![]() ![]() Internal software update servers along with a policy that forces clients to pull updates on schedule is a very good idea. The best thing you can do on OS X is to make sure you have a way of quickly and regularly applying software & security updates that Apple makes available. See here.Įl Capitan also has System Integrity Protection (good overview here) so getting 10.11 out the door into your environment is accomplishing quite a bit of endpoint hardening on its own. Updates to XProtect definitions are delivered along with other Apple software updates automatically (as long as you have your clients set to check for software updates. Apple has also integrated their own system of checking for and shutting down known malicious software (XProtect) into the OS. OS X has had a number of vulnerabilities, but these are things that only Apple as a vendor has had any power to remediate. Filtering malicious emails at the email server itself is always a good idea, and if you have file servers onsite those should be secured too with something that can check for malicious files and quarantine them.Īntivirus is limited in its functionality by how comprehensive its definitions are, and the reality is most of the definitions in an Antivirus product are there to protect Windows clients. I might suggest looking at ways to secure clients further upstream than the endpoints themselves.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |