Automox: An Automated Patch Management Solution

We use Automox at Glasshouse Christian College, during a recent security audit, I was complemented and informed by the security auditor that they very seldom see organisations so well patched and updated.

We have about 1500 Mac devices 150 Windows devices and 45 servers, we have been using Automox for about 3 or 4 years as at 2024.

Automox is a modern cyber hygiene platform designed to help organizations efficiently manage vulnerabilities and patching across diverse environments. Here’s a breakdown of its key features, benefits, and considerations based on user experience:

What is Automox?

Automox is a lightweight automated patch management solution that significantly reduces the effort required to secure and maintain systems compared to traditional methods.

Key Benefits and Features:

• Efficient Patching Across Multiple Systems: Automox simplifies patching by supporting Windows, Mac OS, Linux, and points with a single console.
• Lightweight and Resource-Friendly: It has a lighter touch compared to traditional remote monitoring and management (RMM) solutions, reducing system resource consumption and improving user experience.
• Visibility and Management Anywhere: Provides complete visibility and management capabilities for endpoints regardless of their location (in-office, remote, cloud).
• Speed and Responsiveness: Patching tasks and commands are executed promptly without delays, providing a responsive experience for IT administrators.
• Customizable Automation: Worklets allow scripting to automate endpoint tasks and enforce policies, even for smaller clients without centralized servers.

User Experience and Insights:

• Time Savings: Users report significant time savings in patch management tasks, estimated at around 20 hours per month, compared to manual approaches.
• API Integration: Automox’s API facilitates custom reporting and agent management, enhancing flexibility and adaptability.
• Scalability: While multi-tenancy management for resellers poses challenges in current versions, ongoing improvements are expected to address these issues.

Considerations for Improvement:

• Learning Curve for Multi-Tenant Environments: Managing multiple clients within a single portal requires a deeper understanding of how Automox organizes policies and groups.
• Policy Inheritance: Policies and patches are not automatically inherited by nested groups, leading to repetitive setup tasks when adding new clients.
• User Notifications and Visibility: Improved user notifications during patching processes and enhanced visibility into patching status are desired.

Pricing and Deployment:

• Reasonable Cost: The pricing is deemed reasonable, especially for organizations managing diverse operating systems (Windows, Mac, Linux).
• Deployment Ease: Initial setup is straightforward, with customizable installer options for easy deployment across client machines.

Customer Support:

• Responsive and Knowledgeable: Automox’s technical support is commended for its responsiveness and effectiveness in addressing issues.

Conclusion:

Automox offers a robust solution for automated patch management, particularly beneficial for organizations with diverse endpoint environments. While improvements are sought for multi-tenant management and user visibility, the platform’s efficiency, scalability, and responsive support contribute to its overall value proposition.

Rating: 8/10 – Subject to improvement in multi-tenant management, Automox is a highly effective and user-friendly patch management solution that continues to evolve and address user needs.

Advice: Take advantage of the free trial to assess Automox’s fit for your organization, paying close attention to its default patching settings and user notification features to align with your operational requirements.

Transition from AXIS to Q-CIS

Q-SYS is a cloud-manageable audio, video, and control platform developed by QSC, a leading manufacturer of professional audio products. The Q-SYS platform enables users to design, configure, and control customised AV systems for a wide range of applications, such as corporate campuses, hospitality venues, houses of worship, and educational facilities.

It’s important to have a reliable and flexible AV system that can handle critical tasks like bells, emergency announcements, and alerts. The Q-SYS platform is well-suited for this kind of application, thanks to its robust audio processing capabilities and easy-to-use control interface.

