Keeping our customers safe and secure is paramount here at Automox. For Automox, it is a people, process, and technology approach to security.
Our People
Our team has over three decades of operational experience designing and securing multi-tenant cloud and internet applications at scale. Our team comes from some of the most successful and sought-after internet companies including, SendGrid, SolidFire, StillSecure, and LeftHand Networks. All Automox team members undergo mandatory background checks prior to employment.
Our Processes
Need-Based Access Policies, Mandatory Logging
At Automox, we implement IAM policies and partition access to our systems to give our team members the least amount of access to perform their development and maintenance tasks. Need-based access is granted on a per-employee basis and regularly reviewed. VPN access is required to access the production environment, and all access to infrastructure and systems are logged and audited on a regular basis. Production servers are completely isolated from all staging, development, and build systems.
Automox uses monitoring software to track all server logins and privileged command execution, alerting any anomalous activity. All log files are written to centralized log hosts which are hardened and monitored using OSSEC and other tools.
Certifying Ourselves and Our Vendors
We ensure that not only do we receive our own certifications for our infrastructure, but we ensure our vendors are also certified and secure.
- Vendor-specific: Hosting and Physical Datacenter
- Amazon Web Services Security
- Amazon Web Services Compliance
- Amazon Web Services ISO27001 Certificate
- Amazon Web Services SOC3 Report
- Vendor-specific: Credit card processing and PCI Compliance
- Stripe security and PCI compliance information
- CSA (Cloud Security Alliance) Consensus Assessments Initiatives Questionnaire
Our Technology
Data Encryption
All private data exchanged with Automox takes place over encrypted channels. Our website and APIs communicate using TLS 1.2 over the standard HTTPS port 443. All enabled cipher suites utilize Perfect Forward Secrecy (PFS) for key negotiation and AES-128 or higher encryption. The Automox agent uses PKI encryption to authenticate the endpoint to our servers. Upon mutual authentication, all communication between Automox and the endpoint is secured. All access to production infrastructure is established through encrypted VPN connections. SSH sessions are regularly used for terminal sessions and data transfer between our servers. We use modern salted cryptographic algorithms to secure selected sensitive data stored in our database.
Secure Payment Processing
All credit card processing is handled by Stripe, and no credit card numbers are stored or handled by Automox or its employees. Stripe has PCI Compliant security architecture in place to ensure your payment information is kept secure. Development process focused on quality and security The Automox software is developed using a modern quality-driven process and mindset to ensure high reliability. All product changes undergo rigorous automated and manual testing in a staging environment to detect and eliminate operational and security issues before deployment to production.
Secure Agent Architecture
The Automox endpoint agent is responsible for monitoring and controlling the endpoint patch and management process. To facilitate this, the agent requires privileged access to the system in order to access secured locations of the system. Because of this privilege, we have architected the agent with multiple security features to protect the endpoint. The agent is written in a modern systems language with features to prevent common coding errors that can lead to security vulnerabilities. As mentioned above all communications are encrypted with TLS and authenticated with public-key cryptography. We have automated test suites that test agent integrity and ensure the agent is not vulnerable to replay or MITM attacks.
Automox is committed to delivering a safe and secure product for our customers. For additional information on Automox’s security policies, please see https://www.automox.com/solutions/security.
About Automox Automated Patch Management
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, macOS, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.
