We are a managed service provider and we use Automox to patch our clients' systems.
We are a managed service provider and we use Automox to patch our clients' systems.
We have integrated Automox directly into our breach prevention platform, ThreatAware, which means that having an API is a massive win.
Automox provides us visibility of devices in our environment, in terms of patch status and applications, and it is important to us because you can't protect what you can't see.
This product provides patch management from a single console across Windows, macOS, and Linux endpoints. Overall, the patch management is very good. If it can't do something because I haven't integrated it, you can use the worklets and do it yourself, which is great.
The speed that Automox carries out its functions is really quick. When you install the agent, literally within 30 seconds, the machine will appear. This is really handy because if you are rolling out a load, you can just check them off as you go. You don't have to wait half an hour and come back. We've natively integrated it with their API to ThreatAware and if we say, "run a patch or reboot," literally instantly, those patches start installing within seconds. It's very quick.
One of the key features we use is the worklets, which are used to create and automate customized tasks across endpoints. My team uses worklets all the time. One example is that they use them to install all of the other underlying agents. We use them to connect to Freshservice and TeamViewer, where Automox installs the Freshservice agent and the TeamViewer agent, all within minutes.
We use the fully automated patching process and it's great. It literally just follows the schedule and does it when you want. Obviously, the machines need to be turned on but as long as it's on, Automox will patch it.
Patching automation saves us a lot of time. We try to utilize automation in everything we do. Then when we link it into ThreatAware and use the bulk operation feature, it just makes life easy. We're probably saving between 10 and 12 hours a month, which is pretty decent.
Automox gives us one less thing that we need to worry about. It used to be a real pain, where perhaps something wasn't installing or we didn't have something that was covering all the operating systems, or we had multiple products being used. We never felt fully confident that everything was being done but now, we can see exactly what's done, and what isn't. Literally, it's our go-to product for patching and we don't use anything else.
There are three features that I find quite valuable.
Although we use it for patching, we also use it for pinging off other commands and scripts like uninstalls and just general fixes. We put Automox on first, then everything else follows using the policies and it's all automated. It works very well.
It is important to us that this is a cloud-native platform because we are a fully cloud-based business. We only use things that are in the cloud, pretty much. For us, the thought of having to maintain servers is foreign because it's something that we just don't want to do anymore. We used to, many years ago, but not anymore.
Automox's console has a clear interface, it's easy to use, and it looks good. In terms of importance, looking good doesn't really matter but the fact that it does look good means that it just makes it a lot more intuitive. What you need to do is clear.
It's super easy to use and we haven't found anything easier. You just specify what you want to patch, and what level. For example, you can choose to just do security, or you can do everything. You tick a few boxes and it's done. That's how easy it should be.
We've used a lot of other products, as well, and many of them are not easy to use. I think that SCCM is probably a prime example of the most complicated way of doing patching. With Automox, its usability is a sign that it's a very well put together, well thought out product. If it's there to do a task, you shouldn't need to be tweaking and adjusting.
The biggest area they need to fix, without a doubt, is the ability to copy and sync profiles and worklets between all of the organizations you manage, and the ability to have top-level user access control across all of the companies that you manage. This is important to us because we manage multiple companies and they're all in our profile, but all of the policies, the worklets, and the user access is all unique for every single company. It's a real pain and I wish they'd fix that.
As it is now, we have to create a worklet or policy for each client instead of replicating them. Also, for users, you have to invite one user to every single company. So, you create the user one, then invite them. If you haven't been invited to a company then you don't know what you haven't been invited to. It's a real pain and they really need to sort that out.
I have been using Automox for a couple of years.
The stability is rock-solid and I've never had a problem accessing it. It's always online, and it's always fast.
It's scalable, but there's definitely that issue with the overall manageability of each client, and it is becoming annoying. In terms of adding in new machines, there is no issue there. However, adding in lots of different companies, because we're an MSP, does become a bit of a pain.
We've got approximately 15 people working on it and they're engineers ranging from second to third line.
