Vulnerability Management 101: Automated Mitigation with NinjaOne
Hey everybody, I've got a special guest on the YouTube channel today. His name is Jeff Hunter from Ninja one. He's a field CTO, uh, kind of let him do a brief introduction of himself, but we've got some super exciting stuff to talk about in showcase today, all about vulnerability management, which, uh, if you know some of the content that I make, uh, I very much have opinionated thoughts on that. Um, but, uh, I'm really excited to talk to Jeff, uh, on the YouTube channel today. So Jeff, welcome.
And, uh, if you want to give a brief introduction of who you are, what you do, uh, for, for those who are not familiar and, uh, we'll get, get into the, the topic of conversation today. Yeah. Thank you, Spencer.
It's a pleasure to be here. Uh, my name is Jeff Hunter. I'm the field CTO at Ninja one. Uh, that means I host a lot of our webinars.
Uh, I also record and in the disembodied voice, you might hear on a lot of the product demonstration videos. You might see me at trade shows. You might see me, uh, doing some speaking sessions out there, interviews like this with Spencer, uh, and, uh, Ninja one is the company that offers all the tools that people in IT need to do their job.
Uh, it starts with endpoint management, being able to do the basics of patching the device, uh, being able to automate across the device, having real time access, uh, remote screen share. And then it funnels out from there. Uh, you need ticketing to manage all the alerts and everything that comes in. Uh, you need to be able to back up those devices. You may have mobile devices that also need to be managed through the MDM platform. Ninja one offers, uh, and you may also need to store all the institutional knowledge tied to these devices in a documentation platform, but we also offer a variety of integrations so that if you already have tools, uh, you can certainly continue to use those alongside Ninja.
Yeah, awesome. So, uh, we are going to talk about vulnerability management a bit, um, and kind of what that means and what that looks like in the pain points and, uh, a number of different topics, but I do want to say you have a very podcasty kind of like, um, you know, easy on the ears kind of voice. So you're like a natural for this interview and like, uh, talking style thing.
Thank you very much. I appreciate that. Uh, so vulnerabilities.
I wanted to touch on vulnerabilities. Uh, this is something that we see all the time at security 360 where I work. We do pentests and offensive security engagements and vulnerability management and assessments and things. And we see this all the time and we see kind of, uh, uh, an overreliance on just broad spectrum vulnerability management, meaning, you know, you scan everything and then you try to get to zero, right? Um, I think there's a common, uh, trap that many folks fall into in that they, you know, they scan their systems and they have, uh, this sense of fear that, you know, unless they patch everything, unless they get everything to zero, um, that something's going to hurt them. But in reality, there are, um, there are aspects of vulnerability management that can be automated. There are things that can be prioritized.
Um, and there are many things that, that folks should focus on. Um, that really will help kind of in the long run. So, um, that was kind of my introduction to vulnerability management. I'm sure everybody who's listening is familiar with what vulnerability management is, uh, but maybe, uh, Jeff, if you could kind of outline some of the, the pain points that you see, you know, like, what are some of the biggest challenges that you've seen with folks who are trying to do vulnerability management across their organization or at scale across MSPs and stuff like that. What are some of the common pain points or kind of hurdles that folks are faced against? Yeah.
And I think the most common hurdle is the remediation step. So the, the identification step, that's great. That's necessary. You got to have that, uh, but it's actually, all right, what do I do to fix this? You know, I've, I've, I've scanned for vulnerabilities.
I know how have a very long list of things I need to take care of, uh, being able to automate that remediation, uh, to the extent that you can, considering the nature of, depending on the nature of the vulnerability, you absolutely want to be able to do that. Uh, and so part of our initial implementation of vulnerability is to essentially take the, uh, missing patches that we detect patch management as something that Ninja one does very well. And based off the missing patches, we also know that means you are going to have vulnerabilities on the system.
