What is Vulnerability Response?
Apple did announce improvements to its implementation of Declarative Device Management at WWDC. To some extent, you could argue that these cover some of the same ground as Kandji’s new offering, but they are not connected. “Our vulnerability detection and patching solutions rely on the existing Kandji device management capabilities to collect app version info from managed devices,” Dodd said.
“Apple has extended Declarative Device Management (DDM) in future versions of macOS Tahoe to include installing application packages,” he said, suggesting the improvements also “open new doors for Kandji to push device management even further, particularly around automated app deployment.”
Kandji’s new tool is a policy within the MDM. Once it’s in place, the Kandji agent knows to check installed Mac apps against the latest Common Vulnerabilities and Exposures (CVE) data. “If it detects a vulnerable app, the agent applies your predefined rule for that CVE’s severity. You can tell it to patch the app right away, schedule the update for a specific time that respects the user’s local time zone, or simply log the issue and take no action,” Safdie said.
Read the full article here