This is a chargeable product, so we don't have all of our clients on it. At this point, we're probably protecting about 1,800 machines with it. We do plan on increasing the number of endpoints in the future.
The technical support team is really good. We have used them and they are fast. They're getting issues solved.
We were using SolarWinds N-able a long time ago and we were using Windows Update Services before that. Neither were fit for the purpose. N-able was unbelievably complicated to set up and not very effective. Windows Update was not fit because it can't do Macs, third-party tools, or Linux. Also, it was pretty hit and miss on how good it was during the patching, even on its own Windows machines.
Both of these solutions were pretty abysmal, to be honest, which prompted us, a few years back, to go looking for something better.
The initial setup is really easy and it involves only four steps. All you have to do is create your policies. In fact, we've written a guide on it in ThreatAware.
We've rolled out to each of our clients and we have a set way that we create our policies. It is a top-level template that we implement and we follow it each time we're setting up a new client. It takes about four hours to complete.
Setting up the policies is extremely easy. You create your groups and you do this by working out what type of machines you have and how you want those groups to be. You may choose to do it based on the operating system type, or on the severity of the criticalness. You might have a testing group, and you might also have one that's linked to schedules.
Then, you create the relevant policies that match that. So for example, you might decide that you're going to patch once a week, and you're going to start patching your test machines on Monday, then you're going to expand your group a little bit further on Tuesday. Eventually ramping that up to the critical systems on Friday.
After that, you link the policies so you know one's going to do X number of updates and it's going to do that once a week. Then you might have another policy, maybe once a month, where you are going to do feature updates. You may be doing security updates once a week, then your feature updates once a month. You just create those relevant groups and policies and tick the boxes you need. It really is that simple where you can specify something like "I want Windows and I want security, critical patches only, and I want that every Monday." Create that, then link it to the group. That's it, done. After that, all that remains is assigning the computers to the right groups.
We have definitely seen ROI from Automox, both in terms of time and money savings.
The pricing is fairly reasonable for what you get. We are on the premium licensing, which is the one that has the API capability that we use. There isn't any additional cost on top of that.
I wouldn't mind it being a bit cheaper but I wouldn't want it to be much more expensive. It's getting close to the point where we would need to look at other options if it were priced any higher.
We made use of the free trial before implementing it. This was very important because we don't implement any technology unless we try it.
We have used on-premise solutions to manage patching, configurations, and software, and it's going to be more expensive if you implement the on-premises route. It's not about the cost of that one server; rather, it's the cost of maintaining on-premises equipment, in general, and all of the limitations that come with it.
We looked at ManageEngine and several others. I know that there was none that actually supported all of the operating systems and worked solely on one agent being rolled out. They all needed to have some kind of infrastructure.
That landscape has changed now, as there are more competitors than they had then. However, they are leaders in this area, and we know this because we do evaluate quite regularly.
My advice for anybody who is considering Automox is to utilize the free trial. It really doesn't take long to do it. What you can do is just install the agents on a handful of machines, then you can just put it in discovery mode. From there, it would tell you exactly what patches are missing, and you'll see the difference between what Automox is finding and how many things are missed already. Generally, whenever we do that, you see that the previous patching method is not as good.
Then you can start testing out the policies a bit more and actually getting them installed. It really doesn't take long. In a week, I think you'll be able to see how effective it is. It's a neat little system. It's good.
The biggest lesson that I have learned is an obvious one, but watch out for the auto-reboot option in the policies so that it doesn't just go and reboot all of the machines. The notification feature is okay, although it's a little bit hit and miss. It will give you the notifications, but then if you ignore them enough times then it won't tell you that it's just going to go ahead and install immediately. When this happens, it may just reboot the machine. It will have given you a lot of warning but it's not right at that moment. It is something that you should be mindful of. The best thing to do is choose to reboot at one of the times it is asking.
Overall, this is a really good solution and we are really impressed with it. However, I would still like to see further integrations. I know that they are pushing people to use the worklets but I still think it creates more effort for the client. I would also like to see the ability to handle customers within one larger group and fix the access control between multiple customers.
I would rate this solution an eight out of ten.