Uptycs Blog | Cloud Security Insights for Linux and Containers

[Infographic] MacOS Native Security Configurations & Osquery

Written by Harry Hayward | 9/17/19 12:41 PM

Be it for macOS or my dog eating out of the trash, there is no such thing as a bullet-proof security policy. It’s all about creating a threshold of standards- something to work off of while simultaneously reducing overall risk (you know, like storing your trash can on the counter, for example).

 

When it comes to macOS, there are a collection of native security features that can be configured to reduce the overall attack surface. Again, even at their best they cannot be considered flawless, but can serve as a powerful baseline for an IT security team that is responsible for securely managing a fleet of Macs regardless if it is 10 machines or 10,000 machines; these can even be leveraged today as part of a personal security checklist.

 

We’ve created an infographic that highlights what we believe are the most meaningful macOS security features and how we advise they should be configured:

Link to Download

Meeting these configurations

There are two ways that these endpoint misconfigurations can be addressed: from the IT perspective or from the end user.

 

Some organizations believe in empowering the employees to make the updates to the config settings themselves. In doing so, security awareness across the organization can be improved. With this knowledge, employees are now more familiar with why and how to reduce risk and can confidently apply these measures across their personal devices. (This is huge in a time where employees commonly access corporate properties using their personal devices).

 

Then there is the more traditional approach. IT distributes both the notification and remediation of the misconfiguration; often times taking place automatically.

 

For those that are following along our list of 8 recommended best practices, use these instructions to configure correctly:

 

Disable Remote Login

Enable Gatekeeper

Enable Stealth Mode

Configure SIP

Enable Application Firewall

Disable Screen Sharing

Enable Automatic Updates

Enable FileVault

 

Many of the Uptycs customers today lean on us to secure their macOS fleets. A subset of our Mac solution is a component that we call the “Mac Security Health Check Report”. This feature offers a perspective on how your corporate macOS fleet is falling in line with the 8 best practices and exactly what machines have deviated. While getting a real-time heartbeat on this data is key, Uptycs is also storing all of this data which can be used for historical investigations. 

 

Learn more about macOS security best practices, and how osquery can be used in support of your macOS security efforts, by accessing our on-demand webinar. Register here.

 

Related osquery resources: