Vulnerability management has long been a fragmented process for IT teams. You get alerts about CVEs affecting your devices, but then what? For most organizations, the journey from detection to remediation involves multiple tools, manual processes, and precious time - often stretching remediation timelines from hours to weeks.
In our recent Demo Day, Staff Product Manager Matt Day and Global Director of Solutions Maz Kahale explored Kandji’s answer to this challenge: Kandji Vulnerability Response. This new capability transforms how teams handle vulnerabilities across Apple devices by automating the remediation process through a single, unified platform.
From Detection to Action: The Evolution of Vulnerability Management
When Kandji launched Kandji Vulnerability Management in February, we started with comprehensive detection for applications and macOS vulnerabilities. The feedback was positive, but we knew detection was only half the equation.
Since then, we’ve steadily expanded capabilities:
- Added risk acceptance options for organizations to document when they’re comfortable accepting certain vulnerabilities,
- Implemented S3 support to push detection events to your SIEM provider of choice,
- Closed the loop between finding vulnerabilities and fixing them with Kandji Vulnerability Response
What makes Kandji Vulnerability Response different? It’s not just another dashboard showing you what’s wrong. It’s an actionable system that automatically remediates vulnerabilities based on severity levels you define.
.png?width=3066&height=1858&name=image%20(4).png)
The Problem with Traditional Vulnerability Management
Before diving into how Kandji Vulnerability Response works, let’s acknowledge why traditional approaches fall short:
Too much visibility, not enough action. Most solutions excel at showing you detections but leave you to figure out remediation on your own.
Tool bloat. Organizations typically need separate tools for detection and patching, requiring multiple agents and fragmented workflows.
Not Apple-native. Many vulnerability solutions weren’t built with Apple devices in mind, creating friction in predominantly Mac environments.
Manual, error-prone processes. With fragmented tooling comes manual work—and where there’s manual work, there’s room for error.
The result? Extended remediation timelines that put organizations at risk and make compliance a constant challenge.
Kandji’s Approach: Unified Detection and Response
Kandji Vulnerability Response addresses these challenges through three key principles:
- Closing the gap between detection and remediation,
- Simplifying implementation with an intuitive interface,
- Keeping end users in mind with flexible deployment options
The implementation is elegantly simple: Kandji Vulnerability Response is a new library item that leverages Kandji’s Auto Apps catalog (220+ applications and growing) to automatically update vulnerable software based on your defined policies.
How Kandji Vulnerability Response Works
- The Kandji agent installs immediately and takes over authentication
- The user is directed to the Passport login window after enrollment
- The user enters their identity provider credentials
- Passport validates the credentials and creates a new local account
- The user is logged in and ready to work
Setting up automated remediation takes just minutes. Here’s how it works:
1. Navigate to Library and add the Kandji Vulnerability Response item.
.png?width=2082&height=2734&name=image%20(2).png)
2. Configure severity-based remediation policies:
- Critical vulnerabilities can be remediated immediately upon detection,
- High-severity issues might be addressed within days,
Medium- and low-severity vulnerabilities can be scheduled further out..png?width=2390&height=1970&name=image%20(3).png)
3. Set your preferred remediation time based on local time zones to minimize disruption.
4. Add exceptions for specific applications that require special handling.
What’s particularly powerful is that you don’t need to have these applications already deployed through Auto Apps. The system will handle version enforcement automatically based on your response settings.
Real-World Benefits
Kandji Vulnerability Response delivers tangible advantages for IT teams:
- Compliance readiness. Meet SOC 2, ISO 27001, and NIST requirements with confidence by dramatically reducing time-to-remediation from weeks to hours.
- Reduced administrative overhead. Stop spending time manually triaging vulnerabilities and deploying patches. The automated approach frees you to focus on strategic initiatives.
- Unified visibility. Track remediation progress across your fleet with a consolidated dashboard showing the percentage of devices remediated for each CVE.
- Flexible control. Set different policies based on severity, create exceptions for specific applications, and schedule updates during off-hours to respect user workflows.
The Unified Dashboard Experience
The Kandji Vulnerability Management interface provides a comprehensive view of your security posture. From the main dashboard, you can:
- Filter vulnerabilities by detection date, application, OS type, or severity,
- View remediation status across your fleet,
- Drill into specific CVEs for detailed information,
- Access the National Vulnerability Database for additional context,
- See which devices and blueprints are affected,
- Track when vulnerabilities were first published and any modifications
This visibility, combined with automated remediation capabilities, creates a seamless workflow from detection to resolution.
Looking Ahead
Kandji Vulnerability Response represents a significant step forward in Kandji’s security capabilities, but it’s just one part of our broader commitment to simplifying device management and security for Apple-first environments.
By unifying detection and remediation in a single platform with a single agent, we’re helping organizations not only identify vulnerabilities faster but actually fix them.
The result? A stronger compliance posture, reduced administrative overhead, and more time for the strategic work that matters.
Demo Day Q&A: Audience Questions and Answers
Q: How does Kandji handle a CVE that does not have an Auto App?
For CVEs tied to apps not in the Auto Apps catalog, administrators can rely on custom applications to manage and remediate vulnerabilities. Additionally, feature requests to add apps to Auto Apps can be submitted via the resources section of your Kandji instance.
Q: Do you have plans to update apps which are not in the Applications folder?
Kandji currently manages updates for apps in the Applications folder, which is the standard directory for macOS apps. Expanding beyond this is under consideration based on user feedback.
Q: What user notification options are available when you select auto-resolve vulnerabilities?
End users will receive the same notification system as Auto Apps, including countdown messages prior to updates, ensuring transparency and minimal disruption.
Q: How are alerts sent for vulnerabilities and threats to an admin who may not be logged into Kandji when something happens?
Alerts can be pushed through integrations like the audit API or via SIEM tools, ensuring admins stay informed even when not logged in.
Q: Any integrations with patching tools like Autobox?We don't have any direct integrations with Autobox, but some customers have used and deployed Autobox through Kandji to take action using their backend.
Q: At what rate does the system connect to NIST to pull the latest CVEs?
Kandji pulls data from the National Vulnerability Database (NVD) on an hourly basis and runs hourly scans across your fleet. This ensures detection is current and competitive, helping teams remediate high-severity CVEs well within common compliance timelines.
Ready to strengthen your security posture?
Explore the Kandji Vulnerability Management suite and see how Kandji Vulnerability Response can fit into your comprehensive security strategy. Register for a demo here.