The Automox team has been hard at work upgrading our ability to classify patches based on severity level. This update leverages the National Vulnerability Database (NVD) CVSS v3.0 scoring model, which is the industry standard for evaluating vulnerabilities and correctly scoring them based on how exploitable they are and what their impact will be on a system or device.
Automox Patch Management: Severity Levels
The new Automox severity levels for patches will be: Critical, High, Medium, Low and None. The addition of “High” will allow a bit more nuance in the evaluation of vulnerabilities with “Critical” being restricted to only the most impactful and exploitable of vulnerabilities. The addition of “None” is to account for a vulnerability that has a score of 0.0.
We will also introduce “Unknown” for any CVE that is awaiting analysis, does not have enough information to receive a score, etc. Remember that a CVE can be “Unknown” to start, but later have a severity level assigned that is then deployed according to your Severity or Advanced policy. “Unknown” replaces the current severity level “Other,” so you will no longer see this severity level once the updates are made.
What to Expect After the Automox Severity Level Update
All of your policies and patches will automatically show the new severity levels as options. For those who previously had “Critical” checked in your severity-related policies, you will now have both “High” and “Critical” checked.
Your Severity and Advanced policies will operate as they have in the past and now show “Unknown,” instead of “Other.” As this change is approaching, we are encouraging our customers to review your policies to ensure your environment is optimized.
Since our new severity service will ingest more information about CVEs, the console may show additional patches matching your policies. More information means better patching for you and your company.
The Software page will have the ability to search for CVEs. Simply search for the specific CVE, ex: “CVE-2019-0708”.
The icons related to Severity have been removed from the Severity policy and Reports.
Once this feature release has been completed, we will send all current customers a notification. Please feel free to contact Automox customer support for any additional assistance at firstname.lastname@example.org.
About Automox Automated Patch Management Platform
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.