And so that's just something that's automated as soon as a device joins Ninja one, uh, it's going to say, Hey, you are missing these patches and commensurate with that you are also subject to these vulnerabilities. Uh, but that's the single biggest, uh, you know, concern that I hear the single biggest desire that I hear is how do I automate it? You know, how am I able to take vulnerabilities that are just going out of control? I mean, year over year, the statistics are crazy in terms of the just pure number of vulnerabilities that need to be accounted for the last couple of years have gone, I mean, probably over a hundred percent, uh, from what it was a year or two ago. Uh, and so yeah, being able to scale with that, you need to be able to automate the idea that you're going to be able to do what you mentioned and kind of go down a very long list and be able to keep up with that. Uh, in any real way is, uh, I think not something that's going to happen for the vast majority of people.
So you need to be able to automate, uh, the remediation of these detected bone vulnerabilities. Yeah. And I looked up some stats to kind of like prepare for this video and in 2024, there were over 40,000 vulnerabilities, right? So 40,000 vulnerabilities just in 2024. And that was according to the statistics that I found. And as we know, you know, some statistics are not always 100% accurate. I think the stats, 60% of stats are made up.
But anyways, um, from, from very, uh, viable sources, right, uh, a significant increase, upwards of 70 to 100% increase, like you mentioned, depending on who you look at and kind of how they measure it, uh, in, in what measuring stick they use, but between 70 to 100% increase in vulnerabilities from the previous year, which is staggering, right? We're looking at, you know, this year being, you know, uh, 50,000 plus vulnerabilities. Um, and as you said, one of the things that, that I used to do in my thesis admin job was if we do see suspicious activity on the network, um, or on an endpoint or something like that, we'll go and we'll look at the vulnerabilities on that host, right? That specific host will go and look at the missing patches on that host, uh, and having a platform where you kind of like, you know, look at everything in kind of that single viewpoint, the missing patches of vulnerabilities is really handy to kind of get a sense of, um, what risks might be present on that system. Um, and what could potentially be going wrong with that. Um, so you talked about remediation and are like kind of automating the remediation. Um, what about, uh, is there anything else from a challenge standpoint that you see, uh, I team teams facing outside of remediation? Is it kind of like overload with their tools and like having desperate, uh, tooling to kind of like focus on these things.
That's something that I recognize as this admin, uh, in my previous work is you'd go here for one thing, you'd go there for another thing, and sometimes it would be conflicting and you weren't sure, uh, like your third party patch product would say like, Oh, it's not missing a patch. And then you'd go and you look on the system and it's like, no, it's definitely missing a patch. So that is, uh, is often a frustration as well. I'm sure you have examples like that.
Absolutely. I mean, uh, really, I feel like we're at a tipping point now where over the last five years you have this huge paradigm shift, uh, where all of a sudden people's way of managing devices, the way that they work, it's completely disrupted. And so you have this very rapid shift and you have a lot of rapid adoption of all these various tool sets. And so now I think everyone's had a little bit of time to breathe and they realized that they have all these different point solutions, not all of them necessarily talk well to each other. And to go to the earlier point about remediation being the problem, there's not really an easy way to automate the remediation. There's not a good way to have these tools communicate with each other and have a single source of truth that you can go look at and have the confidence that it's telling you something accurate.
Uh, you know, you end up having to go, like you said, into a couple of different portals to kind of reconcile all of these differences and figure out, okay, what is the actual way forward here? Uh, and so that's something we see a lot of people, uh, concerned about is kind of the nature of how having a fragmented siloed tool set is not ideal, uh, that it creates a lot of problems, uh, namely one of them being staffing, you know, the ability to, uh, hire staff to be able to train them, to be able to retain them, uh, in my conversations is very, very difficult or substantially more difficult with the greater number of tools that you have in your stack. Uh, so it's not to say it's an impossible problem, uh, but going back to our point about the, uh, nature of vulnerabilities kind of growing year over year, uh, the nature of what people have to do in IT is also growing year over year, the sheer number of end points that you have to deal with now, even on a per employee basis. I think it's substantially greater today than it was five years ago or 10 years ago, uh, the concept of having more and more devices that need to be managed, infrastructure devices, kind of communal grab and go devices. Uh, you need to have visibility on all that, uh, and going to all these various point solutions to do that can be a blocker. You know, you can spend time having to find something, reconcile information, that you otherwise might be able to do in a single platform.
Uh, so yeah, that's something that we see a lot of people who come to Ninja one are looking to say, I have 15 tools in my tech stack. It sounds like you can replace at least half of them. You know, how is there show me a better path forward? Uh, what is my life going to look like using, you know, a platform approach versus point solutions? Uh, and how is that going to benefit my operation? Yep.
And the other aspect too, uh, and something that we, uh, that everybody, I think can resonates with everyone recently is remote employees. You know, that's something I think is a big consideration is, you know, COVID completely disrupted the way we work. And now many places are fully remote or, you know, they're hybrid. They're in the office once a week.
They have laptops. So being able to manage those and, and patch those devices also got disrupted. Right.
Many people were reliant and you're like myself included in this admin days. We're relying on the computer being plugged in the network at the office. We could always get access to it. We could walk down, we could manually patch it, not so much so today, especially with organizations who are fully remote, who are, you know, in multiple geographic cities, this is very common with law firms. We work with a lot of law firms, right? And they have eight offices across the country.
Um, and now they're, you know, mostly hybrid. So you don't even know where the device is, let alone, like have it in a centralized location to really manage it or update it, patch it, things like that. So I think that's a very important aspect of this conversation too. And maybe you could shed some more light on, on like the remote aspects of this. Yeah, absolutely.
I mean, I can remember, uh, starting at Ninja one five years ago and talking to people where one of the first conversations we would have is, are you okay with a cloud-based tool? And that's because the nature of having on-premise management was just so ingrained in people, you know, you had to have an on-prem because that is how you manage your devices. We're talking about decades of institutional, uh, you know, muscle memory here where the devices are on-prem, you know, it's fairly rare for you, uh, to, to be off-premise for the vast majority of organizations. Uh, and that's a, you know, I won't say it's not a, a, a, uh, uncommon question for people to ask about the nature of where, uh, Ninja one is hosted, but that's far less of a consideration today than it was five years ago or 10 years ago or 15 years ago. Everyone has, again, to your point, been forced by COVID and by just the rapid shift in how everybody is working these days, uh, they're forced to adapt.
And so, yeah, we see a lot greater acceptance of cloud-based tools that to be quite honest, uh, you know, was not quite there five years ago. And everybody has been essentially forced into the situation where there's been this rapid adoption. And so that barrier to entry has gone down, uh, significantly in my experience. Uh, and so we see people who are just far more willing to, uh, adopt these cloud-based tools because they have to, you know, to your point, everybody is distributed across the world. And the expectation of how someone wants to work, they expect to be able to go into any hotel room, any airport, any coffee shop in the country and be able to work just like they would be if they were in a physical office, uh, like has been kind of the traditional expectation over the years. Uh, and IT teams have needed to, needed to adopt the tool set that allows them to do, do that while at the same time, making sure that those devices are still secure, uh, the company data is still secure and that there isn't the potential for compromise, which is obviously much more difficult when you don't control the actual premise that the device is going to be operating in.
Uh, they're going to be, uh, you know, connected to all sorts of different networks, uh, you know, the users in my experience, maybe don't have the best security hygiene when they're off-premises, they are, when there's in the office, uh, when it comes to things like locking devices and things of that nature where there's a little bit of peer pressure. Uh, so yeah, I absolutely think that, uh, we see, you know, a much greater adoption of these cloud-based tools just out of necessity, uh, because it's, it's the Superman problem, you know, uh, Superman's got to be right every single time, uh, the malicious attacker, the, the, uh, ransomware person, they only got to be right once, right? Like they only have to succeed one time. So the nature of, of, you know, making sure we track all of these vulnerabilities and have these devices under management is just that much more important. Yep.
And I understand, uh, you want to show some, some stuff and some demos and stuff like that. I have one more question to kind of like follow up on that. And that's the, the speed of patching.
And one thing that we recognize, you know, myself working in offensive security and being a former sysadmin, the speed at which these vulnerabilities are being exploited has exponentially increased, right? There was a, there was a, something I posted on, on X or Twitter the other day, it's like, there was proof of concept code in like 30 hours on GitHub for this vulnerability, right? And we're seeing now in 24, 48, 72 hours, we're seeing mass exploitation of these critical vulnerabilities, um, you know, and you can point to any number of examples in recent years to show that the time from when the vulnerability was announced or released or kind of published to the time that there was in the wild exploitation is increasing, you know, at quite an alarming rate, like the, the speed of adoption or the, the speed of progress of that exploitation is, is increasing, increasing quite a bit. Um, question for you is like, how, how do organizations combat that? And how are we, uh, kind of like designing these systems and building these, these platforms to kind of help speed along the prioritization and the remediation and kind of get those things patched, identify what needs to be patched to begin with and kind of speed that along. So we can kind of, you know, compete or more or less, you know, make sure we're protected as quickly as we can.
Yeah. No, that's a great question. And I think it circles back to something we talked about earlier, which is the remediation, you know, identification of these vulnerabilities, knowing they exist, great.
How do I fix it? You know, how do I ensure that I have as many layers of protection and security in place, you know, beyond my EDR tool, also having these vulnerabilities patch and address. And so, I mean, for us, the solution is automation, you know, so much of what we see in the IT industry, it's being able to automate low level actions. And so within Ninja one, you know, we have the ability to go and identify the vulnerabilities that are present based off of the missing patches. We're able to then detect if there isn't a patch available that is particularly important, maybe it has a certain CVSS score above a certain threshold. And then assuming that's been available for a certain amount of time, we can then go and automate the execution of patching.
So patching can happen on an automated basis, on an interval as frequently as an hour if you want to, but really it's being based off of triggering the patch scan when the vulnerabilities have been detected, when the high CVSS score patch has been detected, we know something's available, we could automate patching when a device has gone maybe seven days or 15 days without being patched, we want to go ahead and ensure that they have that consistent flow so that everything is being automated and you don't end up in the situation where you have a lot of manual repetitive work. That right there, in my opinion, is a recipe for things to get missed. That is how you end up with potential compromises because somebody did something that they shouldn't have done just based off of human nature and the fact that people make mistakes and accidents happen. So being able to automate that as much as possible, to me, that's absolutely critical. It goes back to the broader point of how to use scale in IT, you
know, businesses grow, it's what they are designed to do. IT teams need to be able to scale with that business growth. The idea that you're able to hire your way out of that problem, I think, is kind of a pipe dream. It's just not something that's feasible. Being able to automate your way out of the problem with the right toolset, I think, is a far more realistic approach and something that's going to give much greater return on investment over the years versus trying to hire your way out of it or, again, buying multiple point solutions that allow you to do the job, but don't necessarily accelerate any of your workflows or processes. Yep, definitely.
And I like to famously or infamously say like 99% of vulnerabilities don't matter, but it's the 1% you don't know that that matter. So being able to prioritize and automate the, for lack of a better word, the minutiae, right? Like the ones that you can automate, the ones that you can like programmatically kind of clear out so you can really focus on the ones that matter or that are important or that are bigger lifts is super valuable. So you've got some cool stuff to show and I'm going to bring over your screen here. Cool. So walk us through like what this is, how this works.
Um, I'm super excited to kind of see what this is all about. Yeah, absolutely. Right here, we are looking at the main Ninja one dashboard. This is your, your cup of coffee view when you come in in the morning.
How does my idea stay? Look, uh, what do I need to pay attention to? And here you can see we've got a couple problems so we can see that we've got us a couple servers down. Definitely something we want to look into. Uh, we can see down here that we have some pending operating system patches. We've got some alerts that have triggered some of these devices need to reboot. We're talking about vulnerabilities. So you can see here that we do have critical vulnerabilities, uh, high vulnerabilities, medium vulnerabilities.
We've got the low ones down here. If there were any that were detected, uh, now this right here, this particular environment, this is displaying the vulnerabilities strictly based off of the patches that are missing on devices. And so if we go to our vulnerabilities tab here, uh, you'll see this is all CBEs that have been detected as the result of devices not having certain patches installed. And then over on the right hand side, we can actually see the KB or KBs that are going to help remediate these vulnerabilities. And so right here, we can certainly see that, uh, we've got some, uh, whole bunch of vulnerabilities, some extending back to 2023. Some of them a lot more recent.
Uh, I've got several different severities, uh, and we can actually click on the CBEs here if we wanted to read up on, Hey, what is it exactly is the nature of this, uh, how important is this? So here we can see the base score at 9.8. Okay. This is pretty critical. Something we need to take a look at here.
You can see that this particular patch here is available. It's an appending state. Uh, and then down here, we can actually see the devices in question that are going to be impacted by this particular CBE. Uh, and the nice thing is we can actually come in here and say, Hey, here's the pending patch.
Let's go ahead and approve it. And so when we come in here, we see the patch in question. Uh, this is where we can actually approve patches. There's a couple of different ways you can manage patches through Ninja one. You could auto approve certain patches in my particular case so that I have something to show you.
I have everything set to manual so that we have to actually approve each, uh, each individual patch. The paranoid IT admin. Yes, always. Uh, it'll be on my bones until the day I die. Uh, you can see here that we've got links to the patch notes. Uh, if, uh, we had a KB analysis of this particular patch, this would be Ninja one patch intelligence AI letting us know if there were any issues with the patch.
Uh, obviously in this case, I think the CBE danger probably outweighs any potential disruption for a patch from, uh, October of two years ago. And then we have the actual CBEs that are being remediated by this patch. And so we can click in here and this is a closing the loop. It's around Robin where we're taking the information that we saw on the other tab and it's just easily surfaced right here. We could copy this if we needed to export it for some reason. We could, of course, also export it from the other screen that I showed you earlier.
And then here we can actually click on the CBEs if we wanted to read up on each individual one, just like we did earlier. Yeah, it's super nice to be able to have a list of what, uh, CBEs and what issues a single patch remediates, right? Cause that's one of the big, uh, hurdles that I, uh, experience as a CIS admin is like, you've got this, you know, quality update. They used to call them like cumulative updates or quality updates, right? And it would have all these fixes for all these things, but it was hard to know exactly what things got fixed or what CBEs were patched and you kind of had to dig a lot for it. So that's super nice. Yeah, it's, it's really convenient.
Uh, I will say I was kind of surprised just at how much of a nice value add this was, uh, to kind of have this information just readily available. Uh, what's really cool is when I was populating this environment with devices, you could actually see it happen in real time. As the devices are being added in, you could see Ninja one saying, Hey, this device, uh, has all these patches installed. Here are some missing patches. Here's the vulnerabilities that you have. So it was almost instantaneous.
As soon as I had devices join into Ninja, I was immediately seeing all this vulnerability information, uh, that was just being automatically detected based off of the missing operating system patches on the devices. Uh, so yeah, that's, I mean, to me, that's one of those things that I, it does blow my mind a little bit. It seems a little bit like magic to be able to have that all inside of one portal. Now, so far we've been talking about how Ninja one is identifying these vulnerabilities based off of the, uh, the missing patches on the device, but you also have the ability to integrate a third party scanner.
So aside from detecting the missing operating system patches, Ninja one isn't going and doing any sort of direct vulnerability scanning in the way that a dedicated tool for that, uh, would at least not yet. Uh, but we do allow you to go ahead and integrate the results of your third party scans into Ninja one. Uh, we've launched some API endpoints and you can see right here, we have our Ninja one API, which I'm a huge fan of, uh, and this allows you to go ahead and take a CSV export from whatever service you happen to be using.
We're agnostic on which one, uh, just needs to have a, uh, piece of identifying device information like the devices IP address and then the actual CBEs that are applied to that device. And so you can actually use our API endpoints here, uh, to completely automate this, uh, you can interact with the API of another service, uh, have it initiate scans, export those scans on a recurring basis, and then upload them in the Ninja one so that you can see where those vulnerabilities are, are, uh, having an effect. Uh, and then as that scan comes in and you do your remediation, uh, then, you know, you can see the, the, uh, vulnerabilities disappear from the device because the remediated those through your endpoint management platform. Uh, so this is, uh, a nice way to take your existing scanner that you already have and integrate that in the Ninja one so that you have that cross platform visibility. Uh, you don't have the situation where you're looking at Ninja one, you're going back to your vulnerability scanner and saying, okay, these CBEs are right here.
All right. Let me go back into my platform that I've done that. No desire to repeat the experience. Uh, this is one of those mind numbing tasks that if I could find a way to automate it, I absolutely would.
Uh, and so with these new API end points, really easy to go ahead and have that occur on as frequent a basis as you'd like, uh, just upload all the CBEs into, uh, that have been detected into Ninja one. And, uh, obviously that flow will adjust over time so that you see when things have been fixed as a result of patching or maybe some other automation that you've deployed through Ninja one. I want to talk a little bit more about the nature of how we can automate patching, uh, to remediate these vulnerabilities.
So let's go ahead and go into a Ninja one policy. Uh, Ninja one policy is kind of the engine that makes this whole system go. A lot of your day to day actions are all going to be tied to your policy settings. And so here we would have conditions and this would be the alerts of Ninja. It's detecting something and when something has gone wrong here, if you're outside of your authorized criteria, uh, it's going to go ahead and raise an alert.
And so right here we can see this is a good example that I mentioned earlier. Uh, when we have a patch that has a CVSS score above a certain threshold and when it's been available for a certain number of days, uh, we can then go ahead and raise an alert and that includes, if somebody has rejected the patch, you know, there's something important inside a rejected patch, uh, you want to know about that. And so, uh, this would give you that insight as well. And so right here, great, this lets us know we have a problem, but going back to my point, how do we actually remediate this in an automated way? Let's just run patching. And so let's come in here and run a patch apply.
And so right here, because we're in a windows policy, we have access to the operating system patch apply and the software patch apply, but you would see the exact same options for Linux and macOS endpoints as well. But in this case, let's just do an operating system patch apply. And so whenever we have this patch that's been detected, it has a high CVSS score of whatever threshold that you determine, you can then go ahead and create that alert. But what you care about more is the fact that you're automating the actual execution of patching on the device. And this is something that you can really apply in a couple other ways as well.
For example, if a device hasn't had an operating system patch or a software patch installed in a certain number of days, let's go ahead and automate patching. Let's run that patch scan so that we know that we're up to date or run the patch apply to install any patches that are available. And so that's a tremendously useful way to make sure that you don't have devices that lag behind, that aren't getting patched, which is only going to increase the number of CVEs you see on the device.
It's only going to make them more vulnerable. So this is a great way to automate that. Yeah. And it's great to have, you know, it's one thing to have the information,
but if you have the information, you can't do anything about it. You know, what's the point, right? So having these policies and these automations where you can, you know, do things based on certain criteria is super, super handy in a lot of those cases. So really, really need to see kind of like a policy engine behind all this that can kind of work when you're sleeping kind of thing. Exactly. And we can see here that the actual patching settings are controlled right here. And so right now the schedule is set to none.
It's only running whenever it's manually executed. You could run that every day. You could run it every week. You could run it every month.
You could do something in relation to, let's say, the second patch Tuesday or say the second Tuesday of the month, which would traditionally be patched Tuesday, maybe we want to go ahead and do a five day deferment. We're not going to actually run the scan schedule until five days after patched Tuesday in case there are any problems that we hear about. And a really nice aspect of that is being able to also automatically approve patches. I know I'm an overly cautious this happened,
but definitely can go ahead and do a time delay here to give yourself a bit of a grace period so that if there are bad patches out there, that you have a little bit of time to hear about it potentially through that patch intelligence feature I mentioned earlier and then go ahead and reject that patch in our 9.0 release that we've got coming out starting in May and going into June, you're actually going to be able to take the results of the patch intelligence AI feature and you're going to be able to control patching with that automatically. So rather than being something as it exists today, which gives insight to the technician to let them make the decision, you're actually going to be able to automate that entirely so that based off of the results of patch intelligence AI, when the sentiment turns negative on a patch, we'll be able to go ahead and automatically take that out of the hopper and say, hey, no, technician needs to look at this. We need to wait. This patch is ultimately likely to cause more problems than it ultimately solves. So that's another exciting feature that we've got coming out in our next release here in a couple of months. Yeah, that's awesome. There's nothing worse than being an IT guy and like
rolling out a bad patch that breaks printing or it causes issues with word or email or something that disrupts the user's workflow and they're like, what did IT do? And they're all mad. It's like, you're just trying to do the right thing, but there's nothing worse than rolling out a bad patch. There really isn't. I think we've all been on the wrong end of that at some point or another, and it's been a bad day or maybe a bad couple of days, a couple of weeks in some particular cases. So yeah, anything we can do to avoid that is good. And that's kind of been our approach to AI is we want something that is going to provide guardrails and really prevent you from making critical mistakes.
Just due to the absolute power of an endpoint management platform. There's so much you can do here. This thing is so powerful. Being cautious with it is, I think, a very good idea. Yeah, and it's the augmentation aspects of it. I think that that you mentioned that are really key is like AI is incredible, can do amazing things. And especially when you augment the processes or the workflow or the information that you can gather to present to an analyst to make that decision or an IT admin to make that decision.
Absolutely. One last thing I wanted to show here, just a different way to automate is using our device search group here. And so what we can do in this particular menu is create a filter or filters that look at certain devices that meet common criteria. And so right here, a good one might be that we have certain vulnerabilities detected.
There we go. So down here, we can say, Hey, if there's a certain severity here, maybe a high or a critical vulnerability has been detected, we can see these four devices have that. We actually have the option here to go ahead and create a group that saves these filters. And this group is dynamic. So it's always going to show you devices that in this case have high or critical vulnerabilities. So let's go and say, have high or critical volts. There we go. And so I can go ahead and save that.
And so this is great to load up and look at. But again, going back to my earlier point, how do you actually take action on this? And so what's really nice about the device search groups is that you can apply automations to run across the devices in those groups. So essentially anything you want to automate, you can take all of the vast array of filters that we have here at the device search menu and you are able to create a dynamic group that looks at devices that meet whatever the criteria are, and you can then go ahead and run an automation across them. And so in our particular case here, we've got devices that have vulnerabilities detected. Let's go ahead and run patching. And so we can go and create a task here.
We can go ahead and say this is our vulnerability task. We can add in that automation that we saw earlier to perform patching. And so right here we'll say this is an OS patch apply right there. But you'll also see that we have the other operating systems inside there. So we have Mac right there, and then we also have Linux.
And so if we wanted to, we could actually run this cross platform across all of our devices. It just cares that there's a vulnerability detected. It doesn't necessarily care about the operating system. And so in this case, I can run this across my targets over here.
And I wouldn't run across an organization. I wouldn't run across a static list of devices. I would make Ninja do the heavy lifting of identifying what devices need to run this automation based off of the filters that you added in that group. And so here I can say devices that have a higher critical vulnerability. Let's go ahead and try to patch. Maybe I do this every hour.
Maybe I do this every two hours entirely up to whatever your cadence is. But this is a great way to automate a lot of things, including running patching as a result of devices having detected vulnerabilities. Yeah. And what's nice is, you know, there might be VIPs or there might be users in your environment that are a little bit more sensitive to patching. Right.
Maybe they, they can't have as much downtime or disruption in the environment. You can create based on this, like you create based on the filters, you know, groups or tiers of, uh, you know, patch deployment, which is something that is really common, right? You want to deploy to like a small subset of machines. First deploy all those patches, make sure nothing breaks, deploy them.
And then, you know, stagger it out wider and wider and wider. Um, so that's where the filters looks like it makes it really nice to be able to just, you know, pick the systems that you want in like your, your ring zero to be able to like the guinea pig test machines. And if they break, you know, it's okay. And, and then slowly deploy it out, uh, you know, more organization wide.
Absolutely. You know, you can see that we can take combinations of these filters. So for example, maybe only devices that have a certain tag that's been assigned. And so maybe if I've assigned somebody, the executive tag, all right, they're going to be a part of this particular group that's going to patch. Uh, you could also take in other factors into account. So these are devices that have higher critical vulnerabilities.
Maybe I want to find out when there also hasn't been a patch scan in a certain number of days. So vulnerabilities tied with the fact that you have devices that have gone, let's say 30 days, let a patch scan that could also represent issues there. Uh, again, another great way to go ahead and automate the execution of patching based off of a device, not having a scan and X number of days. Uh, so really, really handy to be able to, uh, use this device group to create just an incredible amount of automations. We're obviously focused on vulnerabilities and patching here today.
Uh, but really anything you want to automate, you can do using these groups here. Uh, one of my favorites is custom fields, which are exactly what they sound like. They are data fields that you can fill with your own data, whether that's manually, whether you're automatically populating it from the results of a script. Uh, whether you're using the API to populate it.
And so that just gives you a tremendous amount of, of, uh, criteria to, to base your automations off of, you're not limited to whatever's in this list. You can populate this with, uh, the custom fields with data from your own manual source, from a third party source, in addition to what's being automatically collected by a script. And so you have a, just a tremendous amount of potential queryable information to base your decisions for automations off of from this particular menu here. Yeah.
The flexibility and kind of like the, uh, the malleability of the tags and the filters and things like that in conjunction with the policies. Makes it really nice to kind of like fine tune it, you know, based on your needs and criteria and what you're looking to do. Um, so super neat, really, really, really cool.
Anything else, Jeff, that you wanted to show us, talk through anything we missed? Not that I can think of. So is this, uh, depending on, uh, when this goes live, is this something that people have access to now or when is this going to be kind of available? And then second part of that is like, how do people, you know, learn more about this and what do they do for that? Yeah, everything that we've shown here today, everybody should have access to this today if you have a ninja one account. Uh, so yeah, this is something that everyone would have the ability to access. Everyone would have the ability to use. Uh, so yeah, that's, uh, definitely something I would encourage everybody to check out. Uh, if you are interested in more, please go to ninja one.com.
Uh, somebody would be very happy to have a more in-depth conversation with you. Talk about this, uh, as well as any of your other endpoint management needs. Well, that was super cool. Um, this is the second time I've seen the ninja one platform and I'm just really impressed by the policies and the filters and stuff like that.
It's something that I thought, you know, I was thinking through this. It's, it's a, it's a platform. It's a system that I wish I had when I was doing sysadmin work, um, in a very much, uh, I say that very authentically, not because, you know, we're doing this video, but I generally mean that, but, uh, Jeff, thank you for, uh, coming on, having a little discussion with us, showing us the platform, uh, really appreciate you coming on. And of course the ninja one, uh, super cool. Super thank you to, to them as well. So Jeff, thank you very much.
Thank you for having me. It's been a great time. Awesome. Thanks for ready.
We will see you next time. Take care.
2025-05-02 02:09
