Lépjen offline állapotba az Player FM alkalmazással!
Jaron Bradley: Securing Enterprise macOS
Manage episode 338736624 series 2712409
In this episode of the Blueprint Podcast, we cover monitoring and securing macOS in an enterprise environment at scale with Jaron Bradley, Threat Detection lead at Jamf. We discuss the ups and downs of Apple's approach to macOS data collection over the years, the data sources and types that are accessible to defenders, what 3rd party agents bring to the table for security monitoring, and much more. Plus, Jaron gives us some great bonus tips for finding persistence mechanisms and malicious processes in enterprise macOS devices.
Our Guest - Jaron Bradley
Jaron has a background in Incident Response, threat hunting, and detections development. After focusing on large scale APT attacks he developed an interest in the more niche spaces of lesser explored operating systems. He has experience as both a SOC analyst as well as detections engineering at the endpoint level.Jaron currently works as the macOS Detections Lead at Jamf Threat Labs and manages his own security tools and content for security researchers atthemittenmac.com. He is also the author of OS X Incident Response Scripting and Analysis. A book he claims is slightly outdated but still relevant to a lot of macOS analysis today.
Resources mentioned in this episode
Websites
- https://www.themittenmac.com (my website)
- objective-see.com (great mac security website)
- Major Blogs Referenced by Jamf Threat Labs
Conferences
- Jamf Nation User Conference -> https://www.jamf.com/events/jamf-nation-user-conference/2022/
- Objective by the sea 5.0 -> https://objectivebythesea.org/v5/index.html
Support for the Blueprint podcast comes from the SANS Institute.
Follow SANS Cyber Defense: Twitter | LinkedIn | YouTube
Follow John Hubbard: Twitter |
Learn more about SANS' SOC courses at sans.org/soc
53 epizódok
Manage episode 338736624 series 2712409
In this episode of the Blueprint Podcast, we cover monitoring and securing macOS in an enterprise environment at scale with Jaron Bradley, Threat Detection lead at Jamf. We discuss the ups and downs of Apple's approach to macOS data collection over the years, the data sources and types that are accessible to defenders, what 3rd party agents bring to the table for security monitoring, and much more. Plus, Jaron gives us some great bonus tips for finding persistence mechanisms and malicious processes in enterprise macOS devices.
Our Guest - Jaron Bradley
Jaron has a background in Incident Response, threat hunting, and detections development. After focusing on large scale APT attacks he developed an interest in the more niche spaces of lesser explored operating systems. He has experience as both a SOC analyst as well as detections engineering at the endpoint level.Jaron currently works as the macOS Detections Lead at Jamf Threat Labs and manages his own security tools and content for security researchers atthemittenmac.com. He is also the author of OS X Incident Response Scripting and Analysis. A book he claims is slightly outdated but still relevant to a lot of macOS analysis today.
Resources mentioned in this episode
Websites
- https://www.themittenmac.com (my website)
- objective-see.com (great mac security website)
- Major Blogs Referenced by Jamf Threat Labs
Conferences
- Jamf Nation User Conference -> https://www.jamf.com/events/jamf-nation-user-conference/2022/
- Objective by the sea 5.0 -> https://objectivebythesea.org/v5/index.html
Support for the Blueprint podcast comes from the SANS Institute.
Follow SANS Cyber Defense: Twitter | LinkedIn | YouTube
Follow John Hubbard: Twitter |
Learn more about SANS' SOC courses at sans.org/soc
53 epizódok
Minden epizód
×Üdvözlünk a Player FM-nél!
A Player FM lejátszó az internetet böngészi a kiváló minőségű podcastok után, hogy ön élvezhesse azokat. Ez a legjobb podcast-alkalmazás, Androidon, iPhone-on és a weben is működik. Jelentkezzen be az feliratkozások szinkronizálásához az eszközök között.