Addigy, a provider of cloud-based Apple device management software, has announced new security and management enhancements to the company’s Apple Device Management Platform.
Among the updates is what the company describes as “an industry-first solution” that prevents malicious actors who attempt the “spoofing” of organizational devices from achieving success. What is spoofing?
“When a machine comes out of the shrink wrap box, and the company has ensured their purchased machines are in Apple DEP (Device Enrollment Program), the serial number is the sole identifier used to enroll the machine into DEP+MDM,” explains Addigy CEO Jason Dettbarn. “In this way, we can SPOOF the valid serial number in a VM, and provision a machines just as if it’s part of full fledged Enterprise. With Enterprises continually adding more provisioning to Apple DEP and hence sensitive VPN, WiFi, Certificates, etc, this Serial Number is synonymous with a Social Security Number (the ID & Password in one). Take a picture of a serial number laser etched on a Mac in the Apple Store and provision a machine as if it’s in the Apple Store demo configuration.”
Pictured is an example of Parallels with a “spoofed” serial number I could SPOOF and add into the VM (the serial number is obfuscated for obvious security issues.
Additional advancements in Addigy’s Apple Device Management Platform include Just-In-Time user account creation after authentication, device provisioning, and single sign-on through existing directory services for cohesive management of the entire business portfolio of devices.
When it comes to Just-In-Time user account creation, Dettbarn says domain binding in Apple Macs is now all but completely broken, not allowing for native FileVault and other capabilities for the users.
“We have provided the first native authentication with AD/Okta from the moment the end-user pulls the Mac out of the shrink wrapped box via DEP, and once authenticated, this creates the end-user on the machine synchronized with their AD or Okta authentication,” he says. “The big point here is that Addigy is the only vendor that provides this Authentication as a forced procedure and halts all provisioning until the user is authenticated…. hence keeping any spoofing attempt from occurring in the organization.”
The rising popularity of macOS/iOS devices in the enterprise is moving organizations to focus greater efforts on securing these environments. Recent research has uncovered macOS vulnerabilities showing susceptibility to malware when setting up systems for the first time.
“We see overall growth in Enterprise justifying and moving to majority macOS and specifically iOS with teams in the field doing everything from factory maintenance to field sales,” says Dettbarn. “The largest popularity we see is the shift to Macs as soon as we help elevate their Apple Macs to be managed by Windows & Network Admins. Inevitably once they have the confidence to manage the Macs they open them up to employees, with Macs becoming first-class citizens in the enterprise.”
However, there are other vulnerabilities, including the spoofing of a device’s serial number (via a virtual machine or other methods) during the deployment process to provision the system as a corporate-owned device. This spoofing allows hackers to gain access to sensitive company, employee, and customer data easily unless proper defenses and processes have been applied.
The enhanced Addigy Apple Device Management Platform delivers a solution to manage these and many other threats. It allows Apple IT administrators to ensure every new device provided to an employee (on-site or remote) is already configured and provisioned with everything needed to be successful and secure, according to Dettbarn.
However, unlike other vendors in the space, Addigy’s industry-leading solution ensures end-users are authenticated via an existing directory service before gaining access to the organizations’ device, he adds. Leveraging Addigy, administrators are able to spend more time delivering business-ready workplace machines and less time on manual configuration and provisioning of workflows while ensuring the end-user is who they say they are, Dettbarn says.
Addigy’s full-stack cloud-based Apple Device Management platform allows for centralized management of distributed macOS/iOS computing environments. The solution provides 24x7x365 oversight of Apple devices to ensure systems are secure, up-to-date and running at the highest levels of efficiency. IT administrators can thoroughly audit all macOS/iOS assets quickly to identify which OS versions and applications are installed and whether updates have been applied to all machines on the network.
A free trial of the Addigy Apple Device Management Platform is available at https://www.addigy.com/#signup-form.