As mentioned in a previous post, A Least Privilege Apple a Day…, the adoption of the Mac OS is steadily increasing at the enterprise level; by some reports, doubling in recent years. Fostered by an association between iOS and Mac OS, and greater acceptance of BYOD, this trend is here to stay. As IT departments adjust to this changing landscape, so too must policy and security.
Organizations are faced with new challenges, (for example, BYOD is becoming the norm for many companies) and some old favorites (i.e. how often have your users done nothing to their computer, but it’s magically broken?) And while Apple continues to be vigilant about patching security holes, as do the respective vendors of software running on Mac, is that enough? We don’t think so.
BeyondTrust introduced PowerBroker for Mac in summer 2015 to address major security gaps in what is available for the Mac OS. Why? Because organizations want to adhere to least privilege standards across their enterprises – not just in their Windows desktop environments. We have been providing security products for Unix, Linux, and Windows for years, even holding patents on the methods for employing it. We knew from our customers they wanted similar functionality available for Mac as well.
To continue this forward momentum, we are adding some key features to the next release of PowerBroker for Mac, notably:
- The ability to deny applications from launching. Even a standard user with the best intentions can bite into a worm, (yes, it’s a cheesy Apple reference, but you can’t ‘deny’, it works). Setting deny policies on applications or processes greatly reduces the risk of malware, vulnerable applications, or misconfigurations of the system.
- User Messages. Users like to be informed, especially if they click an application that is being denied. Being able to provide a consistent message to users informing them why something has been denied, or prior to certain elevations, helps your users and you.
