Product roadmap for the Pareto Security suite of products
The following list of upcoming features and changes to the Pareto Security Suite is not final and in no way guarantees when or even if we'll actually ship any or all of them.
The purpose of having this roadmap here is to allow our users to help us prioritize what we need to work on next by talking with us about items on this roadmap. Additionally, it allows our larger customers to plan ahead of any potential breaking changes.
This Roadmap is updated quarterly. Last update on 2023-01-22.
Excited about an upcoming feature? Talk to us so we make sure we cover your use case!
We already provide a REST API to allow you to export Teams' devices info, but we want to provide a few pre-built reports. We'll start with a simple CSV export of devices.
We already provide a number of checks from the CIS macOS benchmark, but there a number of them that we can still do:
Some things can be more lax when you're on your home WiFi.
But then when traveling, all checks need to be in place.
Currently, we have a 7-day grace period for all macOS and app updates. We propose a two-tiered system:
All updates are normal by default. In case a browser vendor or Apple pushes out an urgent security update, we can mark it in our backend, and the app on next refresh will see it and mark it as urgent. This will:
An example of such release is 12.4, that contains multiple CVE-level security vulnerabilities:: https://support.apple.com/en-us/HT213257
Users still postpone fixing basic security problems that Pareto Security tools are reporting. Would gamification help to incentivize them to fix problems?
Here are a few rough ideas:
Current MDMs are very much a binary thing. A device can either be enrolled and fully managed, or not.
IT admins struggle to find time to properly research and learn an MDM, and then take days to implement the central server, defining everything, and then enrolling all their devices, which could be in the hundreds or thousands.
Pareto could slowly move towards a privacy-first incremental-onboarding MDM:
If we do it, we do it like so:
Updater always pulls new versions from official sources, so an attacker can't do much. They can block installing new updates, but that's about it.
Ideally, we'd do something similar with Auditor. Allow Auditor to change some system settings, but the change actions come from some official source that is hard to be tampered with, and again the attacker can't run arbitrary code on devices and neither can access files on them.