Some key features of the Q-SYS platform include:

* Integrated audio, video, and control processing
* Scalable architecture to accommodate different system sizes and complexities
* Support for a variety of AV standards and protocols, including Dante, AES67, and AVB
* Powerful software tools for system design, configuration, and management
* Remote monitoring and management capabilities through the Q-SYS Reflect cloud-based service

The Q-SYS platform is feature rich and upgrading from Axis. Q-SYS offers a lot of flexibility and power when it comes to designing and managing AV systems, 

Some of the advanced features offered by Q-SYS include the ability to integrating video and control elements into your school’s AV system. This could allows us to do things like display digital signage, control lighting and HVAC systems, or even manage security cameras, all from a single unified platform.

We have yet to take advantage of the cloud-based management features offered by Q-SYS Reflect? It’s really convenient to be able to monitor and manage your AV systems remotely, especially for large and distributed installation across four schools, Junior, Primary. Middle and Secondary.

Light Touch Apple Environment 2022

For anyone who listened to my talk at ISQ quite recently and would like a little more information, I’ve been collection anecdotal records about my our “Light Touch Apple Environment at Glasshouse Christian College since about 2006

If you would like more info, please feel free to make contact with me and I will be happy to facilitate a tour of our environment and show you how we use Macs in Education.

Quick Links below.

A Letter of Appreciation to my Suppliers – (Part One).

Thoughts and Reflections about Software (Part Two)

The Benefits of a School Managed Laptop Program

— o0o —

Why choose Apple for a 1:1 Laptop Program

Why Apple Macbooks are cheaper than Windows Laptops.

— o0o —

Verkada Security Video Monitoring

For a long time now I have been considering alternatives to our current video Surveillance and monitoring system. I’ll investigate the various solutions available to me and try and be objective about which is best or our College,

We currently use IndigoVision (July 2022) which has served us reasonably well, however it has come to my attention that Motorola has purchased IndigoVision, Avignon and Pelco, so where does that leave me?

• https://www.indigovision.com
• https://www.avigilon.com
• https://www.pelco.com

Verkada Features

• Hardware includes an industry-leading 10-year warranty
• Software updates and new feature updates @ zero cost (future proofed tech)
• No NVR / DVR or server required
• POE powered, scalable solution with no manual updates required
• Secure remote access to all cameras across all locations, from any device anywhere (live & archived footage)
• Bandwidth-friendly, using 20 Kbps per camera
• Motion alerts, people & vehicle analytics, motion plotting, heat maps
• Unlimited cloud archiving storage at zero cost
• Guaranteed 30 / 60 / 90 day local storage on cameras (not motion based)
• Instantly share live & archived footage via SMS and email
• Dramatically reduce the time spent searching footage on a daily basis

Verkada

• Granularity: Reduce the time spent sifting through footage to seconds & find exactly what you are looking for.
• Proactivity: Utilise our existing AIOps to be notified in realtime in the event of an emergency Vs after the fact.
• Future-Proof Solution with No Hidden Costs

Quick and Easy

• A better streamlined system that improves operational efficiencies across the facility.
• Predictive pricing without the sting of anything hidden at the event of an incident.
• Quicker time to act and respond accordingly at critical times. 

— o0o —

Verkada Says !! – Taken from Verkada Website

Best in Class Granularity

• Review hours/days of footage in seconds simply by hovering from left to right.)
• Utilise people & vehicle analytics to quickly review footage based on attributes of person/vehicle you are searching for.
• Investigate if somebody was on-site by uploading a photo and see if any device picked them up.

Proactivity To Act

• We’re the only solution on the market that can send a live link to a first responder or police at the click of a button.)
• We give you alerts to alert all users of the Verkada platform (Unlimited users) if there is an intruder on site or anyone vaping in toilets.
• We can set up person of interest alerts if there is someone on site who shouldn’t be there. for example. Abusive parents not allowed to see a child, sex offenders, expelled students). All relevant people will receive an SMS or email within 2 seconds of the person being picked up.)
• We can set up motion event alerts if either a vehicle or person is picked up within a restricted hour outside of a certain time window. (Example:Students drinking on the premises after hours, potential burglars, loiterers).
• We can set up a License Plate of Interest if there is a vehicle in question lingering around the school to notify all relevant people via SMS or email within 2 seconds of that vehicle being picked up.

