Otto  background

Automox Feature Update: Improved Severity Classifications for Patches

Connect With Us

Start now, and patch, configure, and control all your endpoints in just 15 minutes.

The Automox team has been hard at work upgrading our ability to classify patches based on severity level. This update leverages the National Vulnerability Database (NVD) CVSS v3.0 scoring model, which is the industry standard for evaluating vulnerabilities and correctly scoring them based on how exploitable they are and what their impact will be on a system or device.

Automox Patch Management: Severity Levels

The new Automox severity levels for patches are: Critical, High, Medium, Low and None. The addition of “High” allows a bit more nuance in the evaluation of vulnerabilities with “Critical” being restricted to only the most impactful and exploitable of vulnerabilities. The addition of “None” is to account for a vulnerability that has a score of 0.0.

We also introduce “Unknown” for any CVE that is awaiting analysis, does not have enough information to receive a score, etc. Remember that a CVE can be “Unknown” to start, but later have a severity level assigned that is then deployed according to your Severity or Advanced policy. “Unknown” replaces the current severity level “Other,” so you no longer see this severity level once the updates are made.

What to Expect With the Automox Severity Level Update

All of your policies and patches automatically show the new severity levels as options. For those who previously had “Critical” checked in your severity-related policies, you now have both “High” and “Critical” checked.

Your Severity and Advanced policies operate as they have in the past and now show “Unknown,” instead of “Other.” We encourage you to review your policies to ensure your environment is optimized.

Since our new severity service ingests more information about CVEs, the console may show additional patches matching your policies. More information means better patching for you and your company.

The Software page now has the ability to search for CVEs. Simply search for the specific CVE, ex: “CVE-2019-0708”.

The icons related to Severity have been removed from the Severity policy and Reports.

For additional information about how Automox manages severity level data in the console, see our Knowledge Base article: Understanding Automox Severity Data. Please feel free to contact Automox customer support for any additional assistance at support@automox.com.

Automox for Easy IT Operations

Automox is the cloud-native IT operations platform for modern organizations. It makes it easy to keep every endpoint automatically configured, patched, and secured – anywhere in the world. With the push of a button, IT admins can fix critical vulnerabilities faster, slash cost and complexity, and win back hours in their day. 

Grab your free trial of Automox and join thousands of companies transforming IT operations into a strategic business driver.

 

Dive deeper into this topic

loading...