moofSecure

Introduction

Having a robust IT security policy for your macOS endpoints is becoming increasingly important. We have found that, in many cases, organisations are unaware whether their security controls are working on devices beyond basic things like FileVault and Gatekeeper.

To have oversight and governance capability, having detailed visibility into the state of devices, matched against your organisations security policy is critical.

In addition to a current state view, it is equally important empower your teams to be able to detect and respond to occurrences of non-compliance for specific security controls. Being able to see beyond a single snapshot of the security state an identify when issues have occurred, allowing you to manage these through to resolution.

Moof have developed a bespoke system called “moofSecure” that sends compliance state, app patching and compliance incident information to a SIEM tool. This provides your Infosec and wider IT teams with full visibility into the compliance state of your devices, the ability to detect incidents in real time, and to manage individual incidents through to resolution.

The moofSecure service gives you:

  • Visibility into compliance levels for your devices against:
    • Your organisations IT security policy
    • CIS levels 1 & 2
    • Cyber Essentials+ benchmark
  • Visibility of patch levels for macOS and 3rd party apps
  • Evidence for audits
  • Independent verification of controls enforced by the MDM

Key features

Checking local security state

moofSecure will check the state of each specified security control, reporting whether each control is “Compliant” or “Not compliant”.

Checks are performed against CIS, Cyber Essentials and a number of additional custom controls, providing you with full visibility into your macOS estate.

Incident reporting

The devices will perform ongoing checks for:

  • New incidents of non-compliance
  • Any previous non-compliance incidents that have been resolved

This data allows your IT team to actively manage compliance incidents on a day to day basis.

3rd Party app reporting

As a critical element of IT security, moofSecure will measure and report against all locally installed applications, checking they are on the latest expected patch version.

This will allow you to detect any issues with patching workflows early, reducing the risk of unpatched vulnerabilities going unnoticed.

Monitoring for running processes

Most organisations are using multiple security products to ensure the security of their end devices. Ensuring these tools are actively running on devices is an important activity that has traditionally been difficult to execute.

moofSecure allows you to specify processes that are expected to be running on devices, such as anti-malware tools, vulnerability management programs & web filtering tools.

In the event devices are missing security programs, or where the programs aren’t running, they will be marked as “not compliant” – identifying the specific process that is missing.

Different controls for different roles

If you have different user groups, such as developers, admin staff or sales teams using Macs, you can specify different sets of controls, ensuring you are monitoring the metrics appropriate for each group.

Customisation Options

Below are the configurable options available for moofSecure.

Security policy controls

A list of security controls that are part of your macOS IT security policy and that you would like to mmonitor for non-compliance incidents.

Admin users

Where you are monitoring that users are NOT running as admins, this option allows you to specify particular accounts that are known and expected to have admin privileges, such as your internal IT support account.

Processes

This option allows you to list the application processes that you would like to monitor, such as anti-malware tools, vulnerability management software and web filtering software.

Excluded processes

A list of controls that you want to avoid monitoring completely.

Computer and username

When sending data to the SIEM tool, you can choose to exclude computer names and user names to enhance privacy and security.

FAQs

Can we use moofSecure with any MDM?

moofSecure is MDM agnostic and will work with any macOS compatible MDM solution.

Can we use our own SIEM (Security Information and Event Management) tool?

moofSecure can be configured to send data directly to your SIEM tool if desired.

Contact Moof IT to discuss your Mac management needs

Email us 0203 983 4444
  • logo
  • Gcloud logo

Company

Address:
1st Floor, 20 Noel street, London, W1f 8GW
Company Number: 11082827

Social