Customer Story

From 60% to 98% in a Week: How Automox Closed the Last Mile of Endpoint Coverage with Amplifier

From 60% to 98% in a Week: How Automox Closed the Last Mile of Endpoint Coverage with Amplifier

From 60% to 98% in a Week: How Automox Closed the Last Mile of Endpoint Coverage with Amplifier

How Automox connected endpoint management to human engagement — driving verified remediation faster, without IT as the bottleneck.

How Automox connected endpoint management to human engagement — driving verified remediation faster, without IT as the bottleneck.

Customer

Automox

Industry

IT operations and endpoint management

Use cases

Autonomous human risk mitigation, security tooling coverage, and vulnerability remediation

Results at a glance

Results at a glance

98%

98%

Security tooling coverage — up from 60% in seven days.

3 clicks

3 clicks

CAASM-grade asset and identity mapping live in clicks, not months.

1 Worklet

1 Worklet

A SOAR workflow that took weeks to build and never ran cleanly — replaced with an Automox Worklet driven by Amplifier.

Faster MTTR

Faster MTTR

Faster
MTTR

On patch and configuration drift, without breaking user productivity.

The customer

Running it daily on their own fleet

Running it daily on their own fleet

Automox builds the IT automation platform thousands of teams use to patch, configure, and harden endpoints at scale. So when Automox’s own security and IT team talks about endpoint risk, they’re not theorizing — they’re running it daily on their own fleet.

Jason Kikta, Automox’s CISO and CTO, came up through U.S. Cyber Command and has spent his career thinking about how attackers actually win. Ryan Braunstein, Senior Manager of IT and Security, owns the part most security teams quietly dread: the last mile — the conversation between detecting issues and getting them fixed on someone’s laptop without blowing up their workday.

Both wanted the same thing: tighter coverage, shorter MTTR, and a way to involve employees in security instead of working around them.

The challenge

Three questions, no clean answer

Three questions, no clean answer

Automox had the patching engine. What they didn’t have was a clean way to answer three questions across every tool in the stack:

  • Which users and devices are actually at risk right now?

  • Why?

  • How do we fix it without making people hate us?

The data lived everywhere. CrowdStrike EDR, Code42 DLP, identity, MDM, vulnerability scans, phishing test results, and patch state. Each tool told part of the story. None of them stitched a user’s full risk picture together.

Shadow IT is a known problem, but shadow permissions and fragmented identity data are the same problem with a worse blast radius.

Shadow IT is a known problem, but shadow permissions and fragmented identity data are the same problem with a worse blast radius.

The riskiest users weren’t always who you’d guess. A BDR failing a phishing test isn’t great. An engineer with admin access who hasn’t patched in six months and runs commands that should require approval is a different conversation entirely. Without a way to combine those signals, the worst combinations stayed invisible — and they were sitting at 60% DLP coverage. That’s a number you don’t want on a board slide.

Then there’s the AI threat curve. AI-powered attacks compress the window between vulnerability disclosure and exploitation, including for the medium-severity bugs that used to require enough manual work to deprioritize. SLAs that used to run in weeks now need to run in days or hours. You can’t get there if every patch cycle creates a productivity fight with end users.

The solution

A system of record for human risk

A system of record for human risk

Amplifier sits across Automox’s security and IT stack as the system of record for human risk. It pulls signals from every connected tool, maps them to individual users and devices through a unified data graph, and turns the result into action that either runs automatically or runs through a conversation with the user.

Amplifier identified every device missing the DLP agent registration, pulled the user’s email from the human risk graph, built a contextual Automox Worklet, deployed it to the device, and brought the employee into the loop by engaging them in Slack. No SOAR plumbing. No tickets. No spreadsheet of stragglers.

Ampy · AI Security Engineer

Hey Jordan, quick one: Chrome on your MacBook is two versions behind, and the newest vulnerability is already being exploited. The fix takes about 90 seconds.

Fix it now

Schedule for later

✓ Patched via Automox Worklet · 3:31 PM

Amplifier flags an actively exploited vulnerability, schedules around the user’s demo, and patches via an Automox Worklet. No ticket or manual chasing required.

Vulnerability response runs the same play. When Amplifier detects a vulnerability, it engages the affected user in Slack, answers questions, and gives them a one-click button to fix it now or schedule it. The click triggers an Automox Worklet — the result: vulnerability SLAs that compress from weeks to days without forcing patches at inconvenient moments.

The same human risk graph that powers the automation powers the dashboards leadership sees. Risk rolled up by department. Privileged users at a glance. The kind of view that turns a security review into a competitive moment between department heads who’d rather not show up at the bottom of the board slide.

Companion Webcast

See the Automox + Amplifier workflow live

See the Automox + Amplifier workflow live

Watch the teams walk through how endpoint management and human engagement come together — turning detections into verified remediation without IT as the bottleneck.

In their words

“I’d tried plenty of CAASM tools to bring in new data. Amplifier comes pre-configured and automatically maps assets to users. Because it was endpoint and user centric, it was great out of the box. We were at 60% DLP coverage. Within a week we were at 98%. That’s insane.”

“I’d tried plenty of CAASM tools to bring in new data. Amplifier comes pre-configured and automatically maps assets to users. Because it was endpoint and user centric, it was great out of the box. We were at 60% DLP coverage. Within a week we were at 98%. That’s insane.”

Ryan Braunstein — Senior Manager of IT and Security, Automox

“AI lets you do personalized, contextualized, one-on-one intervention with employees, but at scale. If you can have a conversation with end users, understand their intent, and feed that signal back into automation, that’s super powerful.”

“AI lets you do personalized, contextualized, one-on-one intervention with employees, but at scale. If you can have a conversation with end users, understand their intent, and feed that signal back into automation, that’s super powerful.”

Jason Kikta — CISO and CTO, Automox

“We could amplify the effectiveness of any tool — whether it’s Automox, a SIEM, or anything else. People say they don’t want to talk to people, but I think users would rather you talk to them before removing an application they’re using than just remove it.”

“We could amplify the effectiveness of any tool — whether it’s Automox, a SIEM, or anything else. People say they don’t want to talk to people, but I think users would rather you talk to them before removing an application they’re using than just remove it.”

Thomas Donnelly — CTO and co-founder, Amplifier Security

Why it works

AI for the conversation, automation for the execution

AI for the conversation, automation for the execution

Automation alone breaks productivity because it lacks context. Pure human-driven security breaks at scale. Amplifier sits in the middle: AI for the conversation and context, automation for the execution, and a single graph that makes both make sense. For a team like Automox, that combination turned the last mile from a recurring fire drill into a measurable, repeatable process.

Security tooling coverage: 60% to 98% in a week — work SOAR couldn’t ship, run end to end in seven days.

Setup measured in clicks, not quarters. Accurate user-device mapping out of the box, no dedicated normalization team.

Faster decisions, more time for users. Same risk tolerance, less productivity friction, better adherence.

Two-way communication that works. A human firewall, not a human risk problem — employees as sensors and partners.

See what Amplifier could do for your fleet

See what Amplifier could do for your fleet

See what Amplifier could do for your fleet

If your security team is sitting on coverage gaps, drift, or a SOAR backlog that never quite ships, the same playbook is available to you.

If your security team is sitting on coverage gaps, drift, or a SOAR backlog that never quite ships, the same playbook is available to you.