Endpoint Detection & Response for Mac
As attention from threat actors mounts for the Mac ecosystem, you need a detection and response solution built exclusively for Apple.
Why Kandji for Endpoint Detection & Response
Stop threats before they happen
Informed by Apple’s Endpoint Security framework events, Kandji can gather all metadata on a file, analyze it, detect the potential for malicious activity, and quarantine it — all in the span between a user clicking download and the download completing.
Fastest time to value
All of Kandji’s capabilities are purpose-built for Apple technologies and deployed by a single agent. This approach drives fast implementations and puts Mac endpoint protection within reach of every team.
Broadest coverage of the macOS threat landscape
Armed with hundreds of millions of malware definitions, data from the world’s leading threat feeds, and a team of threat researchers feeding the detection engine, our intelligence is among the Mac world’s most comprehensive.
Watch the launch event
Watch the launch event replay on YouTube. See the beginning of a new chapter in Endpoint Detection & Response for Mac.
Key functionality
Kandji’s Endpoint Detection and Response combines both pre-execution and post-execution methodologies. This approach allows us to apprehend almost all known malware variants while using behavioral analytics to identify unknown threats based on typical execution actions.
Monitor all files and applications on the Mac
Hook into Apple’s Endpoint Security Framework
Kill processes
Scan files in real time to determine if they are malicious
Quarantine files
Provide alerts and notifications
Enforce custom allow/block lists
Add security controls and Data Loss Protection (DLP) to USB
Protect mode
In Protect Mode, admins can configure the posture to protect against malware and PUPs. The Kandji Agent automatically identifies and kills any malicious processes and quarantines malicious files.
Detect mode
In Detect Mode, the Kandji agent identifies but takes no action on the file or process exhibiting malicious behavior. Detections generate an alert to the admin, who can view them from the Kandji web app or integrate them with communication tools like Slack.
Allow/Block List Customization
Enforce allow/block lists by file hash and path. The Kandji Agent ignores allowed items when encountered on a device while treating block list items as malware in the system.
Threat event analysis
The threat events view provides information such as the threat name and classification, along with any relevant actions and their dates. Threat events are viewable at the device level or in the collated threat events view.
Frictionless quarantine release
In cases where the wrong file is apprehended, admins can release it from quarantine across all devices and add it to the allow list in one easy workflow.
The experts behind our insight
Researchers
Researchers compile detailed findings for detection engineers to ensure Kandji is always up-to-the-minute on the latest attack vectors on the Mac. Sources include:
Detection Engineers
Detection Engineers curate detection methods and prevention strategies on current and future malware variants with inputs informed by: