Jamf buys ZecOps to detect advanced hacks on mobile devices

Jamf says its proposed acquisition of San Francisco-based ZecOps will provide threat hunting capabilities to determine if advanced attacks have compromised mobile devices, CEO Dean Hager said. ZecOps examines logs, processes, and past outages, then applies security and intelligence to the data to determine if a device has been compromised (see: Increased use of iOS in business means more Mac malware).

“Most of the security market is primarily focused on Windows,” Hager told Information Security Media Group. “The result is that Macs and mobile devices don’t have security solutions as robust as Windows solutions.”

Terms of the acquisition, which is expected to be completed by the end of 2022, were not disclosed. All 22 members of the ZecOps team will receive job offers from Jamf, according to Hager. ZecOps was co-founded and led by Zuk Avraham, who previously created Zimperium and served as its CEO and President. Former Cloudflare engineer Taly Slachevsky co-founded and worked as COO of ZecOps.

From zero to $83.9 million in security

Jamf focused exclusively on managing Apple devices as recently as 2018. Security now accounts for 18% — or $83.9 million — of the company’s annual recurring revenue, based on the quarter ended June 30. , according to regulatory documents. Jamf gained a foothold in security last year when it bought Wandera, a zero-trust cloud access and security provider for mobile devices, for $409.3 million.

Combining telemetry from Wandera’s prevention-focused technology with ZecOps’ detection-focused technology will make every solution smarter and more robust, according to Hager.

Hager says ZecOps has developed tools that make it easier to access and interpret logs on iOS devices. The company can get logs to a trusted mobile device without requiring users to plug their iPhone into a Mac and view their logs from a desktop or laptop. Additionally, ZecOps’ intelligent software can interpret logs to determine if a sophisticated attack has occurred, Hager says.

Jamf plans to offer ZecOps’ technology as a standalone tool after the acquisition closes since the company does not have overlapping capabilities in its portfolio. The company will quickly change the design paradigm to make it look and feel like a Jamf product, and going forward, it will make decisions about how to position, price, and combine ZecOps’ technology with Jamf’s existing security capabilities, he says.

While ZecOps won’t initially interact with the Mac-focused Jamf Protect tool, Hager says he’d like to see security events consolidated in one place to minimize the work of operations teams. Jamf currently offers VPN and threat defense capabilities for iOS and Android devices, but it will not have technology capable of detecting attacks that pass through defenses until the ZecOps agreement is finalized.

Bringing iOS security to the masses

Jamf has always served the mass market with its Apple management and security capabilities, supporting 29 million devices across 69,000 customers, Hager says. Conversely, ZecOps has traditionally focused on highly regulated industries such as the government sector as well as high-value users within an enterprise, Hager says.

Jamf will explore opportunities over time to bring ZecOps technology to a broader market, but it doesn’t need to do so immediately given the tool’s appeal in compliance-focused industries. , Hager said. ZecOps hasn’t been backed by a strong go-to-market organization given the newness of the business, which means the startup will benefit from Jamf’s sales and marketing expertise and staff, says -he.

From a metrics perspective, Hager says Jamf will track the number of customers using ZecOps technology as well as the number of people and devices protected.

“We now have a system that can examine the mobile device itself and perform sophisticated interpretation of potential attacks like no other solution,” Hager says.