Patching Systems with AutoMox

I’ve heard almost every excuse there is for not patching a system. While at Tenable Network Security, I got to focus on helping organizations identify their biggest cyber risks which usually meant patching vulnerabilities.
Enterprise networks typically leveraged IBM, Microsoft and Symantec to schedule and apply patches across all types of assets with all types of complexities and exceptions. A common problem we helped solve at Tenable was figuring out when these systems thought they deployed a patch, but the endpoint still had an old DLL or needed a reboot to really be patched. The complexity of these systems caused many organizations I continue to speak with want to look for something simpler.

Automox Overview
Almost two years ago, 
Alan Shimel, introduced me to a cloud based patch management company named Automox. I spent some time testing it and liked their approach so much, I became an investor.

From a cloud console, I manage patching across my Linux, OS X and Windows systems. This includes, a variety of Linux and OS X servers I use for technical testing of new security companies we are doing diligence on and the variety of laptops we have for personal and work use. The patching focuses on the operating systems and the most common third party software — browsers, java and acrobat.

Each system has an agent which is easily installed with a download or a command line string that can be cut and pasted. Systems can be arbitrarily grouped with different patching rules. I grouped mine by operating system and have different rules for systems that can be rebooted automatically or those which require a manual reboot. Systems can also be tagged for quick filtering and easy access.

Here are some screen shots:


Dashboard Overview


List of Endpoints and Status (sanitized)


Policy Screen with Settings for Manual or Automatic Reboot


Installed Software with Search Screen

Working with Automox
Once you set things up, there isn’t much to manage at all. The issues I’ve run into are really minor such as:

  • Having some of the next generation IDS and botnet detection companies I’m testing identify the command and control traffic of the Automox agents as suspicious
  • Not trusting the auto-reboot feature and manually doing reboots (which extended my patch time considerably)

The platform also supports reporting, CSV exports of the reports and a nice 

From their recent 
blog about their new release, many new features are on their way quoted below:
We’re also going to help you distribute software across your network to cut down on time spent imaging new devices. Alternatively, there are occasions when software that you don’t want on your network finds its way in, we’re also going to give you the ability to stymie these applications before they can impact security. IT admins can use Automox to blacklist software so that as soon as it’s discovered, it’s automatically removed from the device.

Automox offers a 1
5 day trial for an unlimited number of devices and pricing starts at $4 a month per system.