Visit our on-demand library to view VB Transform 2023 sessions. Register here
Apple’s macOS has long had a reputation for being more secure than its rival Microsoft Windows, but that doesn’t mean hackers aren’t preying on macOS computers.
Among the many ways organizations today seek to secure their systems is a zero trust approach, which is now available on a limited basis to Apple macOS users, thanks to Mosyle. With zero trust, the basic idea is that there is no implicit trust for operations or applications and that everything that executes must be validated in some way.
Over the past few years, Mosyle has developed a mobile device management (MDM) platform known as the Apple Unified Platform. In 2023, the company expanded its capabilities with generative AI to help improve MDM operations. The new Mosyle Automated Zero Trust solution announced today expands the company’s capabilities to help secure macOS devices and is powered by the company’s proprietary LeeryAI artificial intelligence (AI) engine.
“The concept of zero trust is really trying to turn the game on its head in terms of endpoint security, not just looking for the bad guys, but just working with those who we know are the good guys,” said Alcyr Araujo, founder and CEO of Mosyle. VentureBeat in an exclusive interview.
Event
VB Transform 2023 on demand
Did you miss a VB Transform 2023 session? Sign up to access the on-demand library for all of our featured sessions.
Register now
How Mosyle’s Zero Trust Approach Uses AI to Secure macOS
Araujo explained that it took his company more than three years to develop the new Zero Trust technology.
The technology takes all the information from Mosyle’s MDM as a basis. With MDM, organizations have insight into device configuration, usage, and management. On top of that, Mosyle has developed his own AI engine he calls LeeryAI, which has been trained and learns from MDM data.
Araujo explained that Mosyle monitors every event on a device and combines that with the information it has on devices within the same organization. LeeryAI uses a number of different predictive AI techniques to create an AI model for each specific device of what should work or should not work and what the context is around all code binaries in order to better understand at what to trust.
Zero trust is much more than Apple Gatekeeper
The idea of only allowing trusted code execution is not new to Apple. In fact, over the past decade, Apple has integrated a technology known as Gatekeeper into macOS.
The basic idea of Gatekeeper is that it will only allow the execution of code that has been cryptographically signed. While Gatekeeper can be useful, according to Araujo, it’s not enough to deal with the modern threat landscape.
“Our lives would be much better if we could assume that malware will never be signed,” Araujo said.
Araujo noted that malware is increasingly being signed as bad actors obtain legitimate developer credentials through supply chain attacks or password leaks. This allows signed malware to bypass Gatekeeper.
He added that unsigned application code binaries can still run on devices if Gatekeeper is not properly configured by the user. In recent years, attacks against the supply chain have also increased, which can result in malware being inserted into legitimate applications after they have been signed.
Gatekeeper only checks signatures, not the behavior or context of running binaries. Mosyle’s approach using LeeryAI aims to provide deeper behavioral analysis beyond simple signatures.
“I think we should look to the core concept of zero trust in terms of actually working on a list of things that we know we should run and ignoring everything else, and doing it in an automated way,” he said. he declared.
VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about technology and transformative business transactions. Discover our Briefings.
