ExtraMile by KnowledgeNile combines expert insights and the latest technologies to keep you informed and ahead in the continuously changing digital world.
In today’s discussion, we are delighted to welcome Slava Konstantinov, a cybersecurity expert and macOS Lead Architect at ThreatLocker®. The firm offers zero-trust endpoint protection solutions and aims to standardize security measures for organizations.
Slava has been leading ThreatLocker's endeavor to formulate and implement cutting-edge security solutions to limit complex cyber threats. With more than a decade of experience as an IT professional and expertise in macOS security, our guest has established himself as one of the top voices in the cybersecurity realm.
Dive into Slava’s extensive journey in the IT and security domains, alongside exploring the security solutions for macOS operating systems.
We are happy to have you with us, Slava; let’s get started!
As the macOS Lead Architect for ThreatLocker, you are a pioneer in macOS system security. What led you to focus on macOS development, and how did the path combine you with ThreatLocker?
Ans. My journey with Macs started long before I even considered cybersecurity. I used to help my friends set up their Windows computers, but I often noticed that they were infected with adware that was altering search engines, installing hidden software, and displaying intrusive advertisements. This observation motivated me to create a simple application that could check if these adware, extensions, and search engines were installed on the system or browsers and automatically remove them.
After some time, I grew increasingly frustrated with Windows and decided to switch to macOS. Since then, I primarily work on Windows for research purposes or when necessary for work.
Before joining ThreatLocker, I had over 10 years of experience in software development, most of the time focusing on cybersecurity. In 2022, ThreatLocker approached me with an unusual and challenging task: to create a proof-of-concept for Zero Trust software specifically designed for Macs. I couldn’t resist the opportunity to take on this new challenge and have since been designing and developing ThreatLocker Mac Agent.
The company has a “default deny” approach, which turns transitional, classic cybersecurity models. How do you implement this approach with such ease on macOS, where there is its own ecosystem and expectations from the user?
Ans. Implementing a “default deny” approach on macOS while ensuring usability involves leveraging Apple’s built-in security frameworks.
Apple provides third-party developers with a set of tools, but they restrict access to macOS’s “kernel” by requiring us to write our own Kernel Extensions (similar to drivers in the Windows world). This approach enhances stability and protects user privacy that even “trusted” software can’t access low-level components of macOS. However, this approach comes with a tradeoff.
As developers, we lack complete control over the underlying workings of macOS and rely solely on Apple’s provided tools, which may not always be perfect or fulfilling. Since macOS users expect seamless interaction, we must resort to non-standard solutions and workarounds to meet certain expectations.
While it may seem straightforward when using the product, and our goal is to make better security easy and transparent as possible for users. The reality behind the scenes is months and years of hard work, brainstorming and creative thinking.
macOS is generally considered to be more secure than any other operating system. Is the statement true? How does the company enhance macOS security even further?
Ans. macOS, like any other major operating system, is not immune to vulnerabilities. One of the most common misconceptions is that macOS is invulnerable to viruses. Recent reports indicate a significant rise in macOS malware incidents over the past few years.
macOS is equipped with robust security measures. System Integrity Protection (SIP), Kernel Integrity Protection (KIP), Gatekeeper, and XProtect, Transparency, Consent, and Control (TCC), Sandbox, Secure Enclave, and Pointer Authentication Codes (PAC) are testaments to their commitment. Together, these features make macOS more secure and harder to compromise. However, no system is impervious to attacks, especially when considering the role of social engineering and zero-day vulnerabilities.
If you examine every release of macOS, or any other operating system, you’ll find a list of patched vulnerabilities under the section titled “Apple Security Updates.” There are numerous vulnerabilities in each release, which demonstrates that macOS is susceptible to attacks. Who knows how many unpatched vulnerabilities can be exploited by threat actors to gain unauthorized access to your system.
By adopting the ThreatLocker Zero Trust approach, users can significantly enhance macOS security. This approach eliminates implicit trust and strictly enforces continuous verification for every access request, whether it involves executing, storing, or accessing data on the network. It strictly adheres to the principle of least privilege, only granting access that is necessary.
Recently, the company was named “Cyber Resilience Innovation of the Year.” As a team member, what was your role in developing the solutions that helped you to achieve this award?
Ans. My role as the Lead Architect encompassed overseeing the entire development lifecycle, from conceptualizing the Proof of Concept to delivering the full product. I led the development of secure architectures tailored to macOS's unique ecosystem, ensuring our product adhered to stringent security standards while maintaining platform stability and user experience. I worked closely with the team to identify and mitigate potential vulnerabilities, leveraging macOS-specific tools, frameworks, and security features. Additionally, I played a role in aligning our cybersecurity goals with the evolving threat landscape, enabling our solution to remain ahead of emerging risks.
The company recently launched new tools, like patch management and cloud control. According to you, how will these tools serve macOS users better in the future?
Ans. Cloud control is a product specifically designed to protect Microsoft 365 tenants from phishing attacks and token thefts, which have nothing to do with macOS or Apple.
Patch Management is coming to macOS soon. It acts as a vigilant guardian, constantly scanning your devices for outdated applications and identifying those in need of patching. It eliminates the tedious task of checking multiple sources for different alerts by consolidating everything into one place for seamless management.
We all know that maintaining the latest software updates is crucial for security. Software patches are vital security updates that repair known vulnerabilities, preventing attackers from exploiting them. Applying patches reduces the attack surface, limiting entry points for malicious actors and safeguarding sensitive data. I’m not just referring to macOS software updates; regular applications could also pose security risks, so keeping them up to date is not just about stability but also security.
While developing security solutions for macOS, what challenges have you faced? How did you tackle or deal with them?
Ans. Developing security solutions for macOS comes with unique challenges due to Apple’s closed ecosystem, strict system security controls, and framework limitations.
The most significant hurdle is the restricted kernel access, which, while understandable for overall system stability, limits the depth of security software functionality. As a security software developer I want to have full access to system but I can understand why Apple made this decision.
We often implement products or approaches to Zero Trust that no one has ever done before the way we do. This becomes a challenge as we have limited set of tools provided by Apple and there’s always something that we lack or has limited usability for us. Dealing with it is challenge but creative thinking and brainstorming with a team helps to get results we need. Sometimes it takes days to implement, test some new features or approaches and then realize that this is not going to work. But at the end of the day we always find a way to most of the problems if its not fully restricted by Apple.
How do your open-source projects and involvement in the community support your work? What advice would you like to give to new developers to help them keep their devices and data secure?
Ans. Unfortunately, due to my demanding work schedule that consumes 100% of my time, I can no longer dedicate significant time to supporting open-source products. This is because I not only lead the product but also actively strive grow as a expert, as cybersecurity is a rapidly evolving field that leaves me with limited time for other contributions.
Participating in conferences, sharing knowledge through blogs or talks, and engaging with the community are all valuable ways to contribute to the evolution of both yourself and your product. By staying updated with emerging threats, trends, and best practices, you can effectively adapt your strategies to counter the ever-changing cyber risks.
Here are a few common pieces of advice I can offer to help keep your data and devices safe:
- Keep software up to date: This ensures that you have the latest security patches installed.
- Exercise caution when downloading files: Avoid suspicious websites and email attachments.
- Ensure that all software you’re running is trusted: Make sure it’s properly signed and notarized to reduce the risk of running malware disguised as legitimate software.
- Use strong passwords and two-factor authentication or Passkeys:** These measures add an extra layer of protection for your accounts.
- Activate all built-in protections: Make sure your operating system, antivirus software, and firewall are enabled.
- Backup your data: Protect your data in case it’s accidentally deleted or encrypted.
- Invest in a reputable third-party security software: These tools can provide additional protection against malware and other threats.
Tune Into Our Other Informative Interviews:
