Action1 Corporation, a provider of the #1 risk-based patch management platform designed for work-from-anywhere enterprises, announced today its plans to invest $20 million in its solution. The investment aims to close the gap for easy-to-use secure cloud solutions for continuous remediation of security vulnerabilities on endpoints within distributed networks. The company plans to allocate funds for R&D, focusing specifically on implementing zero-knowledge architecture into its platform.
Unpatched vulnerabilities accounted for 82% of cyberattacks in H1 2022, making them a leading contributor to breaches. Patching is overlooked due to two main reasons: the complexity of modern IT environments and the lack of automation. Specifically, 73% of enterprises don’t automate third-party patching despite having an average of 67 applications per device. Additionally, patching remote endpoints takes 2.5 longer. While cloud-based solutions can address these issues, enterprises are concerned about security risks following software supply chain attacks like SolarWinds and Kaseya, which compromised multiple entities through a single-entry point.
The unprecedented growth of online threats in parallel to the growth of distributed workforces is forcing organizations to seek alternatives to legacy endpoint management tools, which not only struggle with scalability, but also hinder their ability to maintain flexibility, cybersecurity, and resilience.
Ken Buckler, Research Director at Enterprise Management Associates®.
The Action1 cloud-native platform empowers enterprises to remediate security vulnerabilities by streamlining the deployment of OS and third-party updates or implementing compensating controls. Unlike many other patch management market players that rely on third-party technologies, Action1 uses its own patching engine, ensuring a 99% patch success rate. Through the integration of zero-knowledge architecture, Action1 eliminates the risk of successful supply chain attacks targeting both the platform and its customers, enabling organizations to secure their endpoints with confidence.
Action1 provides us with complete visibility into the patching status across our endpoints, enabling us to develop policies for OS and third-party updates to automatically remediate security vulnerabilities; when combined with the upcoming zero-knowledge feature, it will bring our resilience level at the cutting edge of industry trends.
Matt Lutjen, system administrator at CARR Auto Group.
The zero-knowledge architecture utilizes encryption and digital signatures, ensuring that transactions within the system are proven and verified without revealing any underlying information. This additional layer of defense makes it nearly impossible for attackers to establish persistence within the software supply chain in the event of a compromise.
Key elements of the zero-knowledge architecture:
- End-to-end encryption: Transactions within the system are encrypted, and decryption and execution are only possible with signature keys known only to the system’s administrator.
- Verification without data revelation: All commands must be verified for identity before execution, but no entity, including the vendor, has a sensitive level of access to the customer’s environment.
Action1, through its commitment to setting a new standard in patch management, provides enterprises with easy-to-use and powerful solutions for continuous patch compliance, all fortified by advanced security measures. These measures ensure the highest level of protection for the product and its underlying infrastructure, effectively addressing the evolving needs of modern distributed enterprises in mitigating the threat of supply chain attacks.
Mike Walters, President and co-founder of Action1.
Zero-knowledge architecture update to the platform coming H1 2024.