viruses is not a strategy. In the IT world, it’s about trust and verifying. IT departments trust that Apple makes robust software combined with great hardware, but endpoint security software enables them to verify their fleet is healthy and clean.
Apple’s Endpoint Security API
Apple’s response to the need for endpoint security software could have been put its head in the sand and let 3rd party companies handle it in the best way they saw fit. The problem with this strategy is it leads to a poor user experience.
In that environment, companies building security software will build more invasive and intrusive software to monitor security. End users might end up with a secure Mac, IT might end up with all the reporting they need, but ultimately the overall Mac experience will be degraded to a similar place that Windows was many years ago. Going back to the quote at the beginning, the balance for IT is finding a healthy balance between security and usability.
Apple’s Endpoint Security API aimed to take the guesswork out of that balance.
Endpoint Security is a C API for monitoring system events for potentially malicious activity. You can write your client in any language that supports native calls. Your client registers with Endpoint Security to authorize pending events, or receive notifications of events that already occurred. These events include process executions, mounting file systems, forking processes, and raising signals.
Even at this year’s WWDC, Apple’s Endpoint security API keeps evolving. Launched initially with macOS Catalina has a replacement for the KAuth API. It’s gone on to cover hundreds of various event types. With macOS Ventura, Apple is expanding the API to cover more observable events, including security-relevant events. Specifically, Apple is adding visibility into authentication, login and logout, and Gatekeeper’s XProtect. These events are typically used by security products that wish to observe suspicious access patterns. Companies like CrowdStrike are a great example of taking the Endpoint Security API, building a robust macOS Endpoint Security software, and preserving the great Mac experience.
Summary
The best security software is
- Invisible to the user
- Provides IT with all the data it needs for compliance and security
- Works natively with the operating system
All security software that users Apple’s Endpoint Security API checks these boxes. Because Apple set the standard, everyone wins together, yet another reason Apple is a favorite among IT professionals and end users
Apple @ Work is brought to you by Kolide, endpoint security for teams that Slack. Kolide notifies your team via Slack when their devices are insecure and gives them step-by-step instructions on how to solve the problem. Meet your compliance goals using the most powerful, untapped resource in IT: end-users. Try Kolide for free today.
FTC: We use income earning auto affiliate links. More.