Patch Management Made Easy with Action1 (EP 800)

[Uncle Marv] (0:22 - 2:19)
Hello friends, Uncle Marv here with a special edition of the IT Business Podcast presented by NetAlly. And this show is a little bit different because I want to talk about a product that I ran into in the middle of last year. So around July of 2024, I came across this patching program, and I really wasn't going to talk about it, wasn't going to say much.

It didn't appear to be on the MSP approved list of things that we should use. So I thought, let me play around with it and see what it does. And one of the reasons that it got my attention is that they were offering 100 free endpoints that you could install and use with no limits, fully functional.

And I said, all right, I'll put this on the customers and see what it is. The product that I'm talking about is Action1. They are a leading provider of risk-based patch management and autonomous endpoint management.

And interestingly enough, this was founded by a couple of guys that worked at a company that I have talked about before, Netwrix. And so they use this platform and it has been fantastic. I loved it.

I talked about it probably three weeks ago, maybe a month ago, I mentioned it. And somebody from Action1 actually paid attention and said, thanks for mentioning it on the show. And I said, well, now that we've gotten that out of the way, let's get you guys on the show.

So today I have with me Mike Walters, one of the founders and president of Action1. So he is going to come and explain in a little bit better offer what I just said. So Mike, welcome to the show.

[Mike Walters] (2:20 - 2:24)
Hey, Uncle Marv, glad to be here. Thanks for having me. Well, thank you.

[Uncle Marv] (2:25 - 2:42)
Yes. So let's just quickly get out of the way. This is a product that it came onto the scene, patch management, 100 endpoints free.

That seemed like a pretty bold move, didn't it?

[Mike Walters] (2:45 - 3:39)
Well, first of all, it's no longer 100, it's 200 now. We're up that number. And one thing that a lot of people think there's a catch, there's some strings attached to it.

No, it is actually a fully functional product. That's the most important thing I should say. No functional limits other than the limit on the number of endpoints you use.

You can patch, you can manage at points, you can have real time dashboards, everything is included. And even if you have more, you still get the credit for the first 200. So you have 300, you get the first 200 free and you only pay for the excess 100 on top of that.

If you're a large enterprise with 50,000 endpoints, well, it's a little credit, but you still get that. It's a fair deal.

[Uncle Marv] (3:40 - 4:07)
Right. So that's what drew me in. And I wanted to see how it compared with my existing patch management, which to be honest, is kind of a combination of the built-in Microsoft.

I also have an RMM that I do patching with and it's all right. It's a little cumbersome at times, but it does the job. And I thought this seems interesting.

So let's talk about the story of how Action 1 got started.

[Mike Walters] (4:09 - 6:19)
So just like, I think I'll piggyback on what you just said. So you have an RMM, it has patching, it works all right. And this is the story we heard so many times.

It's kind of a checkbox. So many vendors use this, okay, so we have to get patching out of the way, be done with that, move on to do something more wonderful, something more exciting, right? Because I love doing patching, said no one ever.

And we figured, well, but if you start looking at all those products, yeah, they do patching, they claim to do patching, but no one does it well. And we just said, well, you know what? Why don't we just start focusing on just patching relentlessly?

And this relentless focus is what brought us a lot of success because initially it was like, oh, like, why limiting? Like, there's so many things you can do in the endpoint space, right? But then we realized that patching is something that a lot of our customers just want, well, guys, just make it work.

And this is what we did. We just created a patching solution that just works. And behind that, there's a lot of aspects, right?

Easier said than done, but when you talk about it, can I patch my, there's Patch Tuesday, there's third-party application patching, there's so many different applications, there's no common standard for downloading those patches because it's all over the place, right? There's no cadence, there's no metadata that's available that's uniform, right? And we just got together and said, okay, let's do it.

So we have behind the scenes, we have a team of almost, I think currently it's 15 people dedicated just to patch engineering, just to get an idea of the scale of what it takes to make patching that just works.

[Uncle Marv] (6:19 - 6:23)
Right. Now, I mentioned that you were previously at Netwrix.

[Mike Walters] (6:24 - 6:24)
Yeah.

[Uncle Marv] (6:24 - 6:35)
And I used a couple of their products. Was this something that you saw at Netwrix decided, you know what, I'm going to go start my own little thing over here. Is that how that started or what was the transition?

[Mike Walters] (6:36 - 11:35)
Well, the full story is I was a co-founder of that company as well. So you probably didn't just work there. I co-founded, I even came up with the name.

It's a weird name. Everybody asked me, what is Netwrix? I was like, well, it's a networks, but twisted, right?

So networks.com was already taken at that time, as you can imagine. So like, yeah, let's create something that's unique, there's a quick domain. Well, the thing is, it was a mistake to name it that way because it's extremely difficult to spell.

Like when you call someone and it's like, I'm from Netwrix, like what? Networks? No, Netwrix, N-E-T-W-R-I-X.

So when this time around was like, no, let's name it at a very, very simple one, Action1, like I can't misspell that, right? But I think so what, well, that was a great run. So great thing about Netwrix is it was, we, it's the same co-founders, me and Alex Voth.

So we started that company back in 2006, as far back as 2006. No investor money, nothing, not even our money. Like it was pretty much an incremental work, just putting some sweat equity in how they call it.

Both of us are engineers, love coding, love technology. And we spent, both of us spend previous, I think I spent close to nine years at Quest Software. So that company that, Windows management, very established vendor, still around, very successful.

But it was like, let's do, let's create something. And I honestly, I never believe that we could take it to that level. So right now it's a multi-billion dollar company.

We exited it back in 2018. We just figured, oh, well, it's getting, it was getting too big. And we, both of us just love building new companies.

And at some point, look, I think we had over 500 employees at that time. And what I really enjoy in startup companies is, you know, everyone like, I don't know, every single one of your people, they are, well, I wouldn't use the word friend, but they're as close to that as you can, because you depend on them. Like everyone contributes to the success.

And with 500 people, like you don't remember their names anymore. Someone shakes your hand in the hallway. It was like, oh, who is that?

Do they work for Netwrix? Yeah, they do. Okay.

That's our new senior developer. It's like, oh, a senior developer. And I don't know his name yet.

Like, that's not good. So we went on to 2018, left that company. We had a very successful exit.

A private equity firm bought it. But we got all the, all to ourselves. We had no investors, no one to share the money with.

It's like, all right, let's build something really cool, something new from the ground up, with pretty much endless runway. So we committed $20 million to creation of this company. So far, we've only used less than four, because it became profitable so quickly.

It became profitable unimaginably quickly. And people still ask, okay, but you give away 200 endpoints. How do you guys make money?

Well, we are heavily enterprise oriented. So we created a product that can scale up to, we have customers who have over 100,000 endpoints, like one customer, I think they're 120,000. But we just figured, some companies like, there's big companies like Tanium.

They say, oh, we don't even want to talk to you if you have less than, some people say 500 endpoints, some say 2000 endpoints. But we said, okay, well, we probably are not going to make money on those. But why can't we just provide it?

I mean, for the common good? Why not offer this? The economy of scale allows us to do that.

We're not going to break the bank on doing this. And for the common good, and also, people spread the word, like you started using that product. I mean, we got some attention to it.

And people also changed their jobs. So with one today, you work for a small company or run your smaller business, but then you grow or you get a job at a large corporation, which has 50,000 endpoints. And we want you to love action one and bring it over with us.

And we have, what's wonderful is we have customers doing that all the time. This is the most wonderful customer is a repeat customer, moved over to a different company and brings us with us.

[Uncle Marv] (11:36 - 12:15)
Well, when you find something that works, you take it everywhere. And that's just really the way it goes. Now your product.

So let's kind of dig deep a little bit because it's not just patch management, the way most of us understand. And most of us think of patching is what we do with our Windows systems. But you guys added the third party patching, which we would use, you know, nine night or chocolatey to bring in those third party stuff.

And then you also started doing vulnerability patching as well. So let's talk about the mindset to add all of those and talking about why is patching so important?

[Mike Walters] (12:16 - 16:27)
I think so. To put it simply, we just figured why can't like the long term vision, we want to become a go to patching vendor for and patch everything under the sun. Because there's, I mean, there's literally there's so many different types of devices.

The predominantly Windows is still very predominant, but there's the Mac OS, there's the Linux, there's mobile applications, network devices, and all of all of this needs patching. I mean, it's I think someone what's his name, Mikko Hippinen, the guy from app secure, he said, if, if the device is smart, it's vulnerable. That's a really cool thing.

