Otto background

First National Bank of America Centralizes Patch Management

Financial Services

The First National Bank of America (FNBA) is a full-service financial services institution, offering customers high-yield certificates of deposit and savings accounts, non-QM mortgages, commercial loans, self-directed IRA loans, and more.


Before Automox, FNBA used both Ivanti and PDQ to manage its patching and software updates but was experiencing difficulties with accurate patch reporting and completing patch updates. At the time, First National Bank of America was focused on solving:

  • Inconsistent patching

    The use of legacy patch management systems sometimes left FNBA with false results, leading to potential vulnerabilities and forcing the team to check that each patch went through, manually. Pushing through certain patches also resulted in other system malfunctions.

  • “Frankenstein systems”

    Previous patch management systems seemed mismatched, hard to use, and tough to configure. FNBA had trouble taking action because of poorly integrated features that would result in breaking other necessary pieces of their environment.


Automox was a game-changer for FNBA’s IT Security Team. Now operating in a VPN-free environment, FNBA can focus on more strategic business areas by leaning into automation.

No More Hunting for Patches

Automox empowered FNBA with insight into all devices, meaning technicians no longer had to manually check devices. This led to a significant reduction in hours spent patching. Furthermore, the IT team was able to manage its work schedule with much more ease and efficiency.

"Time management was a huge factor for us when selecting a patch management solution. With Automox, I don’t have to worry about vulnerabilities coming up and affecting our schedule."

- Matt Keeler, Information Security Analyst

VPN-free Management

FNBA’s top priority was implementing a patch management solution derived from a VPN-free platform. Previously, if a device left the network, it was lost – the previous agent lacked full visibility, leading to a heap of potential weaknesses. With Automox’s cloud interface, that’s no longer a problem.

Reducing Risk Management Score

FNBA uses Rapid7 insight vulnerability management (IVM) to evaluate security risks and determine an acceptable level of risks. With management setting the risk levels, Automox needed to deliver against coinciding KPIs to be considered effective.

Since the rollout of Automox, FNBA reported and maintained acceptable levels of risk throughout the company, something that required much more manual intervention previously. Having previously relied on competitors like Ivanti, FNBA’s risk level scores were often unpredictable and erratic. Of course, a raised risk level led to serious work for FNBA’s Security and IT team.

However, even with spikes caused by outside factors, Automox ensured lower risk levels were brought into remediation within a short time frame.

“I love Automox – it complements Rapid7’s IVM very well.”

- Matt Keeler, Information Security Analyst


“Patch management is finally in a good spot,” says Keeler. With Automox, FNBA finally has insight into all devices, whether they’re on a company network or not. Plus, they no longer have to hunt for patches. As a result, opportunities for bad actors and vulnerabilities have significantly decreased. Automox’s simple features have had a real impact on this security shop and are now FNBA’s patch management must-haves.

Dive deeper into this topic