With macOS increasingly important in the enterprise, security analysts need to understand how macOS malware behaves and how to find evidence of its activity. This guide will arm you with the knowledge you need to defend your organization’s macOS fleet.
At Cengage, we run a large fleet of Macs within a larger fleet of other desktop, server, laptop and multi-use devices, all protected by SentinelOne’s EPP/EDR platform.
Macs have a deserved reputation for robustness, longevity and reliability. Along with that, there is a widespread perception that Macs do not suffer from the kind of security issues that most of us are familiar with on Windows-driven devices.
Alas, while it’s true there is nothing like the same quantity of malware out there targeting Macs as there is Windows machines, there is still plenty of malicious backdoors, trojans, adware, and PUPs lurking in the wild, just waiting for an opportunity to infect unprotected devices or unwary users.
My experience in the enterprise suggests that many Mac users still have to learn the same kind of caution that is much more widespread in the Windows-PC world. From being more circumspect about what websites they visit or what software they download to taking a pause before offering up administrator privileges to installations that really have no business asking for them, Mac users owe it to themselves – and their employers – to realize that the threat landscape has changed markedly for macOS in recent years. The number of threats we see blocked by SentinelOne on our endpoints has grown dramatically over time, and all the signs are that this is a trend set to continue.
This new eBook from SentinelOne answers an important question for anyone running macOS, and particularly for those challenged with defending Macs in the enterprise: if you suspected that you might have just installed a piece of malicious software, become victim to a phishing attack, or let an intruder sneak in and out of your system, where would you look for evidence? And what evidence would you look for?
Did you know that there is Mac malware that goes to sleep when you open the Activity Monitor and backdoors that persist by means other than LaunchAgents? Many Mac users, perhaps most, do not.
This eBook serves as a comprehensive reference and guided tutorial on where to find evidence of threats on macOS, how to collect data on file, system and user activity, and how to read some of the Mac’s more obscure and obtuse databases.
For anyone interested in macOS security, this eBook is a valuable resource, and I am delighted to recommend it to the reader.
Alex Burinskiy
Manager of Security Engineering
Cengage