From JETP to Jamf Mobile Forensics
Jamf Mobile Forensics, formerly known as Jamf Executive Threat Protection (JETP), represents a significant expansion of capabilities for defending high-risk users against advanced mobile threats. While the previous solution focused on executive threat protection, Jamf Mobile Forensics broadens its scope to address the full spectrum of sophisticated attacks targeting mobile devices.
Why Advanced Mobile Forensics Matters
Sophisticated attacks like mercenary spyware, zero-click exploits, advanced persistent threats (APTs), and nation-state attacks don't target everyone — they target users based on who they are, the type of work they conduct, or the data they can access.
Both Apple and Google notify users about potential spyware attacks and publish guidance for high-risk individuals. According to the U.K.'s NCSC, you are considered high-risk "if your work or public status means you have access to, or influence over, sensitive information that could be of interest to nation state actors."
But it's not only government or political targets. Organizations in Technology, Logistics & Transportation, Natural Resources, Manufacturing, Financial Services and more are vulnerable because of the high-value data their users hold or where they conduct business.
The challenge? Traditional endpoint management and mobile threat defense tools lack the deep data analysis needed to detect these sophisticated threats.
What's New in Jamf Mobile Forensics?
Automated Device Scanning
The Threat Protect mobile app proactively scans devices at intervals set by the organization. It collects and analyzes endpoint telemetry — system logs, kernel logs, certificates, crashes, software, and more — to detect both known and unknown threats. Scans take minutes, not weeks.
The app also supports cable-based scans for on-premises customers, connecting mobile devices directly to a workstation like a Mac.
Rules Engine
The Jamf Mobile Forensics rules engine, powered by Jamf Threat Labs proprietary behavioral analytics technology, automates analysis of each scan using known intelligence, anomalies, and suspicious behaviors to detect malicious activity and zero-day threats.
Security teams can:
- Tag, allow list, or block list different types of indicators
- Build complex rules based on YARA, bundle identifiers, and process names
- Detect unknown exploits and payloads that evade security controls
AI Analysis
An AI research assistant that reduces the manual research required to analyze device crashes and anomalies. It provides teams with rapid, expert-level insight into potential device compromises. For example, if a device shows a targeted, remote attack against an app, AI Analysis provides:
- A complete summary of the incident
- Analysis of unusual app behaviors
- Assessment of whether the device was hacked or code execution occurred
- Recommendations for next steps
SOC Incident Management
Simplify investigation workflows by automatically grouping events into unified incidents. Teams can monitor and manage their entire fleet against advanced attacks, including incidents at different time intervals, along with contextual information about specific incidents.
Integrations
Leverage powerful APIs to integrate with SIEM/SOARs, IdPs, MDMs, and more — fitting seamlessly into existing security operations workflows.
Types of Advanced Threats Detected
| Threat Type | Description |
|---|---|
| Mercenary Spyware | Commercial surveillance tools like Pegasus, Predator, Graphite, and Spyrtacus that infiltrate iOS and Android devices through vulnerabilities |
| Advanced Persistent Threats (APTs) | Well-resourced, sophisticated attacks aimed at prolonged network/system intrusion that evade initial defenses |
| Nation-State Attacks | Government-sponsored attacks using both APTs and mercenary spyware |
| Zero-Click Attacks | Exploits that infect mobile devices without any user interaction — a common strategy of mercenary spyware tools |
Privacy-First Design
A critical aspect of Jamf Mobile Forensics is what it does not collect. During log collection, the following personal data is never accessed:
- Passwords
- Photos and videos
- Text messages (including iMessage)
- Contacts
- Call data
- Data in applications
This privacy-first approach enables organizations to protect high-risk users without compromising their personal information.
Common Use Cases
Pre- and Post-Travel Scanning
Employees traveling to countries with heightened espionage risk need fast, in-depth analysis to determine risk, search for IoCs, and respond to threats before damage spreads. Government organizations protecting employees with high-risk profiles across the world face different types of threats in each region.
Digital Forensics & Incident Response
Analyze devices to quickly assess device integrity, uncover anomalies, and implement containment measures — reducing investigation time from weeks to minutes.
Mobile Threat Hunting
Proactively scan iOS and Android devices to analyze logs (including at the OS level), inspect devices for IoCs, or write rules to detect malicious attacks before they cause damage.
Jamf Mobile Forensics vs. Jamf for Mobile
It's important to understand the distinction:
Jamf for Mobile is the foundational mobile platform combining device management and compliance, mobile security (phishing protection, app risk monitoring, web content filtering), and secure application access. Organizations implement it to scale mobile use cases at work.
Jamf Mobile Forensics adds an advanced forensic layer to defend high-risk users from targeted attacks. It's designed to investigate anomalous behaviors, suspicious activity, and advanced threats that foundational security tools cannot detect.
Backed by Jamf Threat Labs
Jamf Mobile Forensics is backed by Jamf Threat Labs, an internal team of security researchers, analysts, and engineers. The team regularly publishes research on advanced mobile malware and sophisticated attack techniques, and drives continuous improvements to the Jamf Mobile Forensics rules engine.
How KlickKlack Can Help
As Taiwan's only Jamf MSP and Elite Partner, KlickKlack provides comprehensive deployment and support for Jamf Mobile Forensics:
- Expert deployment and configuration for your high-risk user groups
- Integration with existing Jamf infrastructure and security workflows
- Local support in your language and timezone
- Ongoing security consultation and threat monitoring guidance
Whether you need to protect executives traveling to high-risk regions, scan devices after a suspected compromise, or build proactive threat hunting capabilities, KlickKlack's certified team can help you implement Jamf Mobile Forensics effectively.
Contact us to learn more about protecting your high-risk users.
About KlickKlack
KlickKlack is the only partner in Taiwan with both Jamf MSP and Elite Partner certifications, providing comprehensive enterprise management and security solutions for Apple devices.