Overview
In this guide, we’ll cover everything you need to know to understand the strengths and weaknesses of
the security controls built into Apple Macs and the macOS platform. We look at the challenges facing
security and IT teams running macOS devices in the enterprise, and we outline the nature of the
threat landscape as we understand it as we advance into 2022 with macOS 12 Monterey.
Introduction
Apple Mac computers are increasingly common in today’s enterprise, but the security implications
of running a fleet of Macs in the enterprise is not widely understood. Common questions that system
administrators and security teams managing Mac devices ask include:
• How secure are Macs by design?
• Are third-party AV security controls required?
• What kind of security software works best on macOS?
• Which approaches to macOS security are the most effective?
• What sort of threats do businesses with macOS fleets face in 2021?
In this guide, we provide an objective assessment of these and other questions that should serve
to provide a valuable guide and reference to anyone looking to get a clear understanding of current
macOS security challenges.
We will cover a number of issues under the following sections:
• Architecture & Codesigning
Does the new M1 architecture provide increased security over Intel machines? Is it still possible to run unsigned malicious code on macOS Big Sur on both of these architectures?
• Gatekeeper
Gatekeeper is supposed to prevent the execution of untrusted code on the system. How easy is it for malware or malicious insiders to circumvent Gatekeeper’s controls?
• Notarization & OCSP
What does Notarization achieve, and what do admins need to understand about the limitations of Apple’s Notarization requirement? What is the difference between Notarization and OCSP? How does malware circumvent these checks?
• Testing Known Malware – Beware A False Sense of Security
How do you ensure that your tests against known malware samples will be equally as effective against in-the-wild malware families?
