The problem with traditional automated patch management

Automated patching is not new. On paper, automated patching tools might sound like the answer to all your problems, but in practice, teams are reluctant to implement them because traditional patching tools don’t offer visibility into the process, which means that engineers are uncertain as to what exactly is being changed on the system. If an update ‘breaks’ a system, there is no easy way to quickly revert to a previous state. Even though these are real concerns, this doesn’t mean that we should ditch automated patching entirely - let’s face it, it’s the only way we’re going to be faster than the attackers. That is why we’re excited to introduce our new agentic vulnerability patching that overcomes these challenges and finally makes automated patching something that platform engineers are excited about and actually want to deploy.

Mondoo agentic vulnerability patching

So what exactly is Mondoo’s agentic vulnerability patching? With this new feature, Mondoo’s remediation agent can automatically generate a pull request in GitHub to remediate the vulnerability using Ansible code. A platform engineer can review the code and approve it with one click. If Mondoo has fixed a vulnerability that then reoccurs, Mondoo can automatically apply the remediation without requiring any human interaction.

With this approach, we’re leveraging two tried and tested open source systems that are already used by many teams all across the globe - Ansible and GitOps. We then combine these with Mondoo and Agentic AI technology to create a fully transparent automated system where platform engineers actually see the remediation code before it’s deployed, and know exactly what it will do.

Whereas traditional automated patching systems are proprietary systems that engineers need to blindly trust, at Mondoo we use existing, trusted, and transparent technology so engineers can see the process with their own eyes. 

What is Ansible?

Ansible is a popular open source IT automation tool that can configure systems, deploy software, and orchestrate advanced workflows to support application deployment, system updates, and more. Its human-readable language is easy to understand and requires minimal training.

Ansible is a great tool for vulnerability remediation because it allows security teams to quickly and consistently apply fixes across large, distributed environments. Its agentless architecture means there’s no need to install extra software on target systems, reducing overhead and potential attack surfaces. With its declarative YAML playbooks, teams can automate patch deployment, configuration changes, and security hardening in a repeatable, auditable way.

Even if you’ve never used Ansible, it’s easy to learn, especially if you have experience with administering Linux or Unix. To use Mondoo’s Ansible patching, you don’t actually need to know Ansible, because Mondoo will write the remediation code for you. In addition, Mondoo diligently tests all remediation code before it is used by the Mondoo remediation agent, so there is no danger of ‘AI hallucinations’.

What is GitOps?

GitOps is a set of practices for managing infrastructure and application configuration using Git as a central control system. It leverages Git's version control capabilities and integrates with CI/CD pipelines to automate deployments and ensure consistency. In short, GitOps treats infrastructure and applications as code, stored and managed in Git repositories, and uses automation to reconcile the desired state with the actual state of the system. 

This process is highly effective for vulnerability remediation because it ensures that security fixes are applied in a controlled, auditable, and automated manner. By managing infrastructure and application configurations through version-controlled repositories, every remediation step is tracked and can be rolled back if needed.

What if I don’t use Ansible or a GitOps process?

Mondoo doesn’t require you to have existing expertise in Ansible, and doesn’t require you to have a GitOps process or CI/CD pipeline in place. The neat thing is that Mondoo handles all the GitOps setup and writes and tests all the Ansible code for you.

So how does Mondoo automated patching work?

The process can be explained in five simple steps:

1. Mondoo detects a vulnerability and displays this in the findings.
2. The security engineer selects ‘Fix Findings’ in Mondoo. This can be selected for one asset or multiple assets.
3. The Mondoo AI Agent creates the GitHub pull request with the Ansible remediation code.

4. The platform engineer reviews and approves the patch. The CI/CD pipeline deploys the patch and the issue is fixed. If necessary, any applied fixes can be rolled back.
5. If a vulnerability reoccurs that was previously fixed on the system, Mondoo can reapply the fix without requiring any human approval.

In the video below, we show you a live demonstration of how we patch a vulnerability on an asset using agentic vulnerability patching. When the vulnerability reoccurs, Mondoo patches it autonomously.

Conclusion

With many attackers leveraging AI to automate attacks, it’s imperative that defenders deploy remediation automation to reduce the remediation gap. Acknowledging that real challenges exist with traditional automated patch management, it’s time for a new type of automated patching; one that is transparent, scalable and controllable. Schedule a demo to see how Mondoo can dramatically accelerate your remediation speed so you can stay ahead of attackers.

About Mondoo

Mondoo is an agentic vulnerability management platform that identifies, prioritizes, and addresses vulnerabilities and policy violations in your entire IT infrastructure from a single interface, covering on-prem, cloud, SaaS, endpoints, and the SDLC. Unlike siloed approaches that require you to continually switch consoles, Mondoo unifies findings in a single platform, surfacing the most critical risks across your entire environment so you can effectively optimize security efforts.