Jamf buys ZecOps to bring high-end security to Apple enterprise

The Apple-in-the-enterprise story continues to unfold, this week with Jamf’s announced plans to acquire mobile threat detection and response company ZecOps.

Already consumer-simple, Jamf becomes government secure

Jamf will likely reveal more about the motivations behind the deal at its JNUC event for Apple admins, which begins tomorrow. The purchase is the latest move by the Apple-focused enterprise MDM provider to supplement device management with an increasingly effective set of tools to bolster device security.

From here, it seems inevitable the addition of ZecOps tech will give managed Apple devices much greater awareness around the state of endpoint security, while also widening Jamf’s own market.

ZecOps — declared one of the world’s most innovative companies in 2021— is used to protect world-leading enterprises, governments, and individuals, including Bloomberg and the BBC. It famously identified a nasty iOS vulnerability in 2020.

“ZecOps is the only available tool that provides the capability to extract, deliver, and analyze mobile device logs for signs of compromise or malicious activity,” said one customer, described only as “Department of State, a G7 government.”

Securing the enterprise

That’s very much in tune with the times, of course. The pandemic has proven the need to secure endpoints as criminals began targeting users to undermine corporate security systems. ZecOps should extend Jamf’s existing mobile security capabilities by adding advanced threat detection and incident response.

Ideally, devices should be able to act and react when a recognized exploit is made against them. This seems to be the direction of travel, given that ZecOps provides iOS users with the same level of threat defense Mac users already get using Jamf Protect.

It gives iOS devices some insight into detecting the kinds of sophisticated mobile threats that Apple’s Lockdown mode aims to prevent. Not only that, but a user can run both Lockdown mode and ZecOps software at the same time. (You have to install the profiles for ZecOps/Jamf Protect and/or any VPN service you use on the device before enabling Lockdown Mode.)

Mobile devices now account for 59% of global website traffic, and according to the 2022 Verizon Mobile Security Index, close to half (45%) of companies claim to have suffered some compromise in the last 12 months.

The addition of the software means Jamf can help accelerate mobile security investigations from weeks to minutes, leveraging known indicators of compromise at-scale and identifying sophisticated 0- or 1-click attacks on a deeper scale.

Threat detection for the rest of us

Jamf CEO Dean Hager Jamf explained why this matters: “We believe ZecOps has built a differentiated solution that meets a very important need for many organizations — the ability to thoroughly detect and investigate threats that target mobile users so they can confidently use these powerful devices for work,” he said.

“This capability further propels our goal of continuing to bridge the gap between what Apple provides and the enterprise requires.”

What Jamf gains

ZecOps is a sophisticated solution that enables advanced threat-hunting by capturing and analyzing logs from iOS and Android devices at the operating system layer. This critical data can accelerate incident response by enabling automatic or on-demand mobile cyber investigations.

The solution has been designed to handle the vast amount of data held in iOS logs to identify potential zero-day or single- or zero-click attacks. According to Jamf, ZecOps “does the heavy lifting for SOC teams, saving months of work per investigation.” To achieve this it automatically builds a suspicious event timeline and compromise to help show how and when devices are hit.

The idea that tech could have access to the logs on your device may make some users uncomfortable, but the companies stress that the log collection the system does is confined to low-level system and diagnostics data. It does not include personal data such as photos, videos, text messages and call logs.

“We founded ZecOps to catch hidden 0-click and 1-click attacks,” said Zuk Avraham, co-founder and CEO at ZecOps. “By combining with Jamf, we can offer our customers truly powerful mobile threat intelligence and threat hunting capabilities that will keep up with the evolving threat landscape without compromising the user experience.”

Enterprise news for Apple IT

This is just the latest in what now promises to be a run of interesting items involving Apple in the enterprise this fall, as we head toward the Apple Mac and iPad event/press release announcements next month. (At the moment, the speculation is there may be no Apple event.)

Jamf last week confirmed Jamf Pro support for virtual Macs in AWS. It opens the doors to JNUC 2022 in San Diego tomorrow.

Please follow me on Twitter, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.