Avoid costly mistakes to your business because of Mac security errors

Pareto Security App
Pareto Security App

Security breaches can be devastating for a business. Verify your team has correctly configured security on Macs with Pareto Security for Teams & Enterprise.

Secure your Macs now! Pareto Security - Avoid common security mistakes on your Mac | Product Hunt

Notarized by Apple

Pareto Security App
Teams Plan

Quick overview of your team's devices on a web dashboard and Slack integration

Team App

The native macOS app connects to your dashboard and sends the status of the checks. That way, you can easily see who needs help setting their Mac.

See Plans & Pricing
Team App
Web Dashboard
Web Dashboard

Quick overview of all connected devices and the status of checks.

Slack Integration
Slack Integration

Get immediately notified when a device fails a check.

Free Trial
Works with Jamf Pro

Easy addition with Jamf Pro to all your devices.

Team App
Enterprise Plan

More control over checks and easier overview of many devices and departments

Team App

Easy view of all Mac devices by departments that can be managed by different admins. Set priority checks so critical issues, like disabled FileVault, get resolved immediately.

Account manager and 1-hour onboarding are included.

See Plans & Pricing
Priority for Checks
Priority for Checks

Set priority for critical checks so they get fixed immediately.

Group Devices
Group Devices

Group devices by departments for easier management.

Email & SMS Notifications
Email & SMS Notifications

Immediate notifications to email and SMS.

Multiple Admin Users
Multiple Admin Users

Add multiple admin users with different permissions.

MS Teams Integration
MS Teams Integration

Get immediately notified when a device fails a check.

Onboarding & Account Manager
Onboarding & Acct Manager

Get onboarded by your account manager.

What does Pareto Security check?

Pareto Security app follows Center for Internet Security benchmark guidelines.
The app currently verifies 14 out of 73 checks quoted as automated. More are coming soon.

  • Set an inactivity interval of 20 minutes or less for the screen saver
  • Disable Printer Sharing
  • Disable Remote Login
  • Disable File Sharing
  • Disable Remote Management
  • Disable Media Sharing
  • Ensure AirDrop Is Disabled
  • Enable FileVault
  • Enable Gatekeeper
  • Enable Firewall
  • Disable automatic login
  • Require a password to wake the computer from sleep or screen saver
  • Require an administrator password to access system-wide preferences

Install Updates, Patches and Additional Security Software (6)

  • Verify all Apple-provided software is current
  • Enable Auto Update
  • Enable Download new updates when available
  • Enable app update installs
  • Enable system data files and security updates install
  • Enable macOS update installs

Bluetooth (2)

  • Turn off Bluetooth, if no paired devices exist
  • Show Bluetooth status in menu bar

Date & Time (2)

  • Enable "Set time and date automatically"
  • Ensure time set is within appropriate limits

Desktop & Screen Saver (2)

  • Set an inactivity interval of 20 minutes or less for the screen saver"
  • Secure screen saver cornerss

Sharing (12)

  • Disable Remote Apple Events
  • Disable Internet Sharing
  • Disable Screen Sharing
  • Disable Printer Sharing
  • Disable Remote Login
  • Disable DVD or CD Sharing
  • Disable Bluetooth Sharing
  • Disable File Sharing
  • Disable Remote Management
  • Disable Content Caching
  • Disable Media Sharing
  • Ensure AirDrop Is Disabled

Security & Privacy (7)

  • Enable FileVault
  • Enable Gatekeeper
  • Enable Firewall
  • Enable Firewall Stealth Mode
  • Enable Location Services
  • Disable sending diagnostic and usage data to Apple
  • Limit Ad tracking and personalized Ads

Time Machine (6)

  • Time Machine Auto-Backup
  • Time Machine Volumes Are Encrypted
  • Disable Wake for network access
  • Disable Power Nap
  • Enable Secure Keyboard Entry in terminal.app
  • Ensure EFI version is valid and being regularly checked

Logging and Auditing (5)

  • Enable security auditing
  • Retain install.log for 365 or more days with no maximum size
  • Ensure security auditing retention
  • Control access to audit records
  • Ensure Firewall is configured to log

Network Configurations (4)

  • Disable Bonjour advertising service
  • Enable "Show Wi-Fi status in menu bar"
  • Ensure http server is not running
  • Ensure nfs server is not running

System Access, Authentication and Authorization (4)

  • Secure Home Folders
  • Check System Wide Applications for appropriate permissions
  • Check System folder for world writable files
  • Check Library folder for world writable files

Password Management (16)

  • Configure account lockout threshold
  • Reduce the sudo timeout period
  • Automatically lock the login keychain for inactivity
  • Use a separate timestamp for each user/tty combo
  • Ensure login keychain is locked when the computer sleeps
  • Do not enable the "root" account
  • Disable automatic login
  • Require a password to wake the computer from sleep or screen saver
  • Ensure system is set to hibernatet
  • Require an administrator password to access system-wide preferences
  • Ensure an administrator account cannot login to another user's active and locked session
  • Do not enter a password-related hint
  • Disable Fast User Switching
  • System Integrity Protection status
  • Enable Sealed System Volume (SSV)
  • Enable Library Validation

User Accounts and Environment (7)

  • Display login window as name and password
  • Disable "Show password hints"
  • Disable guest account login
  • Disable "Allow guests to connect to shared folders"
  • Remove Guest home folder
  • Turn on filename extensions
  • Disable the automatic run of safe files in Safari

Pareto Security is focused on privacy and transparency

Transparency and Security

The device owner keeps full control over the device and the app.

Only the following data sent is to Pareto Security servers every eight hours:

  • The passed, failed, and disabled checks
  • Unique device ID & device name
  • macOS and app version
  • Date and time of last check
Transparency and Security
Open Source

Pareto Security is open source

The app code is fully open-sourced. Feel free to have a look at the code or even download and compile it from our repository.

Visit the repository on GitHub

Keep your business secure with Pareto Security

Avoid costly mistakes that come with easily preventable security configurations.

See Plans & Pricing »