Adaptive Segmentationmicro-segmentation October 3, 2022

Illumio for Macs: Isolate and Stop Ransomware Spread on the macOS

Michele Leung, Senior Director, Product Marketing

If you think using a Mac protects you from threats, it's time to think again.  

Stats from IDC indicate that macOS devices have a 23 percent market share in organizations with more than 1000+ employees, a big shift compared to the Windows dominance just a few years ago.  

Enterprises traditionally assumed that Macs were safe from zero-day attacks and ransomware, thus allowing greater flexibility onto these devices. The past few years have seen a huge explosion and a variety of attacks on macOS that have busted the myths that enterprises and users had. 

Organizations need a way to easily protect themselves regardless of operating system or device type.  

Illumio, the leader in Zero Trust Segmentation, now includes the ability to protect Mac endpoints and fully enforce segmentation policies. 

Watch our video about this new feature:

 

Continue reading to learn more about the importance of securing macOS endpoints from ransomware spread and key benefits provided by Illumio for macOS endpoints.

Recent macOS security vulnerabilities increase cyber risk 

A recent example of ransomware on Mac was a vulnerability with MacOS Gatekeeper, a tool that prevents unauthorized apps from being installed on the Mac.  

The vulnerability allowed attackers to bypass Gatekeeper by crafting a script-based payload that wasn’t checked by Gatekeeper. The payload could be transmitted via a phishing email, and once the victim double clicks and launches the fake application, they can be used by attackers to download and deploy second-stage malicious payloads and ransomware. Once breached, an attacker can use the device to pivot to juicier targets in the data center or propagate malware to as many devices as possible. 

With our current political climate, nation-states deploy a huge amount of capital and resources in identifying vulnerabilities inside their opponent's critical infrastructure. Alongside this rise, there has been a rise in “cross-platform” exploits like SysJoker that have uncomplicated the deployment of ransomware within Macs.  

Although Apple has been busy adding layers of protection in recent years and addressing vulnerabilities with patches, there are still risks, especially between the time a zero-day attack is being exploited until it’s patched. This dwell time represents a huge risk to any enterprise. 

Illumio isolates and stops ransomware spread on Mac endpoints 

Catastrophes can be prevented by ensuring the Mac is contained and doesn’t communicate with other entities in the corporate network, unless explicitly allowed.  

Illumio’s Mac support further enables organizations to protect the broader environment by reducing the attack surface. Once the Illumio VENs are fully enforced, the spread of a breach between devices can be eliminated. This stops breaches at a single endpoint by enforcing policies for inbound and outbound services.  

With Illumio, there is no need for multiple tools to segment across your endpoints, your data center and the cloud. With the addition of macOS support, Illumio further simplifies Zero Trust management of your devices.  

Gain key benefits with Illumio for Mac 

With Illumio for Mac, you can now: 

  • Create real-time application dependency maps and get visibility into macOS endpoints communicating with cloud and data center workloads 
    • Address any unessential or anomalous data flows from macOS endpoints. 
    • Build a real-time map of the environment to identify which Mac ports must stay open and which can be closed.  
    • Provide a unified view for the security and ops teams between servers all the way to the endpoint, reducing internal friction. 
  • Take action and reduce the attack surface 
    • Create blanket denial policies to protect Macs from vulnerable ports for file share, SIP (session initiation protocol), etc. with Illumio’s Enforcement Boundaries. 
    • Ensure port scanning tools such as Nmap do not find exposed assets.  
  • Ring-fence servers as well as macOS endpoints 
    • Protect the high-value assets within an organization.  
    • Prevent lateral movement of ransomware from an end user to other systems. 
  • Integrate with SIEM/SOAR platforms for alerting and automatic quarantining of infected macOS devices.  

Protect work-from-anywhere employees’ macOS devices 

An “assume breach” mindset as part of a Zero Trust approach is essential to secure your entire endpoint environment.  

With hybrid work becoming the new norm, Illumio Endpoint recently extended support for your hybrid employees.  You can now set policies for devices depending on their connection to the domain, such as in the office or connected to a VPN, or not connected to the domain, for employees working on the go or from home. This blocks all but necessary traffic when in the office but allows it at home so employees can still use devices like their home printer.  

By moving segmentation to the host, all control over traffic that was previously only available in the office can now be applied depending where and how the employee connects to the environment.  

It is important for security teams to have the right focus on network visibility, policy control, and microsegmentation to isolate a threat.  

Illumio’s support for macOS and work from home completes the puzzle and provides security teams with the visibility and policy control their organizations need.  

Learn more about Illumio for macOS endpoints:

Adaptive Segmentationmicro-segmentation
Share this post: