Automox Feature Update Coming Soon: Improved Severity Classifications for Patches

The Automox team has been hard at work upgrading our ability to classify patches based on severity level. This update leverages the National Vulnerability Database (NVD) CVSS v3.0 scoring model, which is the industry standard for evaluating vulnerabilities and correctly scoring them based on how exploitable they are and what their impact will be on a system or device.

Automox Patch Management: Severity Levels 

The new Automox severity levels for patches will be: Critical, High, Medium, Low and None. The addition of “High” will allow a bit more nuance in the evaluation of vulnerabilities with “Critical” being restricted to only the most impactful and exploitable of vulnerabilities. The addition of “None” is to account for a vulnerability that has a score of 0.0.

We will also introduce “Unknown” for any CVE that is awaiting analysis, does not have enough information to receive a score, etc. Remember that a CVE can be “Unknown” to start, but later have a severity level assigned that is then deployed according to your Severity or Advanced policy. “Unknown” replaces the current severity level “Other,” so you will no longer see this severity level once the updates are made.

What to Expect After the Automox Severity Level Update

All of your policies and patches will automatically show the new severity levels as options. For those who previously had “Critical” checked in your severity-related policies, you will now have both “High” and “Critical” checked.

Your Severity and Advanced policies will operate as they have in the past and now show “Unknown,” instead of “Other.” As this change is approaching, we are encouraging our customers to review your policies to ensure your environment is optimized.

Since our new severity service will ingest more information about CVEs, the console may show additional patches matching your policies. More information means better patching for you and your company. 

The Software page will have the ability to search for CVEs. Simply search for the specific CVE, ex: “CVE-2019-0708”.

The icons related to Severity have been removed from the Severity policy and Reports.

Once this feature release has been completed, we will send all current customers a notification. Please feel free to contact Automox customer support for any additional assistance at support@automox.com.

About Automox Automated Patch Management Platform

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure. 

Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.

Get Instant Updates on Vulnerabilities

Subscribe to receive Automox vulnerability alerts

Reduce your threat surface by up to 80%

Make all of your corporate infrastructure more resilient by automating the basics of cyber hygiene.

Take 15 days to raise your security confidence!
Start a Free Trial