Malwarebytes extends enterprise endpoint detection and response (EDR) platform to the Mac

Malwarebytes has introduced Malwarebytes Breach Remediation for Mac and new forensics capabilities as part of its Malwarebytes Breach Remediation platform. Tiered pricing starts at $22.99. 

This Malwarebytes endpoint detection and response (EDR) solution hunts for and is designed to remove advanced threats from Mac OS X and Windows endpoints. 

Malwarebytes Breach Remediation is an EDR solution that detects and removes infections and related artifacts simultaneously across all endpoints on a network. Malwarebytes Breach Remediation scans network endpoints looking for suspicious files or anomalies and, when found, pieces together the threat traces and automatically remediates compromised systems. This approach to breach remediation is designed to help eliminate the possibility of new cyber attacks or lateral movements that capitalize on leftover malware traces.

Although Macs have faced nuisance apps like adware and PUPS for years, new threats are materializing, including ransomware (e.g., KeRanger). Many experts believe the KeRanger attacks were a “test run” or proof of concept—and that it’s only a matter of time before the next big attacks against Macs surface. With more companies turning to Macs and a rising number of new threats, concern about the possibility of widespread Mac vulnerabilities is on the rise.

“The idea that Macs are inherently safe and immune to malware and other threats is patently false. In fact, Apple stores themselves rely on Malwarebytes Anti-Malware for Mac frequently. Genius Bar technicians use the technology to clean infected customer computers,” says Thomas Reed, director of Mac offerings, Malwarebytes. “Also consider that on the first day of the Pwn2Own 2016 hacking event, one independent security researcher found four vulnerabilities highlighting just how vulnerable Macs can be. We built Breach Remediation for Mac in response to the hundreds of Malwarebytes customers demanding protection for their Mac endpoints.” 

He told Apple World Today that true malware has actually remained at a fairly low level on the Mac. However, recent developments have been troubling, with the first-ever Mac ransomware appearing this year. What has really been on the rise is adware. 

“Four years ago, there were less than five different adware programs, and none were really what we would identify as adware today,” says Reed. “Three         years ago, we were starting to see a few new things. By now, there is more adware on the Mac than can be easily counted, especially when you consider all the different variants of each adware family (which often go by a variety of different names and even exhibit different behaviors). The growth during the last couple years has been truly exponential.”

Adware may seem like more of a nuisance, and not truly malware, but it can have serious consequences. Adware is typically very poorly-coded, and as a result it can destabilize the system or the browser, causing major IT headaches as they have to spend time (and money) troubleshooting these errors. 

“Worse, adware can create security holes on the endpoint and can communicate private information through insecure channels,” says Reed. “Adware can also lead the user to being tricked by scams, such as tech support scam pop-ups that         the adware may cause to appear.:

With Malwarebytes Breach Remediation, incident response teams can quickly remediate threats remotely, saving significant time and money and helping to reduce the dwell time of a malicious attack. The new Mac client easily integrates with existing Mac OS X management solutions, like Apple Remote Desktop, Casper Suite, and Munki, facilitating rapid deployment and use.

Malwarebytes Breach Remediation also includes new forensics capabilities that not only identify previously undetected breaches, but also answer the critical questions of what happened, how it happened, and when it happened. Forensic Timeliner is a command-line tool that is able to extract historical events from a computer in order to detect potential infections by new or undetected malware. The forensic engine gathers events from different sources of information on Windows endpoints, saving users significant time and effort, says Reed. 

He adds that most Mac users aren’t using protective software because, for so long, they’ve believed that Macs were “virus-proof.”

“Mac users are genuinely puzzled when they learn that they have been infected, as they believed that Macs were ‘immune.’ On forums and blogs, people often tell     Mac users not to install any kind of anti-virus software,” Reed says. “This leaves users in a difficult situation when they get infected and are trying to find a way to solve the problem. Some users will attempt to follow manual removal instructions with disastrous results, causing their system to become unable to start up or even losing data. It is increasingly necessary for Mac users to put aside old prejudices and start protecting themselves.”

In addition to the previously mentioned Malwarebytes Breach Remediation enhancements, the company also released updates to their Malwarebytes Endpoint Security endpoint protection platform, including:

  • Management Console (v1.7) with policy cloning and other improvements;
  • Windows client support for Anti-Malware (v1.80.2) and Anti-Exploit (v1.08);
  • Mac client (on-demand scanning and remediation)

For a full list of updates and the complete change log for Malwarebytes Management Console