While Windows-based PCs comprise the overwhelming majority of desktop devices owned by enterprises, a number of OS X loyalists maintain they need a Mac to do their jobs. That’s forces their CISOs to include Mac defences in their risk strategies.
As an endpoint detection and response (EDR) solution it looks for removes threats from endpoints, helping to limit lateral movement.
“There’s not a huge amount of malware for the Mac, but it is out there…and you’ve got to be ready for those events when they happen,” said Thomas Reed, Malwarebytes director of Mac offerings.
Most Mac malware today is adware, which to some is more of a nuisance than something that can cause serious damage. However, Reed noted that adware can cause browsers to crash. In addition, earlier this year ransomware for Mac was discovered.
He also noted on the first day of the recent Pwn2Own 2016 hacking event at CanWest in Vancouver an independent security researcher discovered four vulnerabilities in OS X and the Safari browser.
Like the PC version, Breach Remediation for Mac can be deployed over the network from a number of infrastructure management frameworks, including ones favoured by Mac administrators such as Casper Suite, Munki and Adobe Remote Desktop. It can be run remotely using shell or AppleScript commands. System administrators and incident responders can also collect system information using the Snapshot command.
Added to Breach Remediation is a forensics capability called Timeliner, s a command-line tool that can pull historical events from a computer to help infosec pros figure out when and how an infection happened.
However, the Mac version lacks several features of the Windows edition, including the ability to send events to syslog servers and support of open IoC signatures that would link breach detection platforms (like FireEye) to the Malwarebytes software.
Breach Remediation costs US$22.99 per seat, with volume discounts.