Apple@Work: Red Canary Mac Monitor is a new tool available for dynamic system collection and analysis on macOS endpoints

Apple@Work is brought to you by Mosyle, Apple’s only unified platform. Mosyle is the only solution that fully integrates 5 different applications on a single Apple platform, allowing businesses to easily and automatically deploy, manage and secure all their Apple devices. More than 38,000 organizations leverage Mosyle solutions to automate the deployment, management and security of millions of Apple devices every day. Apply for a FREE account today and see how you can put your Apple fleet on autopilot at a price that’s hard to believe.

Now that the Mac is a top-notch endpoint in the enterprise, it’s starting to enter the phase where world-class tools are needed for IT and security teams to collect data from the device. A new one available from Red Canary aims to make collecting endpoint data on macOS even easier.

About Apple @ Work: Bradley Chambers managed a corporate IT network from 2009 to 2021. With experience implementing and managing firewalls, switches, a mobile device management system, enterprise-grade Wi-Fi, hundreds of Macs and hundreds of iPads Bradley will highlight ways Apple IT leaders deploy Apple devices, build networks to support them, train users, stories from the trenches of IT management, and ways Apple could improve its products for IT departments.

Red Canary Mac Monitor is an incredibly powerful and comprehensive dynamic analysis tool designed specifically for macOS and data collection. Leveraging the Red Canary team’s deep Mac knowledge and using the latest APIs from Apple, Mac Monitor brings together a wealth of security data in one place and is designed as the macOS equivalent of Microsoft Sysinternals’ Procmon.

Mac Monitor is an invaluable tool for security researchers and teams, offering a plethora of analysis capabilities; Whether you’re looking to validate suspicions of unusual system activity or conduct in-depth threat research, this tool will be invaluable. The Red Canary team notes that they have used Mac Monitor extensively to generate telemetry, run Atomic Test Harnesses, and meticulously examine forensic artifacts that are left behind.

Red Canary notes that it has also used Mac Monitor to conduct research on more complicated threats, including work that led to the discovery of an exploitable vulnerability in Apple’s Gatekeeper tool (CVE-2023-27951).

Red Canary has released Mac Monitor as a stable beta, so the security teams put it to the test and improve the product. Endpoint data growth in every industry is growing at a rapid pace and shows no signs of slowing down. Red Canary recognized the enormous potential of Apple’s Endpoint Security API, equivalent to Microsoft Event Tracing for Windows, to improve detection and collection capabilities on macOS endpoints. Since Apple only offers an API, it lacked a reliable method to collect, analyze, enrich and evaluate macOS events. Red Canary’s work here could be very useful for IT and security teams looking to glean more data from a macOS endpoint.

Apple@Work is brought to you by Mosyle, Apple’s only unified platform. Mosyle is the only solution that fully integrates 5 different applications on a single Apple platform, allowing businesses to easily and automatically deploy, manage and secure all their Apple devices. More than 38,000 organizations leverage Mosyle solutions to automate the deployment, management and security of millions of Apple devices every day. Apply for a FREE account today and see how you can put your Apple fleet on autopilot at a price that’s hard to believe.

FTC: We use automatic income earning affiliate links. Moreover.

#AppleWork #Red #Canary #Mac #Monitor #tool #dynamic #system #collection #analysis #macOS #endpoints

Leave a Comment