Like pretty much anything that runs software needs patching sooner or later, no matter how well it's designed. And most of those devices are not well designed. I mean, if you talk about medical devices, for example, that's like, they're impossibly insecure.

It's just crazy. But anyway, we started with something that's Windows has become very common, very predominant. There's patched usually once a month, there's a big rollout by Microsoft.

But, but those are easy. This most patching vendors do that, because there's a well documented API that Microsoft provides, there's, there's no magic behind it's just, just need to write proper code, there's code samples available, easy. And this is what most vendors do.

Most RMMs have it covered, to some extent, there's some aspects to that as well. There's not, it doesn't really work well enough. I mean, sometimes I get a few, like Microsoft, Microsoft has their own special API they use for things like Intune or SCCM, and they provide a bad API for everybody else to use.

So we have to work around that too. But the biggest pain, the most difficult thing is the third party application patching, because there's, there's so diverse, there's, there's no common way of just, oh, if I want to patch all of my Adobe, Zoom, and any other applications that use tools, there's no, there's no way you get, there's no, well, there's tools like Nine-Eyed and public repositories, Chocolatey or Winget. And people use that too, but it's, they have, they have their own challenges.

I think the biggest one is just because they're community maintained, they're based on contributions of the community, there are risks associated with those, because like that, what is that, x, zx, utils compromise that somebody befriended a contributor and started putting malware in that code. I mean, it could happen to those public, because you have, those are great people contributing to this, but how can you make sure they all have, you know, some basic hygiene, cybersecurity hygiene practices like MFA, or are they actually, are you doing background checks on those? We do background checks on all of our employees because we're SOC 2 compliant, ISO 27001 compliant, we have to do this.

And it's a, it's a group controlled group of people who only have access to that. And we have processes around that. So we were super, super, we pay a lot of, we put a lot of thought into making it highly secure.

And, and it's difficult. I mean, it's tough, because every time a new version comes out, there's always something that they break, or like, oh, they no longer uninstalls with the same command line switches. Or it breaks the print, like if there's a certain previous version installed, there's, oh, you have to delete a certain file to install on top of that.

And yeah, how can you do that? Like, I mean, why can't you make it admin friendly? Yeah, so we put a lot of the logic, like in every release of what we put in what we call software repository, which is the patch and deploy software, right?

[Uncle Marv] (16:28 - 17:15)
So I mean, of all the features that we talked about with Action One, so not only can you see all of your organizations under one platform, you guys put together a little dashboard, you can see which endpoints are patched, you can see which patches are missing. You've made it to where you can see how long patches are overdue and things of that nature. So it seems like a pretty robust dashboard that, you know, myself, you know, as a solution provider, I can just bring all of my clients under it, and make it multi tenant in a sense.

Now, was that the intent from the beginning to work with, you know, multi tenancy and to make it, you know, you know, desirable by managed service providers?

[Mike Walters] (17:17 - 18:05)
Yes, because I think back, back in the Netwrix days, it was it was not multi tenant, it was not cloud based, it was like things were, well, at that time was designed, pretty much we created overnight, two nights, I should say, and started selling, like there was no time for thinking. This time, we would put a lot of like, we created a fundamental design to make it super scalable and multi tenant from day one. And I think because the MSP market is, it has a huge potential that a lot a lot of companies doing managing their IT environments with MSPs and, in making it fully MSP friendly, MSP design for MSPs was, was the one of the goals for creating this product.

[Uncle Marv] (18:05 - 18:21)
All right. We've already talked about the fact that you raised the free limit from 100 to 200. I also saw recently that you established a collaboration with Rapid7 to, I guess, be their patch management solution of choice.

[Mike Walters] (18:23 - 21:46)
Yeah, well, not exactly there yet. Well, what we did, what happened, what's wonderful is wonderful things happen, sometimes happen without you knowing it, is we discovered that we have Rapid7 created an integration with Action1 without even talking to us. How's that even possible?

And I think what I I've talked to them since then, and I think, and also, there's another integration that was created without anyone talking to us from with a company called Axonius that they do. Basically, they scan for different identities, like, you know, there's where your user accounts are created, situated. But anyway, so they also created an integration without talking to us.

