Resources

/

Podcasts

/

Product Talk

Reactive to Proactive Risk Reduction with Automox's Director of Solutions Engineering

Episode 07   Published July 23, 2024 14 minute watch

Product Talk

Product Talk, hosted by Peter Pflaster and Steph Rizzuto, takes you inside the Automox platform feature by feature. Recent topics include automated vulnerability remediation, custom roles, third-party patching, the Splashtop-powered Resolve, and integrations with Zendesk and VulnCheck. You'll hear the reasoning behind each release and where endpoint management is heading as it grows more autonomous.

Host

Steph Rizzuto

RECENT EPISODES

CISA's BOD 26-04 Directive Explained

[Nothing Weaponized, Everything Exposed]

[AI Hits the Hat Trick], Ep. 32

[Emergency Episode: DirtyFrag Exploit Before Patch], Ep. 31

The Math of Modern Attacks

View all episodes

Available wherever you get your podcasts

Youtube

Apple Podcasts

Spotify

Overcast

Pocket Casts

Amazon Music

Castro

Goodpods

Castbox

Podcast Addict

Player FM

Deezer

Summary

The security market spent a decade getting better at finding problems and is only now investing in fixing them. Steph Rizzuto and Katherine Chipdey, Automox's Director of Solutions Engineering and Alliances, explain that proactive risk reduction means holding endpoints at a compliance baseline rather than remediating spikes after every Patch Tuesday or zero-day. Recorded the day of the global Microsoft outage, the two cover the Automox features driving that shift: Worklets for configuration management, Automated Vulnerability Remediation with its Rapid7 InsightVM integration, and the AskOtto generative AI assistant.

Takeaways

  1. For about a decade, security tooling kept getting better at detection. Attack surface management, vulnerability prioritization, and rising alert volume all sharpened visibility into what's wrong. Only in the past few years has comparable attention shifted to the remediation side.

  2. The episode was recorded the day of the July 2024 global Microsoft outage, which grounded flights and disrupted hospital operations. It could not be fixed programmatically because endpoints had to be touched manually, and BitLocker key recovery added friction.

  3. Worklets handle the configuration management that patching alone can't, such as enforcing password complexity, account lockout settings, and blocking USB use on corporate endpoints.

  4. Removing risky third-party software is part of the baseline: Katherine cites legacy Flash generating roughly 10,000 vulnerabilities just by being present, so keeping it out of the environment beats re-remediating it.

  5. Automated Vulnerability Remediation (AVR) synchronizes with Rapid7 InsightVM to ingest critical vulnerability data and fix it through patches or Worklets in minutes, lowering mean time to remediation.

Topics

Patching & Endpoint Mgmt

See for yourself how policy-driven IT Automation saves time and eliminates risk.

Dive deeper into this topic

From Click to Fix: Bringing Automox Actions to...

Podcast

Automated Patching Solutions Compared: 2026...

Compare automated patching solutions for 2026. Find the best...

Black background with white text "AUTONOMOUS IT LIVE" in green circle and rectangle, and smaller text "FROM AUTOMOX" beneath.
AI, Humans, and the Hybrid Reality of IT in 2026

Blog

How To Build a Patch Compliance Dashboard That...

The power of IT automation is useless if you can’t prove to...