Upcoming features will add new vulnerability management capabilities to the Action1 patching engine for risk-based patch prioritization. Credit: Cisco Cloud-native, patch-management application provider Action1 is set to add vulnerability discovery and prioritization capabilities to its namesake flagship platform to help businesses stay ahead of software exploits. The plan is part of a company strategy to expand beyond its traditional patch management features and add capabilities aimed at enhancing an organization's resilience to cybersecurity threats. "The new features will enable customers to see beyond what is patchable into what is actually vulnerable," said Mike Walters, vice president of vulnerability and threat research and co-founder of Action1. "With this new combined product offering, enterprises will be able to make better prioritization decisions." The new features are targeted at companies that have a work-from-anywhere staff strategy. "Every organization needs a way to update their employees' devices as one of the most effective -- yet so simple preventive security measures available," said Story Tweedie-Yates, head of product marketing at KSOC, a Kubernetes security company. "Time and again, security reports show that a large risk to the organization is unpatched software and the vulnerabilities that accompany it." Vulnerability discovery and prioritization capabilities will be available -- in the third and fourth quarter, respectively -- with the customers' existing subscription and no extra charges. Consolidating vulnerability and patch management Action1, currently, only identifies unpatched systems and lacks the ability to detect all common vulnerabilities and exposures (CVEs) in an organization's environment, including those without available patches. "Currently, we only offer the remediation piece, without a link to the original vulnerability. Vulnerability discovery is the missing piece that will connect vulnerabilities on endpoints to available patches. With this new technology, the Action1 platform will be able to link the two together, so instead of just offering patches, it will tell you what systems are vulnerable with specific CVE IDs," Walters said. The company will use the National Vulnerability Database (NVD), CISA's Known exploited vulnerabilities catalogue (KEV), and the CIS Benchmarks list for its vulnerability discovery capability. Under its new strategy, Action1 is looking to combine the existing remediation offering with discovery and risk-based analysis of vulnerabilities in order to give companies contextual information that will help them consolidate and streamline resource allocation and prioritization. "Users will see every vulnerability on their system, including both patchable and non-patchable vulnerabilities, along with attributes such as score, exploitability, attack vector, and other available attributes. This will ultimately enable security teams to make informed prioritization in patching or to find a compensating control instead of patching," Walters added. Context is key in prioritizing patches Industry expoerts agree that various factors are usually considered while assessing vulnerabilities and risks associated with them. Erik Nost, an analyst with Forrester thinks contextual, risk-based approach combined with weighted counter controls help better handle vulnerabilities within a given timeframe. "Forrester recommends organizations consider business context, threat likelihood, and strength and effectiveness of compensating controls when assessing vulnerability risks," Nost said. Yates agrees that managing risk absolutely requires the ability to prioritize security efforts, including patching, based on business context. "In general, security practitioners are moving their true north from compliance to managing risk, and Action1's addition of vulnerability discovery, based on the differing business value of the asset, falls in line with this need," she added. KSOC’s Yates noted that Action1's platform is currently available only for Windows OS devices. The company, however, says that it is working to expand coverage to Linux and macOS systems. An Action1 customer since 2021, Chris Weis, senior systems engineer at Razzoo’s Cajun Caf?, initially became a user since the restaurant was "struggling with visibility and control of business endpoints (Data center, remote locations, and workstations) and keeping everything fully patched on a regular basis." "Action1 has a powerful patching system that allows us to address security with consistent patching to all our systems from an easy-to-use friendly interface. The other functions of Action1 including remote support, reporting, and software deployment have made Action1 one of our most essential tools we use to keeping our IT infrastructure running effectively," he added. Although the new features have not been tested, Weis was upbeat about Action1's upcoming vulnerability detection and remediation features. "Indicators such as scoring, exploitability, and attack vectors will help identify possible vulnerabilities that are outside of what patching alone can resolve and allow Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe