Who's using Jamf Protect?

mwu1876
Contributor

I'm curious as to how many people in this community are using Jamf Protect? If so, are you using it stand alone? Do you supplement it with anything?

19 REPLIES 19

mm2270
Legendary Contributor III

I'm also curious about this. I have never even had the opportunity to see it live, but I'd be interested in seeing who is using it and how they like it, what pluses and minuses there are, etc.

mwu1876
Contributor

Doesn’t seem like many.

PE2000
Contributor II

Don't think its available to higher Ed...

Update

It is now available to higher Ed..

garybidwell
Contributor III

Its still a very new tool so I don't think there will be many running it on mass yet.
After seeing many demo's since last years JNUC i'm finally now running a small POC for it (along with a few other EDR vendors products now doing behaviour analytics).
Jamf Protect has some really great features and so far its been zero day for any of the OS updates (even had no issues running it with beta 1 of BigSur), integrates into Jamf Pro for EDR automation and fills a big gaps for the macOS environment that all the other cross platform tools ive used from other major vendors don't address.
It also has a very low CPU, Memory and Energy overhead from its agent.

However its a strange product to pigeon-hole into a certain segment as it as it spans across quite a few areas like EDR, EPP, DLP but I cant see it replacing a traditional AV tool in its current form without some risk as its doesn't do traditional AV scanning.
As its leveraging the standard Apple builtin tools of Xprotect, MRT, Gatekeeper etc.. (which seem only kick into action when executing a program), I am currently seeing this as a supplementary tool to use with something else more traditional like Microsoft ATP etc..

We plan to use all the tools in the Microsoft EMS suite as it pretty much a one stop shop and covers everything if you're running Windows 10, but its very limited on what it can do with macOS with anything other than traditional AV.
At the moment I'm edging towards using ATP for traditional AV scanning (seeing licensing its covered with our Microsoft E3+EMS license) along with Jamf Protect to cover all the gaps that ATP leaves wide open.

The current negative is pricing. Its not cheap by any standards but when placed against other vendors that offer cross platform is starts to look expensive.
But it's the same story with Jamf Pro when you're already a Microsoft house.
As Intune it pretty much free if your a O365 customer, can do basic Mac MDM management with that, but ideally you have Intune+Jamf Pro for advance workflows and its the best of both worlds for macOS (specially if you're implementing Conditional Access).
Jamf Protect also suffers the same issue, as you can do basic security with Microsoft ATP for macOS, but ideally its ATP+Protect to provide the best solution for macOS, which is when starts becoming expensive.

mwu1876
Contributor

Ok. We are considering running Bitfender just for the scanning piece. We have licensing through February so cost won’t factor in for now. Some folks are saying JamF Protect is enough but I’m torn.

carmelolopez
Contributor

Hi,
Im using Jamf Protect for around 2 months now. Since most users are home office and the ESET antivirus price was almos the same.
Got to say it works, but we have never (that we are aware of) had security issues with our users computers (apart from Windows ones).
CPU is low (unlike some antivirus we tried) and love the detailed alerts (you dont get this on normal antivirus).
Integration with Jamf Pro is ok, looks like would be improved in the near future.
Creating new analytics to detect other ways of security breaches is not really straight forward and easy but hope will be more documentation and easier way to implement then soon.

mwu1876
Contributor

@carmelolopez Glad to hear. We've been running it for maybe 4 months now and so far no issues. I have some concerns that it won't protect from everything but it's hard to tell. Just wanted to see if other folks out there with more computers are running it. I only have about 80.

carmelolopez
Contributor

I also think (and my Security Officer also) that it doesnt protect from all. But it is the same with the Antivirus and you can share with the developers any attacks you might think are missing and they will analyse them and try to add them

mwu1876
Contributor

We're just debating whether or not for the first year of two we should run another client for scanning such as BitDefender or Sophos.

aharonrichman
New Contributor II

For those who have used it, how does the remote remediation features work out for you?
Obviously right now, having ability to do more like that without having to guide/screenshare would be good.

pvcit
New Contributor III

Seems very expensive for what it does (in our case it was the cost of our jamf pro per seat). Still not complete antivirus (whether that will pass audits or not who knows).

wmehilos
Contributor

I'd agree that it's definitely a good sidepiece to something like Defender ATP. My CISO was pretty disappointed Defender couldn't do automatic remediation on macOS, but Protect does just that (on enrolled Macs at least).

AJPinto
Honored Contributor III

We had looked at it and currently have it stood up in our test environment. From what my security team is telling me it is really not a complete product yet so I dont think they will pursue using it at this time. JAMF has been very receptive of recommendations and criticism but it does not seem like its ready to be a paid product just yet.

PE2000
Contributor II

Anyone using Sophos??

Many Thanks in Advance

mwu1876
Contributor

@PE2000 you should probably start a separate thread.

panelloKLSD
New Contributor II

I am using it for the past 5 months Since we rolled out 1200 Student Devices in my District. Protect is a great Tool for getting insight in to the the APPLE Embedded Softwares as well as Protecting against some knows OS X threats. We have been having some good success with this tool and plan to be able to integrate it deeper with PRO.

Jamf-NG
New Contributor II

We just replaced Sophos with Protect because of how horribly Sophos runs on Macs. When we removed Sophos, the majority of our Mac's battery life went up anywhere from 30 minutes to 2 hours in some cases. Performance increased immensely according to our developer users.

I always find it humorous when "Security Teams" make claims like "It doesn't cover everything" like there's some tool out there that REALLY does. Especially without completely dogging down your systems to the point where paying for the extra RAM and CPU on Mac's was a complete waste of money because their AV product sucks it to zero benefit.

There's no perfect "one-solution-fits-all" option out there, but for the vast vast majority of threats going against Mac OS, Protect does what it's supposed to do. We are very happy with it so far.

Chris_Hafner
Valued Contributor II

Yep. This is kind of my philosophy as well. Currently a combo with Cylance, but I hope to pull back on that in the future. Would be nice to run only this, but I will see how this rolls over the next few months. 

GeneralIT
New Contributor

Anybody here runs Protect and Defender together? Any pitfalls, or advice?