The IT Nerd

Action1 today announced the launch of its most significant product update to date: the expansion of its platform to include Linux patch management and AEM. With this release, Action1 becomes a unified cross-platform solution for autonomous endpoint management and patching across Windows, macOS, and now Linux.

This milestone reflects Action1’s ongoing strategy to help enterprises and MSSPs automate patch management and secure diverse IT environments with greater simplicity and control. The new capabilities cut patching time and costs, enabling organizations to refocus resources on strategic projects. Enterprise IT and MSSPs benefit from uniform, cross-platform, and autonomous patch management capabilities that keep all endpoints – regardless of operating system or application – up to date, secure, and compliant.

Purpose-Built for Enterprise IT and MSSPs: Unified Management at Scale

With this release, Action1 strengthens its ability to meet the demands of modern enterprise IT, offering:

• Autonomous patch management across all major operating systems.
• A single pane of glass for software vulnerability assessment across diverse environments in real time.
• Automation, control, and compliance capabilities built for large-scale, hybrid enterprises and MSSPs.

What’s New in This Release

• Linux Support for Unified Patch Management: A new Linux agent extends Action1’s platform to all major operating systems, enabling uniform patching, management, and automation across Windows, macOS, and Linux.
• Enterprise-Wide Visibility: Consolidates reporting and dashboards across multiple enterprise business units or MSSP clients, giving IT teams unified real-time insight and faster vulnerability remediation at scale.
• Enhanced Update Rings: Refined logic improves patch validation accuracy and rollout tracking, ensuring well-tested, more reliable patch deployments that don’t cause outages.
• PowerShell Script Signing: Optional enforcement for trusted, digitally signed scripts helps compliance-driven organizations enforce security policies.
• Simplified Connectivity: Agent communication now occurs over port 443 by default, reducing firewall configuration complexity in enterprise networks.
• Expanded Software Repository: With 27 new Windows and 10 new macOS packages, Action1 broadens coverage for third-party application patching and software deployment, while leveraging the security of a privately maintained software repository not reliant on less-secure community-maintained alternatives such as Winget.

This release reaffirms Action1’s focus on organizations that demand secure, scalable, and autonomous endpoint management across mixed environments. By delivering unified cross-platform support, real-time enterprise-wide visibility, and advanced controls, Action1 continues to simplify vulnerability remediation, patching, and compliance on a global scale.

For more information, please visit www.action1.com.

Action1, a leading provider of autonomous endpoint management solutions, today announced a major expansion of its free tier, increasing the number of free endpoints from 100 to200. The first, foundational use case for Autonomous Endpoint Management (AEM) is autonomous patching that accelerates patch deployment and compliance and reduces IT overhead and degradation of Digital Employee Experience (DEX). Driven by a mission to make autonomous endpoint management easily and universally accessible, Action1 will now enable organizations and home users to deploy its cloud-native patching solution to secure the first 200 endpoints at no cost, forever, with no feature limits. 

Democratizing Autonomous Endpoint Management

Today’s cyber threat landscape presents unprecedented challenges, from sophisticated, Gen-AI-enabled ransomware attacks to complex compliance demands. Small and medium-sized businesses (SMBs) and nonprofits often lack the resources to address these issues effectively. 

According to Veeam, 85% of ransomware attacks target small businesses. Action1’s expanded free tier provides a lifeline to these targeted groups, providing: 

• Enterprise-grade autonomous endpoint management FREE: Protecting up to 200 endpoints free forever, with simple scaling above 200, without hidden costs or complexity. 
• 5-minute deployment, effortless management: Start managing endpoints immediately, minimize training and free up IT resources.  
• Low bandwidth and hybrid workforce patching: Seamlessly deploy patches, remediation, and updates with bandwidth-efficient P2P distribution—no VPN required. Easily patch offline devices as soon as they reconnect online. 

Redefining “Free” in Autonomous Endpoint Management

Unlike misleading “free” software offers that often serve as bait for trials or data monetization schemes, Action1 provides a genuinely free solution with comprehensive autonomous endpoint management capabilities for the first 200 endpoints and transparent pricing for any additional usage. With no hidden fees or commercial handling of user information, Action1 empowers small businesses and non-profits to operate and grow securely. It also enables larger organizations to start using the platform’s capabilities on smaller environments at no cost, with no functional limits, before scaling up. 

