Cybersecurity Insurance Checklist - Meet Insurance Requirements with BeyondTrust PAM Download for Free

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

Get Your Mac Users Ready for Big Sur (macOS 11) with Privilege Management for Mac 5.7

September 30, 2020

  • Blog
  • Archive

Big Sur (macOS 11.0) is now upon us. This new operating system begins Apple’s journey to Apple Silicon and beyond. This blog will unpack the immediate security and operational implications for end users of Big Sur, and highlight how BeyondTrust Privilege Management for Mac will help enterprises make the most of the their leap to the new OS.

Big Sur Release in Perspective

Big Sur is the first major OS release for Macs in nearly two decades. Mac OS X 10.0 Cheetah was released in 2001. macOS 11.0, is a gesture to the major hardware changes that Apple is forging ahead with.

Big Sur reflects more than just a new OS. The release announcement also coincides with the news that Apple is dropping Intel as their chip manufacturer. This marks one of the first steps in the migration to a new hardware architecture for MacBooks.

Benefits of macOS 11

Let’s briefly look at the most touted benefits of macOS 11.

Design refresh

Big Sur will see big changes in the look and feel that has been described as both “fresh and familiar” at the same time. System sounds, windows, the dock, icons, and, even color schemes have been changed.

Major Safari improvements

Safari, Apple’s graphical web browser, will not only have a fresh look, but is reported to be faster and more battery efficient than prior versions. Apple is a vocal proponent of reducing its carbon footprint is great to see them embodying the principle here.

Safari will also come with an improved Privacy Report, and will even translate web pages for you with the click of a button.

Privacy

Privacy will be further enhanced for Apple users with every app having information included about it on the app store, in a format akin to a nutrition label. Developers will have to self-report privacy practices, for example if the app collects data around:

  • Usage
  • Contact information
  • Location

Software Updates

In the future, updating to a new OS version will be even easier, as new versions will begin downloading in the background, therefore reducing the time-to-value and reduced impact on productivity. The system can do this via signed system volume, which means the system volume is cryptographically signed and allows your Mac to know the exact layout of the system volume.

To watch and hear Apple talk about this themselves, we recommend watching the WWDC 2020 keynote.

macOS Big Sur & BeyondTrust

When engaging with our customers, one of the first questions that we are invariably asked is: “Is BeyondTrust ready for Big Sur?” This is hardly surprising given that anyone using our Privilege Management for Mac solution is now familiar with the below popup:

Mac Legacy System Extension Popup

We are proud to say that BeyondTrust is ready. Our newest release, Privilege Management for Mac 5.7, allows users to utilize System Extensions and provides a smooth migration path from their current OS to Big Sur. This means our users have one less thing to worry about when it comes to migrating an entire Mac fleet to a new OS version that has major architectural changes.

BeyondTrust continuously strives to ensure our users are secure—no matter what operating system or platform they use. This means we’re always working to stay well ahead of the curve.

BeyondTrust works alongside Apple, employing a dedicated Mac team to ensure that we offer the most complete, flexible, and fast-to-deploy solution for Mac endpoint privilege management. BeyondTrust’s solution addresses significant macOS security gaps around privileged access and is an essential component of a secure and compliant Mac endpoint estate.

For current Privilege Management for Mac customers, it is recommended to update to version 5.7 and enable System Extensions prior to updating the MacOS 11 (Big Sur). Taking this approach will ensure the upgrade to Big Sur will be a seamless process, and no additional changes would be required. For more information, please reference this Knowledge Base Article.

System Extensions

For Privilege Management for Mac to function on Big Sur, System Extensions must be utilized. This is because the Kernel Extensions used in older versions of BeyondTrust’s solution have been deprecated. The Kernel is the part of the OS that loads first and is responsible for controlling and monitoring hardware resources, like memory and CPU allocation.

Both System Extensions and Kernel Extensions allow applications like Privilege Management for Mac to act as extensions of the operating system itself. In this instance, they extend the native capability of macOS.

Privilege Management for Mac uses Apple's new Endpoint Security API to apply Application Control, a powerful capability of the BeyondTrust product. Endpoint Security and employing System Extension, allows our product to perform operations in user mode, which previously had to be performed by a KEXT running in kernel mode.

Apple is deprecating third-party KEXTs in favor of user mode equivalents. This restricts direct access to the Kernel and abstracts away platform differences between Intel and Apple Silicon CPU’s.

How Privilege Management for Mac interacts with the Kernel via System Extensions and the Endpoint Security API

Improving Mac Endpoint Security for macOS 11 & Beyond

In general, the migration to Big Sur should provide macOS users with a more stable, safer operating system. And, disallowing third-party KEXT’s reduces an obvious attack vector, while also providing enhanced OS stability. End users of Privilege Management for Mac should notice little to no change when migrating to Big Sur.

For our solution’s administrative users, installing Privilege Management 5.7 and enabling System Extensions ensures they can benefit from an easy migration route to Big Sur for their Mac estate.

Optimizing Privilege Management for Mac Settings for macOS 11

Authorizing the System Extension and granting it full disk access does require a little more work for admins than usual. To make this as easy as possible, BeyondTrust has shipped a configuration profile (.mobileconfig) with our version 5.7 deployment. This can be imported into an MDM for the purpose of making these changes en masse.

BeyondTrust has a dedicated Mac team focused on ensuring that our users have the best experience and functionality when using and managing Macs—just as we do across Windows, Unix, Linux, and other major operating systems. Our System Extensions work is cited by industry experts, and our work is patented.

Preparing Your Mac Endpoint & Security Estate for Big Sur & Apple Silicon

Migrating to Big Sur allows your userbase to utilize System Extensions and, therefore, leverage Apple’s latest security framework in conjunction with Privilege Management for Mac.

Apple’s new hardware platform, Apple Silicon, will only run Big Sur (macOS 11) and future macOS iterations. BeyondTrust’s Mac team is working to ensure our application natively supports Apple Silicon, thus providing the best performance and experience for our users.

One example of this, is our ongoing work to have universal binaries ready to use in our product. This will allow Privilege Management for Mac to run natively on Apple Silicon as well as on previous Intel chip iterations. Therefore, regardless of the OS version or hardware versions your Mac users run, admins can install the same version of our Mac endpoint privilege management solution on all Mac endpoints.

Contact the BeyondTrust Mac Development Team

Questions? Comments? Our development team wants to hear from you! Contact us today.


Datasheets

Quick Start Privilege Management for Windows & Mac

Videos

Demo: Privilege Management for Windows and Mac

BeyondTrust Privilege Management for Mac Development Team,

James Allan – Product Owner

Simon Fradkin – Software Architect

Omar Ikram – Senior Developer

Paul Thexton – Senior Developer

Steven Joruk – Senior Developer

Chris Hill – Scrum Master

Steve Langford-Jones - QA Engineer

Ataulah Bukhari – QA Engineer

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Microsoft Vulnerabilities Report 2021

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.