Future-Proof Solution with No Hidden Costs

• No NVR, DVR or on premise server to manage / update / maintain
• Unlimited cloud storage for archiving video clips @ zero additional cost.
• Unlimited Users & remote support from Verkada experts @ zero additional cost.
• Lower 10 year Total Cost of Ownership & predictable renewal costs.
• Cameras record continuously @ 24 frames per second (not motion based)
• 30 Day cloud backup @ zero additional cost.
• Guaranteed period of retention on device (30 /60 /90 /120 /365 days).
• Free in-built responsive support team on the platform itself.

The Benefits of a School Managed Laptop Program

I thought I would take a moment this week to describe the College Laptop Program and compare our style of laptop program with those offered by other organisations on the Sunshine Coast.

Our College delivers a school owned and managed laptop program which ensures our entire fleet of computers are running on the same hardware and software. A uniform technology footprint goes a long way towards providing a consistent, stable, and robust learning platform for our students and teachers allowing classes to start on time without unexpected technical delays.

A college supplied MacBook program such as our own comes with several distinct advantages than what a BYOD (bring your own device) program offers. These advantages have become the envy of other schools that also strive to deliver similar education services but are challenged by the cost of maintaining and delivering a program like our own.

Our program provides students with a brand-new college funded MacBook at the start of years 7 and 10, giving students a brand-new laptop refresh after three years of use. MacBooks and software are supplied free to all our students and teachers.

Many contemporary schools save money by offering a BYOD program which is a very appealing model financially, but less appealing to teachers who then have to teach students on a variety of different hardware and software platforms.

I thought I would quickly highlight some of the obvious benefits a school managed laptop programs compared with the more common BYOD programs:

School Owned and Managed Laptop Program

• Zero cost to parents and students (except for damages)
• Everyone has the same model of device which makes it easy to solve issues
• Audio visual – connecting to TV displays and projectors is easier and consistent
• Software all the same, upgrades happen at the same time
• Printing is the same on every device
• Software restrictions can be placed on some or all students as required
• College provided laptop hard cover case

Bring Your Own Device Program

• All hardware costs and expenses are passed on to the parent
• Inconsistent compatibility issues related to hardware and software.
• Difficult for IT staff to diagnose and fix issues, given the wide range of devices supported
• Students often without a device while repairs are in progress
• Consumer devices are often sent away for long periods of time
• It is difficult to monitor what a student is doing on their device (non-productive work)
• Very difficult to get protective cases for BYOD devices

It is very encouraging to see that there is a swing from BYOD to school owned and managed devices (like our own) partly because it reminds us that as a college, we have been doing the “right thing” for over 10 years, but also because it means that many more students are receiving the additional safety and learning advantage that technology can bring.

In the next issue of the college newsletter, I hope to explore the costs of repairing devices, and why long term our school owned and managed laptop program works out cheaper over the long term especially when you factor in the educational advantages. We will also talk our way around how parents can restrict student access to the internet at home.

Regards,
Roland Munyard

Automox Automated Patch Management Review

We’re an educational institution (K-12) with about 1100 Students and 150 Staff, and have been using Automox for over 9 months to keep about 40 servers and 90 Windows clients fully patched and up to date.

Beginnings

Our Automox journey began during a review meeting with Crowdstrike. Read my Crowdstrike Review here. Anyway, during the review, Crowdstrike identified a few servers which were not fully up to date. We explained that Sophos Lockdown was installed on these particular servers which made it time-consuming and challenging to regularly patch these particular servers.

Paul at Crowdstrike reminded us that Automox was one of their recommended product partners and suggested that we may want to consider using it to update our entire fleet.

A day or two later we had Automox installed on one of our servers and by the end of the afternoon it was fully patched. The process was easy and painless, and to some degree effortless.

So what is Automox?

In my own words, Automox is cloud-based patch management and policy management software that is easy to set up and install and reasonably cost-effective to maintain. It provides visibility of my fleet and insight into my patch management strategy. and of the patches applied to the Operating System and third-party applications.

In other words, – It’s software that makes it easy to keep my entire Windows fleet up to date.

Our Experience:

We discovered Automox on Thursday the 8th of October 2020 and by Monday the 12th 2020 we had fully patched our fleet of Windows Servers.

We went on to patch our Windows client devices in the administration department as well as all the student Windows computers in our computer lab. Clearly, anyone reading this will hopefully understand how relieved I was as an IT manager to be in a position to know that all my Windows clients were fully patched end-to-end in less than a week. I receive a daily text message to confirm that fresh patches have been applied to the Windows fleet throughout the working day. If it’s your responsibility to manage any Windows environment then I would encourage you to consider Automox, I highly recommend the product and strongly suggest that you take a look at it.

How does it work?

• An agent is installed on each of the servers, a schedule is set up and off it goes; patching every one of our servers.
• Was it easy to demo? – Yes delightfully simple, (I wish more software was as easy to obtain as a demo, and then purchase).
• Was it easy to purchase? – Yes and affordable too.
• Were there complications? – No.

Why Security and Patch management is important:

• We all know that keeping your environment fully patched and up to date is one of the best way to protect yourself from known vulnerabilities
• Any and every security audit will advise you to keep your servers fully patched and running the newest versions of Operating systems and 3rd party software.
• Simply keeping your OS and 3rd Party Software up to date can reduce vulnerability by up to 70% – (or so I’m told).

Take a moment to think through what it means to be able to say that your entire server environment is fully patched.

We chose the simplest and easiest configuration setting and as far as I know, we haven’t had any failures ever. Let’s hope it says that way.

http://automox.com
https://console.automox.com

Jamf Protect

In early 2020, following a less-than-remarkable experience with another vendors fulfilment promises of day one M1 Mac support, we set out to find a solution that would work off the mark for Mac Endpoint Protection on our M1 devices. We settled on Jamf Protect, a product in a suite we were already leveraging elsewhere, making it the obvious choice.

When deciding what solution we required for our fleet of 1300 MacBook Airs, we weighed up the pro’s and con’s of the solutions available.

Pros
Natively works on M1’s
Trusted vendor
Comparative

Cons
Relatively new, can we trust that it is the best solution?

At first, one may question why virus protection is even necessary on a Mac if ‘Mac’s can’t get viruses’. In some sense, it is true that it is much more difficult to get a virus on a Mac, but they are certainly not immune to cyber-attacks or malware, in fact this lax perspective from Mac users may make them more likely to be targeted in more sophisticated attacks. It is for this reason that we implement security controls on our Macs, and have the additional layer of protection of an Endpoint Security Agent such as Jamf Protect.

Jamf Protect leverages the Apple onboard security tools and gives us the ability to set up custom detections to protect computers, whilst allowing us to measure our devices against the Center for Internet Security (CIS) benchmarks. Jamf Protect is installed automatically on all of our Macs during the initial set up process as an enterprise application. Installing it this way is made possible by our use of Jamf Pro, and ensures easy distribution and managed updates to the application.

The app is initially deployed as an enterprise application package which is usually installed by the time the device has logged in for the first time. During this initial Remote Management process, the Macs also install a Jamf Protect configuration profile that sets their user plan, pushes the Privacy Preferences Policy Controls (PPPC) as well as the relevant certificates to the device. This configuration profile is automatically created within the Deployment Tab of Jamf Protect and can be uploaded to Jamf with ease.

Since we wish to track the same metrics across staff and students, we have one active plan for all Macs in the school. We receive alerts to our emails when students or staff install programs that are known to Jamf Protect to be viruses, and they are unable to open the file/program as a result. We have caught a number of students downloading Mackeeper to their devices this way, the result of which is their device is wiped.

