
Ask HN: Laptops Security for a 40 Startups – What are you using? - tzury
What tools are you using to protect your laptops (Mac&#x2F;Linux and Windows 10)?<p>As long as we were a small team, with mainly linux and some Macs, we were &quot;fine&quot;.. However, now as we grow, I need to get a unified security platform to protect them all.<p>Would appreciate if you can share what tools are you using for this purpose.<p>Edit: Security needs - Identity (keys) as well as malware&#x2F;virus protection.<p>Thanks for sharing!
======
anderiv
Among many other duties, I help manage a fleet of ~80 Macs for number of
early-stage tech companies. We're doing some things well, and some things we
don't have a good answer for yet.

Good:

\- Sophos Endpoint protection (cloud.sophos.com). We've found this to work
great, is easily-configurable, and is inexpensive, something around
$25/user/year for the "advanced" license, which also gets you DLP
functionality.

\- JAMF Pro for MDM. If starting now, I'd probably go with the hosted "JAMF
Now" product. We use this to enforce security policy, deploy apps, monitor
patch compliance, enforce patch installation, etc.

\- NoMAD for Active Directory integration. I've just started R&D on
deprecating our AD and moving to Okta as a primary identity provider, so once
this is ready, I'll be switching over to JAMF Connect, which supports Okta.

Not good / In progress:

\- Centralized log collection from the laptop fleet. This is challenging due
to the on/off connectivity nature of laptops.

\- Sometimes NoMAD messes things up and user passwords get out of sync between
AD and the local MacOS user database. This causes no small amount of
frustration as you can imagine.

Hopefully this is helpful. If anyone else has suggestions on the "not good"
items, please reply!

------
mikece
I'm lobbying for FIDO2 devices like YubiKeys where I work (we issue both
Windows and Apple laptops). Google has had great success with YubiKeys.