Reinventing Patching with the Powerful, Cross-Platform Solution

Action1’s platform disrupts legacy patch management approaches, offering an all-in-one solution tailored for today’s hybrid work environments. Key benefits include: 

• Unified, cross-OS and third-party patching: Automate the entire patching process, from identifying and deploying missing updates to real-time reporting. 
• Ease of use: Start getting value in minutes. Patch software consistently without legacy technology, clunky integrations, or multiple consoles. 
• Vulnerability discovery and remediation: Prevent security breaches and ransomware attacks. Detect vulnerabilities in OS and applications in real-time and enforce remediation. 

Learn more about the difference Action1 can make for your IT operations with the first 200 endpoints free: https://www.action1.com/free-edition/

Action1, a leading provider of real-time vulnerability discovery and automated patch management solutions, today announced a significant expansion of its free patch management offering. Previously available exclusively to business users, Action1 is now breaking down barriers to advanced endpoint security for everyone—including nonprofits, independent consultants, small businesses, and home users—ensuring no one is left vulnerable to cyber threats. 

With 100 endpoints free forever, Action1 makes itsrobust, cloud-native patch management solution equitable for both individuals and organizations worldwide, empowering them to combat cyberattacks and safeguard their digital environment.

 Small Targets, Big Risks

Cybercriminals are increasingly targeting the most vulnerable among us—small businesses, nonprofits, and independent professionals. According to Cybersecurity Ventures, more than 60% of ransomware attacks now focus on organizations with fewer than 100 employees. Unpatched vulnerabilities, which account for nearly 60% of all cyberattacks,according to the Ponemon Institute, are particularly harmful to small businesses and individuals with limited resources. Action1 addresses these challenges by delivering automated patching and vulnerability management across both operating systems and third-party applications, ensuring the broader community stays protected without requiring extensive IT or budget resources.

With Action1, users gain the benefits of an autonomous endpoint management solution for the first 100 endpoints at no cost, with features including:

• Ease of Use: Start patching endpoints in under five minutes and rapidly scale to as many endpoints as needed. No dependency on legacy tools, clunky integrations, or on-premise software.
• Unified Cross-OS and Third-Party Patching: Automate the entire patching process for remote and onsite endpoints, from identifying and deploying missing updates to real-time reporting. 
• Vulnerability Discovery and Remediation: Prevent security breaches and ransomware attacks. Detect vulnerabilities in OS and applications in real-time and enforce remediation. 

With this initiative, Action1 now accepts both personal and business emails for new account registration at https://www.action1.com/signup.

To learn more about Action1 Patch Management, visit https://www.action1.com/free-edition/.

Action1, a leading provider of real-time vulnerability discovery and automated patch management solutions, will be presenting their enhanced patch management solution at Microsoft Ignite 2024 in Chicago, November 19-21. As a strategic enhancement to Microsoft Intune, Action1 complements Microsoft’s device management software with advanced cloud-native patching and vulnerability management, designed to scale effortlessly and ensure endpoint security in real time.

Action1 seamlessly integrates with Microsoft Intune, elevating Intune’s device management capabilities with its Autonomous Endpoint Management solution. This advanced approach includes real-time patching and vulnerability assessments for operating systems and third-party applications, along with features like offline device patching and peer-to-peer (P2P) distribution. These capabilities provide an additional layer of compliance and protection tailored for hybrid work environments. With a setup time of under five minutes, Action1 empowers companies to rapidly secure their endpoints, manage them autonomously, and stay ahead of emerging threats.

Key Features of Action1 at Microsoft Ignite 2024

● Third-Party Application Patching

Intune’s native support for third-party software patching is minimal, often requiring additional workarounds. Action1, purpose-built for patch management, delivers automated third-party patching across a wide range of applications. This ensures that non-Microsoft software vulnerabilities are promptly addressed without extra steps or integrations.

● Real-Time Vulnerability Assessment

Unlike Intune’s scheduled compliance scans, Action1 provides continuous, real-time visibility into endpoint vulnerabilities. This proactive monitoring helps organizations identify and mitigate risks faster, reducing the time between detection and remediation.

● Automated Remediation

Action1 streamlines patching with detailed, policy-driven automation for OS and third-party software, significantly reducing manual workloads and ensuring consistent compliance across endpoints.

● Peer-to-Peer Patch Distribution

While Intune’s Delivery Optimization is effective for Microsoft updates, it has limitations for third-party applications. Action1’s peer-to-peer patch distribution supports non-Microsoft updates, optimizing bandwidth usage and enabling efficient patch deployment in distributed or bandwidth-constrained environments.

 First 100 Endpoints Free Forever

To help organizations experience Action1’s benefits firsthand, a lifetime license for the first 100 endpoints is available at no cost, allowing enterprises to indefinitely trial the solution before full-scale implementation.