The program works un-intrusively on the device and does not launch a program like other solutions might, which means that students cannot play with the settings on the program. The only time a student will see a Jamf Protect notification is when they launch something that Jamf has deemed a threat. In addition, there is no requirement for us to manually license the program once it is on the device, it is all taken care of by the configuration profile.

Written by Anneliese Hughes

Case Study: CompNow Extreme and Glasshouse Christian College

We’ve been using Extreme at our College since January 2018. This case study journals some of our success and we are still very happy with Extreme, so if you were interested, have a look at the attached PDF  (CompNow-GlasshouseCC-Extreme-CaseStudy.pdf)

Glasshouse Christian College (GCC), on the Sunshine Coast, is named one of ‘Queensland’s most innovative schools’. It is recognised by Apple as an ‘Apple Distinguished School’, just one of eight schools in Queensland, and 470 worldwide.

CompNow Extreme and Glasshouse Christian College

 

CompNow-GlasshouseCC-Extreme-CaseStudy.pdf

Case Study: Somerville CrowdStrike and Glasshouse Christian College

We have been using Crowdstike since September 2020 and we’re still still reasonably impressed with what some of the outcomes. We did a “case study” of our journey this far.  

Somerville’s National Sales Manager, Rob Perry sat down with Roland Munyard, Glasshouse’s Head of Information Technology, and Joshua Whysall, Infrastructure Engineer, and discussed their challenges and how they implemented a new solution to deliver improvements to their security environment.

Glasshouse Christian College is a Prep-through-Year 12 private school of 1,100 students located on the Sunshine Coast in Queensland.

 

Glasshouse Christian College – Cybersecurity Solutions Case Study – Somerville CrowdStrke.pdf

Thoughts about Pixevety: Serious Photo Management for Schools

 

Pixevety in a College Environment

If you are serious about the privacy and security and the protected distribution of your Visual Assets, then you should look at using a Digital Asset Management software like Pixevety, currently in use at Glasshouse Christian College

I believe that parents should be given the opportunity to inform their School or College about what may or may not be done with their children’s photos. While this is a noble aspiration, it’s easy to say and difficult to do. 

I introduced Pixevety to the College in early in 2019, when we like many schools, needed a better way to manage our Visual Assets. 

I asked other schools what they were using and then researched various other photo management solutions. 

As the main driver for bringing Pixevety into our College, I not only had high expectations, but I felt responsible for its success. I was delighted when Pixevety exceeded my own expectations. 

Marcus and Colin are a delight to work with. After a product interview and on-site demonstration of their product, I hired them to work with us to ensure that Pixevity was introduced to our College as efficiently and effectively as possible.  

Why we needed a better solution

In my opinion, two many staff required access to our visual assets.

We did not have a clear retention policy, so everything was backed up. 

I felt uncomfortable being responsible for so many years of visual assets (about 15 years of photo collection) while still having very little control over who has access to our visual assets. 

What we have achieved by using Pixevety

We have gained better control of who has access to student photos. 

We are confident that our visual assets are being safely backed up. 

We are satisfied that our visual assets will remain in Australia.

We are confident that we can quickly identify students in photos

Summary

There are not many products you can compare with Pixevety and which can offer powerful photo management, including the upload, categorisation, long-term storage and retrieval, facial and object recognition and the fulfilment of privacy and compliance requirements.

I don’t know of a lot many software companies that actively employ a “Privacy Expert”, who can offer advice and assist with law compliance.I consider the Staff at Pixevety to be experts in the field of photo management. 

Pixevety has dedicated itself to partnering with schools and doing the right things for customers and have been rewarded with a strong following of loyal subscribers.

Colin, the owner has an evident passion for the Pixevety product which has been transferred to his sales and support team. 

Their customer service team is above average. 

See for yourself

Please do your own research: We are happy with the Pixevety. Your own mileage may vary depending on how willing your management team is to embrace change. 

 

Roland