Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

Get Your Mac Users Ready for Big Sur (macOS 11) with Privilege Management for Mac 5.7

September 30, 2020

  • Blog
  • Archive

Big Sur (macOS 11.0) is now upon us. This new operating system begins Apple’s journey to Apple Silicon and beyond. This blog will unpack the immediate security and operational implications for end users of Big Sur, and highlight how BeyondTrust Privilege Management for Mac will help enterprises make the most of the their leap to the new OS.

Big Sur Release in Perspective

Big Sur is the first major OS release for Macs in nearly two decades. Mac OS X 10.0 Cheetah was released in 2001. macOS 11.0, is a gesture to the major hardware changes that Apple is forging ahead with.

Big Sur reflects more than just a new OS. The release announcement also coincides with the news that Apple is dropping Intel as their chip manufacturer. This marks one of the first steps in the migration to a new hardware architecture for MacBooks.

Benefits of macOS 11

Let’s briefly look at the most touted benefits of macOS 11.

Design refresh

Big Sur will see big changes in the look and feel that has been described as both “fresh and familiar” at the same time. System sounds, windows, the dock, icons, and, even color schemes have been changed.

Major Safari improvements

Safari, Apple’s graphical web browser, will not only have a fresh look, but is reported to be faster and more battery efficient than prior versions. Apple is a vocal proponent of reducing its carbon footprint is great to see them embodying the principle here.

Safari will also come with an improved Privacy Report, and will even translate web pages for you with the click of a button.

Privacy

Privacy will be further enhanced for Apple users with every app having information included about it on the app store, in a format akin to a nutrition label. Developers will have to self-report privacy practices, for example if the app collects data around:

  • Usage
  • Contact information
  • Location

Software Updates

In the future, updating to a new OS version will be even easier, as new versions will begin downloading in the background, therefore reducing the time-to-value and reduced impact on productivity. The system can do this via signed system volume, which means the system volume is cryptographically signed and allows your Mac to know the exact layout of the system volume.

To watch and hear Apple talk about this themselves, we recommend watching the WWDC 2020 keynote.

macOS Big Sur & BeyondTrust

When engaging with our customers, one of the first questions that we are invariably asked is: “Is BeyondTrust ready for Big Sur?” This is hardly surprising given that anyone using our Privilege Management for Mac solution is now familiar with the below popup:

Mac Legacy System Extension Popup

We are proud to say that BeyondTrust is ready. Our newest release, Privilege Management for Mac 5.7, allows users to utilize System Extensions and provides a smooth migration path from their current OS to Big Sur. This means our users have one less thing to worry about when it comes to migrating an entire Mac fleet to a new OS version that has major architectural changes.

BeyondTrust continuously strives to ensure our users are secure—no matter what operating system or platform they use. This means we’re always working to stay well ahead of the curve.

BeyondTrust works alongside Apple, employing a dedicated Mac team to ensure that we offer the most complete, flexible, and fast-to-deploy solution for Mac endpoint privilege management. BeyondTrust’s solution addresses significant macOS security gaps around privileged access and is an essential component of a secure and compliant Mac endpoint estate.

For current Privilege Management for Mac customers, it is recommended to update to version 5.7 and enable System Extensions prior to updating the MacOS 11 (Big Sur). Taking this approach will ensure the upgrade to Big Sur will be a seamless process, and no additional changes would be required. For more information, please reference this Knowledge Base Article.

System Extensions

For Privilege Management for Mac to function on Big Sur, System Extensions must be utilized. This is because the Kernel Extensions used in older versions of BeyondTrust’s solution have been deprecated. The Kernel is the part of the OS that loads first and is responsible for controlling and monitoring hardware resources, like memory and CPU allocation.

Both System Extensions and Kernel Extensions allow applications like Privilege Management for Mac to act as extensions of the operating system itself. In this instance, they extend the native capability of macOS.

Privilege Management for Mac uses Apple's new Endpoint Security API to apply Application Control, a powerful capability of the BeyondTrust product. Endpoint Security and employing System Extension, allows our product to perform operations in user mode, which previously had to be performed by a KEXT running in kernel mode.

Apple is deprecating third-party KEXTs in favor of user mode equivalents. This restricts direct access to the Kernel and abstracts away platform differences between Intel and Apple Silicon CPU’s.

How Privilege Management for Mac interacts with the Kernel via System Extensions and the Endpoint Security API

Improving Mac Endpoint Security for macOS 11 & Beyond

In general, the migration to Big Sur should provide macOS users with a more stable, safer operating system. And, disallowing third-party KEXT’s reduces an obvious attack vector, while also providing enhanced OS stability. End users of Privilege Management for Mac should notice little to no change when migrating to Big Sur.

For our solution’s administrative users, installing Privilege Management 5.7 and enabling System Extensions ensures they can benefit from an easy migration route to Big Sur for their Mac estate.

Optimizing Privilege Management for Mac Settings for macOS 11

Authorizing the System Extension and granting it full disk access does require a little more work for admins than usual. To make this as easy as possible, BeyondTrust has shipped a configuration profile (.mobileconfig) with our version 5.7 deployment. This can be imported into an MDM for the purpose of making these changes en masse.

BeyondTrust has a dedicated Mac team focused on ensuring that our users have the best experience and functionality when using and managing Macs—just as we do across Windows, Unix, Linux, and other major operating systems. Our System Extensions work is cited by industry experts, and our work is patented.

Preparing Your Mac Endpoint & Security Estate for Big Sur & Apple Silicon

Migrating to Big Sur allows your userbase to utilize System Extensions and, therefore, leverage Apple’s latest security framework in conjunction with Privilege Management for Mac.

Apple’s new hardware platform, Apple Silicon, will only run Big Sur (macOS 11) and future macOS iterations. BeyondTrust’s Mac team is working to ensure our application natively supports Apple Silicon, thus providing the best performance and experience for our users.

One example of this, is our ongoing work to have universal binaries ready to use in our product. This will allow Privilege Management for Mac to run natively on Apple Silicon as well as on previous Intel chip iterations. Therefore, regardless of the OS version or hardware versions your Mac users run, admins can install the same version of our Mac endpoint privilege management solution on all Mac endpoints.

Contact the BeyondTrust Mac Development Team

Questions? Comments? Our development team wants to hear from you! Contact us today.


Datasheets

Quick Start Privilege Management for Windows & Mac

Videos

Demo: Privilege Management for Windows and Mac

BeyondTrust Privilege Management for Mac Development Team

James Allan – Product Owner

Simon Fradkin – Software Architect

Omar Ikram – Senior Developer

Paul Thexton – Senior Developer

Steven Joruk – Senior Developer

Chris Hill – Scrum Master

Steve Langford-Jones - QA Engineer

Ataulah Bukhari – QA Engineer

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Up next

From September 29, 2020:
Cloud PAM: 5 Keys to a Successful Foundation
From October 5, 2020:
Why Privilege Management is at the Center of Modern Endpoint Security

You May Also Be Interested In:

Webcasts | February 09, 2021

Customer Webinar: Remote Support 21.1 Released!

Webcasts | February 24, 2021

Your PAM 2021 Blueprint: Securing Privileged Accounts for On-Premises and Cloud Assets

Whitepapers

Evolving Privileged Identity Management (PIM) In The 'Next Normal'

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.