● Compliance and Security Certifications

Action1’s dedication to compliance is reflected in its certifications, including SOC 2 and ISO 27001—the first in patch management to achieve both standards. Additionally, Action1’s support of HIPAA, PCI DSS, CIS CSC, ACSC, and GLBA/FFIEC enables organizations to meet diverse regulatory requirements and strengthen endpoint security.

● Global Reach and Reliability

Action1’s strategically located data centers worldwide ensure fast patch deployment, supporting enterprises in scaling patch management with confidence, backed by robust and globally compliant infrastructure.

Experience Action1 at Microsoft Ignite 2024

Join Action1 at booth #430 at Microsoft Ignite 2024 to witness live demonstrations of our advanced security solutions. Visitors can engage in our “Crack the Code” game for a chance to win LEGO sets, enjoy exclusive Action1 swag, and receive free coffee vouchers for a local coffee shop. For more information, visit www.action1.com.

Action1, a provider of an integrated real-time vulnerability discovery and automated patch management solution, today announced its latest product release. As part of its platform enhancements, Action1 has introduced a new agent for macOS, enabling organizations with diverse IT environments to ensure unified, cross-platform patching automation and integrated software vulnerability management. 

As the world’s #1 easiest-to-use patch management solution, according to G2, Action1 is committed to transforming and simplifying the patching routine for organizations of all sizes. Now becoming cross-platform, Action1 is revolutionizing macOS patching while consolidating multiple patch management approaches for different platforms.

The newly incorporated macOS support feature helps IT teams streamline vulnerability discovery, prioritization, and remediation for both operating systems and applications across their entire fleet. In addition, it offers extended endpoint management capabilities such as software deployment, scripting, and IT asset inventory for macOS devices. Action1 is available at no cost for the first 100 endpoints, without any functional limits for both macOS and Windows — and never expires.

According to the Action1 Software Vulnerability Ratings Report 2024, macOS experienced a 30% increase in exploited vulnerabilities in 2023, making it increasingly susceptible to attacks targeting known vulnerabilities. 

In addition, Action1’s latest release includes multiple enhancements to boost the product’s functionality, security, and usability, including: 

• Addressing NVD Vulnerability Backlog. Action1 can now detect software vulnerabilities for applications listed in its Software Repository beyond the National Vulnerability Database (NVD) data, providing crucial visibility and automated remediation amid the NVD’s update delays.
• Software Installation Customization. This enhancement allows customization of built-in and custom software packages without cloning, available for the entire enterprise, per organization, or per endpoint, to ensure continuous patch compliance while preserving future automatic updates.
• Real-Time Endpoint Attribute Reporting. Action1’s reporting capabilities are now improved by adding endpoint attributes, including username, comment, OS types, IP address, and more, as selectable columns in custom reports.
• Expanded API. Action1 implements new capabilities and integration options, with code samples, supporting advanced custom integrations to address complex, enterprise-level needs. 
• Multiple Usability Enhancements. The release introduces several UI improvements, including moving endpoints between groups, reworked endpoint organization controls, and many more – all designed to further simplify the already easiest-to-use patch management solution. 

To learn more about Action1’s latest release, visit www.action1.com. 

Action1 has released their latest survey taken by 250 IT leaders from educational institutions in the US and UK, to assess their readiness in combating growing cyber threats. Results showed a  stark wake-up call for the education sector: 64% of school IT leaders warn ransomware threatens education quality.

Highlights of the survey:

• 78% of schools lack a dedicated cybersecurity specialist, making it challenging to effectively manage cybersecurity and respond to threats
• 44% perceive a moderate risk, highlighting widespread concern about potential disruptions to teaching and learning that ransomware can cause
• 84% of IT leaders are not confident in the overall cybersecurity readiness as moderate or slight

You can read more here.

Action1 got into the news recently via a leaked email that sparked a discussion on Reddit about the company potentially getting purchased by CrowdStrike. Yes, the same CrowdStrike that has been in the news recently for all the wrong reasons.

You can put that to bed as of today as the company just announced its decision to remain a founder-led company. Despite receiving multiple acquisition inquiries over the past year, including from well-known industry players, Action1 has chosen to continue operating independently to fully realize its vision.

Alex Vovk, CEO and Co-Founder of Action1 had this to say:

“We are honored by the interest we have received from major industry players, as it validates our strategy and leadership in the space. However, after careful consideration, we have determined that remaining founder-led is the best path forward. While it is tough to turn away from significant financial opportunities, we believe our future is far brighter as an independent company.”

Action1’s vision is a world where cyberattacks exploiting vulnerabilities are entirely prevented across all types of devices, operating systems, and applications.