And I think why it happened is because we, it's so easy to sign up for Action1. You just go in, go to Action1.com, create an account, no questions asked. You don't get a phone call from a sales person.

And the API is there. It's also included. I know some companies limit API access to certain tiers of subscriptions.

No, we limit nothing. It's like 200 employees, everything including the API is included. And Rapid7 and Axonius, they just signed up, opened the API specification and put it together.

It's so simple. Well, now we're, you know, now we're talking now we're talking to different integrations. I can't speak about Rapid7 yet, because I'm under NDA with that.

May happen, may not, so we don't know. But the thing is, we have a lot of interest from the ecosystem, this vendor ecosystem. And naturally, vulnerability management is that natural integration at a point where with, another one is a lot of our customers are asking about is PSA, help desk systems, like Payload, PSA, ServiceNow, like the bigger customers, obviously they want ServiceNow.

And we collect all this feedback. We have our public roadmap, just you can check it out quickly. It's roadmap.action1.com, where you can vote for features and integrations with things like Tenable, ServiceNow, Qualys is on the list too. Yeah, these are natural. And we do have some basic vulnerability management features as well. They're basic, right?

So we're only talking about software vulnerability management. So we're not going to tell you if you have any open ports or misconfigurations. But we are going to tell you if you're running a vulnerable version of Google Chrome or, or Adobe, and provide you a quick way to patch that.

So it's scan and remediate in one package, which is pretty unique. I mean, there's typically, there's been VM tools and patching tools. And sometimes they talk to each other.

Sometimes they don't, but very few packages are available to combine both in one. Right.

[Uncle Marv] (21:47 - 22:29)
And actually, when you and I first chatted, getting ready for this, I talked about the idea that you guys have a bunch of reports already built in. Most of them are great. But, you know, I even asked about, can we get a report that shows that dashboard as a summary, so I can send it to a client to say, Hey, look, we've got to get updated on your patches.

So we need a maintenance window or, or something along those lines so that they can see, you know, the red, yellow, green of where they are with their patch management. So very nice because you've got a little recommendation thing where they can say compliant with SLA, no attention needed, or you're behind and all of that stuff. So very nice.

[Mike Walters] (22:31 - 23:08)
Yeah. Yeah. That's, that's one thing that more getting more analytics over patching, especially historical trending is something that a lot of our users want because they, especially MSP clients, because you, you, you have to show the proof of your, your work.

Right. So you like, why would we retain you for another year as a, as a, as our MSP? Oh, here's, here's the patching patch compliance trend.

Without us, you wouldn't be there. You, I mean, you'd be, be still vulnerable to sell so many different vulnerabilities.

[Uncle Marv] (23:08 - 23:22)
Yeah. So I know you mentioned, you got a lot of people talking to you now, you got people like me, you've got a bunch of MSPs. Do you have any new features that you already know that are coming down the road that you didn't let us know about?

[Mike Walters] (23:23 - 27:11)
I think it's a lot of, a lot of, as I mentioned before the public roadmap, it talks a lot about this. So if you want to go deep into like what's coming that's, that's the best source for everyone. And I think the biggest one we keep getting asked about is support for Linux.

There's so many mixed environments now exist where we added support for Mac about half a year ago, actually less than half a year ago, because this is what the top is, what most requested feature of all time. Like we had over 1000 votes for just that. Now Linux is close to that.

I think it already went, went over 1000 votes. This is, this is one of, one of the most exciting things that are coming in terms of cross-platform support. But there's, there's other things on, on the list other than Linux is one feature we call agent takeover prevention.

So it's more of a, it's not a functional feature per se. It's more like an infrastructural feature because the biggest fear with any cloud solutions, and if we talk about SolarWinds, Kaseya, all those bad incidents that happened in the past when a threat actors took over their cloud infrastructure, this is, this is the worst, right? The worst that can happen is a solution that you use to improve your security posture is actually uses, becomes a part of your attack surface.

And the age, the whole idea of the agent takeover prevention feature is to create a system that makes it impossible to take over the agents that run on your systems. Yeah, they might wipe out all of what we have in our cloud systems. It could happen.

It may happen, right? I mean, nobody's problem. Microsoft got, got attacked this last summer and, and with some severe consequences, their federal instance got, got taken over by, by threat actors.

