Security Analysis tool for Mac?

New Contributor II

This probably isn't a Jamf question but I was just wondering if anyone knows a solid security analysis tool that will scan a mac for vulnerabilities? Something a little easier than nessus. Paid is fine.

I just want to run a scan on one of my locked down systems to make sure there isn't any glaring issues (before letting our security guys have at it)

CIS validation would be great...

I have looked around without much luck. I remember using macanalysis a long time ago and it was great.



Contributor II

Depends what you're looking to scan. Try some of Patrick Wardles tools

Lockdown will run through a security build review (kinda)

The rest run in the background to scan for malware etc


Don't know if this is an appropriate route, but we use CISCAT in a government agency. Requires membership.

[](link URL)

Scans to check settings against selectable CIS benchmarks. It's not 100% accurate--there are some settings it doesn't accurately rate in our environment for some reason--but fairly close.

New Contributor II

Thanks! There does appear to be a shortage of tools for remediating security on the Mac. I might need to start a project.

@al_platt Thanks! Lockdown looks like it will be very helpful.

@bainter I will give that a try as well. We should have a membership. I've had fun with recommendations from CIS. Getting everything to work is a chore. It appears that if you have rules applied by policy they are not always caught.


@jnice22 have a look at - I believe it has CIS benchmarks.