Mike Walters, President and Co-Founder of Action1 added this:

“We are excited to continue on the path of innovation and are deeply grateful to our customers worldwide for their trust and support.”

So I think think that todays announcement should put any rumours of Action1 being purchased to bed once and for all.

Action1 has released a 2024 AI Impact on Sysadmins report, revealing that while system administrators (sysadmins) recognize AI’s potential, significant gaps in education, cautious organizational adoption, and insufficient AI maturity hinder widespread implementation. Action1 researchers found that while sysadmins are aware of AI’s potential, the readiness for its adoption is tempered by the need for further education and training and AI failures.

Key findings include:

• The top 3 areas for AI automation are log analysis, server CPU and memory monitoring, and patch management.
• 60% of sysadmins acknowledge a lack of understanding of leveraging AI practically, indicating a persistent gap in AI literacy; 72% expressed a need for training, and 45% were concerned about becoming obsolete in the job market due to their current level of AI literacy. 
• The highest failure rates occurred in areas where AI is most commonly implemented/ Over half encountered errors in troubleshooting, followed by 25% of respondents reporting failures in implementing AI for log analysis.
• 80% of organizations do not require sysadmins to implement AI in their job roles
• AI led to critical disruptions in 16% of organizations. 

The report’s timing is intentional: It was released a day ahead of SysAdmins Day, celebrated annually on the last Friday of July, to recognize sysadmins who often work around the clock to ensure systems are available when needed. 

You can read the report here.

Action1 announced today it has secured Security, Trust & Assurance Registry (STAR) Level 1 Certification from the Cloud Security Alliance (CSA), the world’s leading organization promoting the use of security best practices within cloud computing and helping foster secure cloud environments through education. Additionally, Action1 has signed the Cybersecurity and Infrastructure Security Agency’s (CISA) Secure by Design Pledge. These initiatives underscore Action1’s commitment to internal security and solidify its position as a trusted vendor in the cloud-based patch management space.

As Action1 has achieved CSA STAR Level 1 successfully, it is now listed in CSA’s publicly accessible registry. The STAR registry lists cloud solutions from vendors that follow the strictest security and privacy controls, facilitating users in identifying vendors dedicated to maintaining data confidentiality, integrity, and availability. The CSA STAR program is recognized as the industry’s most powerful program for security assurance in the cloud.

Action1 is a cloud-native patch management platform enabling enterprises to rapidly discover and remediate vulnerabilities with a 99% patch success rate. It helps understaffed IT teams save time and reduce costs by streamlining third-party patching, including custom software, and OS updates, all fully integrated with full feature-parity and uniformity.

By signing CISA’s Secure by Design Pledge, Action1 has joined cybersecurity industry leaders in a unified commitment to enhancing software security standards. This pledge represents a significant step in ensuring that security is a foundational element in software development and is part of CISA’s global Secure by Design initiative, launched last year, which implements the White House’s National Cybersecurity Strategy.

These initiatives exemplify the high security standards of the Action1 cloud-native platform, which is also certified for ISO/IEC 27001:2022 and SOC 2 Type II by independent auditors. Visit action1.com/security to learn more about these certifications.

Action1 has unveiled new research in its Software Vulnerability Ratings Report 2024 to provide trends based on exploitability rates and the dynamics of Remote Code Execution (RCE) vulnerabilities within enterprise software categories and specific applications. Key findings include:

• Attackers target load balancers with record exploitation rate: Action1 researchers discovered a high exploitation rate for NGINX (100%) and Citrix (57%). Vulnerabilities in load balancers pose significant risks, as just one exploit can provide attackers with broad access or disruption capabilities against targeted networks. 
• Threat actors target Apple operating systems: MacOS and iOS showed an increased exploitation rate of 7% and 8%, respectively. Additionally, although MacOS reduced its total vulnerability by 29% from 2023 to 2022, exploited vulnerabilities increased by over 30%. These findings underscore the targeted nature of attacks on iOS devices.
• MSSQL RCE vulnerabilities surge, highlighting the risk of new exploits: In 2023, Microsoft SQL Server (MSSQL) experienced a 1600% surge in critical vulnerabilities, each being an RCE. This spike signals a potential risk that attackers are quickly discovering and exploiting the next unknown RCE.
• Increased exploitability of MS Office as attackers take advantage of human error: MS Office’s critical vulnerabilities account for nearly 80% of the overall annual vulnerability count, up to 50% being RCEs. In 2023, Microsoft saw its exploitation rate rise to 7%, compared to 2% in 2022. These findings underscore threat actors’ exploitation of user-facing software prone to human error

You can read the full report here.