But if we, what we want to do is we create a public private key based system, which like you're, you're in a console, you sign like every, everything you want to do, like say, you want to run a script on your agents or you want to patch them, deploy software, you on the client side, in the console, you, you sign it with your private key. It goes to your agents and they say, Oh, it's you, Uncle Marv, that was signed by you. We can do it.

But if someone takes over, hackers take over the action one cloud, and they may tell your agents to do something, they're going to say, no, this is unrecognized. We don't know who you are. And this is, I think, from the trust perspective, from, from the, from the security perspective, this, this is huge.

I mean, this, and, and I don't know if anyone else is working on that. I mean, this, everybody, every cloud vendor should be thinking this, this way these days, because with so many breaches happening in the news, I mean, everybody should be concerned, but we'll see how that goes. We are particularly excited about this, because this is going to make our platform so much more secure.

And other than that, there's things like we're working on some MSP enhancements. For example, what we do get asked about is the dashboard report visibility across their tenants. So currently, it's limited per tenant, like you go inside the tenant, say, Oh, here's my, here's run reports, see dashboards, see patch compliance, all of that.

But in some cases, you want to see the overall picture, right? You know, I've got 50 clients, show me how am I doing across the board?

[Uncle Marv] (27:12 - 27:42)
Yeah, right now, I gotta go in and switch between the clients to see them, which, you know, if you don't have a ton of clients, not a big deal. But if you got a lot, and you want to get an overall picture, that would be nice. Okay.

Yeah. So what's the most surprising thing that you think has happened to you guys? Because for me, it feels weird, because it seems like it's only been 18 months that you guys have kind of exploded, but I know you've been working on this for a while.

So what's been surprising?

[Mike Walters] (27:42 - 29:20)
I think what the key, the key to our success, the key to this explosion is that the decision we made back then to focus on patching, because we started as initially, we, we looked at the RMM market, in general, it was like, Oh, such a nice idea, become an RMM, a better RMM. But what we realized is, there's so many vendors already, that are already on the market. There's, I mean, you were talking about ConnectWise, Datto, Kaseya, there's many Ninja is just to name a few.

They're doing, doing it so well, but, but not patching. And we figured, well, this is a, this is if we focus just on patching and complement your RMM, it could be, it could be a really good strategy. And, and it, and it played out so well.

And we have a lot of customers, especially MSPs, who use products like Ninja, or ConnectWise, and use Action One, or Intune, also, like there, we have a lot of Intune customers, they use their RMM product for just for general management, right, you know, to do maintain their computers that do run helpdesk portals, all of that, or PSAs, some, some of them include PSAs, some of them use third party solutions, but patching was largely not done well.

It changed. Now they run Action One alongside and they're super happy.

[Uncle Marv] (29:21 - 29:45)
Yeah, that's what I do. That's what I did. I just, I just basically abandoned, for lack of a better phrase, my other patching.

And one last thing to talk about feature wise, there is the ability for Action One to fully take over the Windows management, where you can turn off the Windows scheduling and do everything through Action One.

[Mike Walters] (29:45 - 30:12)
Yeah, yeah, and we recommend it. Yeah. So we don't want your client's computers arbitrarily rebooting out of nowhere.

You want to you want to take it full under control. And with Action One, you create automation. So you can do you can tell it how much time you want to give it before they're forced to do a reboot, customize all those messages.

Yes, it becomes a fully controlled patching process with no surprises.

[Uncle Marv] (30:12 - 30:55)
All right. Mike, thank you for taking this brief time with me. Ladies and gentlemen, you can obviously go to Action1.com and that's Action in the number one. Pretty simple there. And again, to get your feet wet, 200 free endpoints that you can do what you wish. It's not just one client.

That's all 200 that you can split among clients if you want to. And I've been doing it for a year. I haven't reached my 200 limit yet, but I'm going to because I'm going to have a couple more clients I'm ready to throw on there and use the full features.

So Mike Walters, co-founder of Action One, thank you very much. Thank you.

[Mike Walters] (30:55 - 30:57)
Thanks, Uncle Marv. Thanks for having me.

[Uncle Marv] (30:58 - 31:03)
All right, folks, we'll see you soon with another episode of the IT Business Podcast. And until then, holla!