Jamf Executive Threat Protection

Risk and Compromise Detection

JETP includes a mobile app installed on endpoints with privileges to detect if and when a device was attacked, how the attack occurred, and what the impact was. Deep inspection is performed via the Threat Protect Connector app, installed on macOS or Windows workstations, which enables users to connect their mobile device via physical USB cable to complete full scans. Threat detection applies to corporately-owned and BYOD iOS, iPadOS, and Android devices.

Pre and Post Travel Inspections

By integrating JETP into your analysis workflows, end users or admins can perform device checks on mobile devices before and after traveling to determine risk and perform remediation prior to connecting the device back to the corporate network.

Digital Forensics and Incident Response (DFIR)

JETP provides advanced digital forensics investigation capabilities that give your SOC team automated analyst reports. A sophisticated analysis engine detects malicious activity and 0-days based on anomalies, known and unknown threat intelligence. The solution provides automated analysis to complete the heavy lifting for SOCs, saving months of manual investigation work per device. Due to its deep analysis functionality, JETP is suitable for IT admins, InfoSec, and internal research teams.

Threat Intelligence Capabilities

JETP identifies attacks on mobile devices by analyzing OS logs, kernel logs, diagnostic files, processes and operating system-level data, files and filepaths, crash logs, IPS files, installed applications, WiFi Manager logs, App Store logs, and stackshots/spindumps. It uses a combination of unique Indicators of Compromise (IOC) and behavioral detection techniques to identify 0-day, 0-click, and 1-click attacks, persistence mechanisms, and commercial or nation-state malware.

• Privacy-friendly: does not collect photos, videos, emails, text messages, call data, passwords, application data, browser history, or contacts

• IOCs within JETP are curated by Jamf Threat Labs

Digital Forensics Investigation Tools

JETP supports digital forensics investigations with tools to assist malware researchers and SOC teams.

• Threat and Process Explorers: deep searching of threats with a query engine capable of searching based on many attributes across all JETP-enabled endpoints in your organization

• Rules Engine: tag, allow list, or block list different types of Indicators of Attack (IOA) and Indicators of Compromise (IOC) with complex rules based on YARA, bundle identifiers, and process names

• Threat Intelligence: map known exploits and vulnerabilities to events and devices across your mobile fleet

Deployment Options

JETP supports multiple deployment architectures to meet your organization's security requirements.

• Cloud hosting (recommended): real-time updates to threat rule engine and UI, active scanning, file gathering, end-user notification and remediation via the Threat Protect mobile app

• On-premises hosting: all endpoint data kept within your environment, upgrades controlled by the customer, requires manual updating of server software

• Air-gapped hosting: for networks fully isolated from the internet, with manual server software updates

• Client-side: Threat Protect Connector app on macOS or Windows workstations, Threat Protect mobile app on iOS/iPadOS/Android via MDM or manual install

• Mobile app activation requires physical connection to the Threat Protect Connector app on a host computer