Join our panel during Black Hat 2024 – Blurred Lines: Investigating the Convergence of Internal and External Threats



Insider Risk Insights - DTEX Blog

macOS Monterey Demonstrates Apple’s Commitment to User Privacy & Enterprise Workforce Security

On October 25, 2021 Apple released macOS Monterey, the 18th and current major release of macOS, Apple’s desktop operating system for Macintosh computers and the successor to macOS Big Sur.

The release of macOS Monterey is a huge step forward for Apple in a number of ways including usability, accessibility and yes, privacy and security. This is especially true for enterprise IT teams who have adopted macOS within their organization.

Previous versions of the macOS, including Big Sur, supported macOS kernel extensions (KEXT) which allowed third-party apps to install at the kernel level. This access to the kernel level left the macOS vulnerable to exploits which made it an attractive target for hackers who took advantage of this access to bypass macOS High Sierra and Apple System Integrity Protection (SIP), as well as utilizing ‘synthetic attacks.’ Recent macOS releases have deprecated KEXT in favor of ‘System Extension.’ Similar to KEXT, macOS ‘System Extensions’ will allow users to install apps that extend the native capabilities of the macOS operating system but run in a more tightly-controlled user-space versus at the kernel, effectively eliminating the opportunity for exploits similar to what we saw with KEXT.

More exciting for individual enterprise users is the new privacy feature in macOS Monterey named ‘Recording indicator.’ This new feature gives users visibility as to which apps have access to the mic on their Mac in Control Center. A new software indicator augments the camera indicator light by showing them whenever an app has access to their mic. This same ‘recording indicator’ feature gives users the power to approve or disapprove screen recording and file monitoring access to their Mac and applications.

At DTEX, we have always put user privacy first. In fact, we have multiple patents on pseudo-anonymization and absolutely promise our customers and their users never to collect data from intrusive sources. Our Workforce Cyber Intelligence and Security solutions are specifically designed to collect the minimum amount of data needed to build a forensic audit-trail in a privacy compliant manner. We only collect application and user meta-data…no file scanning, no email content captured, no website content captured, no conversations captured, no screen recording, and no keystroke logging.

An organizations’ choice to adopt macOS and Apple products as part of their enterprise IT inventory should not mean less security. In fact, a hybrid, distributed workforce only reinforces the need for and importance of comprehensive visibility across every OS platform. These remote workers are being targeted by external actors with phishing emails and ransomware and some even being propositioned on social networks to act as malicious insiders on behalf of cyber criminals interested in sensitive IP and corporate secrets. Delivering on these requirements as new changes are introduced into macOS can be challenging, however. We have seen various data centric DLP and ‘person of interest’ InT vendors continue to rely on KEXT and struggle with providing full support on macOS.

Humans, on and off the traditional network, are the new firewall. And that’s why DTEX prioritized the architectural changes required to support system extensions and M1 hardware as they were being introduced in the recent macOS releases.

The DTEX macOS Forwarder delivers on the goals of providing 360-degree endpoint visibility, and enhancing our full featured insider threat detection, workforce engagement, data loss prevention, and employee cyber safety capabilities. The latest release providing native support on M1 hardware and macOS Monterey is now available to all customers.