September 30, 2020

Big Sur is Coming: What you need to know about Forcepoint and the macOS 11 update

Slated to debut this fall, macOS 11 Big Sur, is making big waves across the security industry. From the architecture to the user interface (UI), consumers and security providers will experience pivotal changes - some more visible than others. Most notably, Apple is sunsetting kernel extension (KEXT) support and elevating personal privacy, placing it front and center. As technology increasingly infiltrates our everyday lives, privacy protection is becoming a key concern for consumers - especially as personal health and wellness becomes an integral part of Apple’s ecosystem.

Modern businesses must balance the protection of commercial interests with the preservation of personal privacy. Walking this fine line requires a human-centric, adaptable approach to security.  Forcepoint is ready and rising to the occasion.

Balancing Consumer Privacy and Protecting Company Data & IP

Apple embodies a consumer-focused ethos and maintains a decisive stance on protecting consumer privacy. Over the years, this stance has created only minor barriers for organizations that support macOS devices for their employees. With the launch of Big Sur, there will be a significant shift for commercial customers who must protect and support employee macOS devices.  The macOS 11 update is forcing security providers to pivot development efforts to accommodate the architectural changes in order to protect valuable corporate assets.

Forcepoint’s role as a security provider is to protect organizations and the people within them — both from accidental and malicious events. We live in a world where a single wrong click can cause catastrophic loss of data, or even render a system inoperable. The stakes have never been higher. Every organization has the responsibility to protect their customers, employees, and organizational data, as well as the integrity of its systems, networks, and IP. Though Apple does make exceptional efforts to protect their customers, they are not a security solution provider.

Kernel Extensions (KEXTs): the good, the bad & the human error element

Like most technologies, kernel extensions can be used for both good and bad (after all, they are developed by humans). Security organizations have utilized kernel extensions to create tamper-resistant tools to enforce endpoint security policies that effectively protect against malware, machine takeovers, and data exfiltration. However, bad actors have also leveraged kernel extensions to steal information, access privileged information, impersonate users, and infect machines with malware. There’s also the element of human error when it comes to kernel extension code, which can reportedly cause random crashes, data corruption, or even disable a system altogether.

With the move to Big Sur, Apple intends to remove threats posed by bad actors and code bugs by no longer allowing access to the kernel. The new architecture leverages system extensions rather than kernel extensions. With Big Sur, security providers will now have to place software tools in the user space rather than in the kernel-level APIs, which are unavailable to ordinary user-level applications. According to Apple’s developer documentation, “By running in user space, system extensions can’t compromise the security or stability of macOS. The system grants these extensions a high level of privilege, so they can perform the kinds of tasks previously reserved for kernel extensions (KEXTs).”

But wait…I thought MacOS was “safer” than Windows?

Unfortunately, Apple’s operating system is no longer as resilient to malware threats as it once was. Bad actors have sharpened their skills. They have studied the operating system and are now targeting macOS due to its increased popularity in corporate work environments, especially at the executive level. The complexity of the problem has been compounded by the recent mass migration to remote work due to COVID-19, of which organizations had little or no time to prepare.

Does this mean that companies will begin to move away from issuing Apple devices to employees? It’s highly unlikely. Designers and developers have become synonymous with macOS. Even though the overall commercial industry adoption of Apple hardware remains relatively small, those who have adopted it are often loyal fans who have mastered the art of those intuitive keyboard shortcuts and are heavily invested in the Apple ecosystem. As technology continues to evolve, Forcepoint will invest in and embrace innovation to drive human-centric security forward.


Protecting our customers and partners who run macOS will always remain a top priority for Forcepoint, which is why our team is actively updating our products to use system extensions that support the Big Sur architecture. We will continue to adapt to changes in the Apple ecosystem and work cooperatively with Apple to ensure we provide the uninterrupted security and protection our customers expect.

Our engineers have been communicating closely with Apple, diligently developing, and extensively testing in the available betas. Forcepoint will fully support Big Sur after we have determined that it meets our stringent standards of quality, security, and stability.



When will Big Sur be released?

Apple does not announce release dates or discuss roadmaps. Based on history, we’d speculate anywhere from mid-September to October, but it’s at the sole discretion of Apple. The earliest release we’ve seen was in mid-September. Last year, it was at the end of October. Typically, the release will follow a largely publicized Apple keynote address.

Will Forcepoint support macOS 11?

Yes, Forcepoint is committed to supporting macOS 11. We have doubled the size of our macOS engineering team to focus on this specific upgrade. The experience, the protection, and the capabilities are as important to us as ever to make sure we can accommodate and support the upgrade to Big Sur.

What makes this update different than the others?

This release requires security vendors to make highly complex adjustments to accommodate the significant architectural change that Apple has implemented. Security endpoints have historically relied on the ability to monitor and enforce security policies at the kernel level. With Big Sur, Apple is no longer allowing access to the kernel level. To continue delivering effective security products it requires a heavy engineering lift to adapt to the new architecture. Time, money, resources, and talent are all major factors that play into the equation.

How is Forcepoint going to handle not having kernel extensions anymore?

We’re updating our products to accommodate the new architecture enforced by Big Sur. Key members of our engineering team attended an Apple Endpoint Security Workshop on the Apple campus in late 2019 in preparation for the move to macOS 11. Forcepoint is a long-time member of the Apple development community and the Apple Seed Program. Our engineers are regularly downloading, testing, and providing feedback and filing bugs with the Apple developer and support communities to ensure the best possible customer experience. We will continue to adapt to changes in the Apple ecosystem and work cooperatively with Apple to ensure we provide the uninterrupted security and protection our customers expect.

Über Forcepoint

Forcepoint ist einer der weltweit führenden Anbieter von Cyber-Sicherheit im Bereich Anwender- und Datensicherheit und hat es sich zur Aufgabe gemacht, Organisationen zu schützen und gleichzeitig die digitale Transformation und das Wachstum voranzutreiben. Unsere Lösungen passen sich in Echtzeit an das Nutzerverhalten an und ermöglichen Mitarbeitern einen sicheren Datenzugriff bei voller Produktivität.