Skip to content
kandji launches vulnerability response: the missing link between detection and remediation
Blog Product Update Kandji Lau...

Kandji Launches Vulnerability Response: The Missing Link Between Detection and Remediation

Kandji Team Kandji Team
8 min read

If you've ever managed Mac computers in an enterprise, you know the drill: your security team discovers a critical vulnerability in Chrome, creates a ticket, and hands it off to IT to patch. Meanwhile, you're still chasing down users to update their apps while that vulnerability sits unpatched across your fleet. It's a frustrating cycle that leaves both teams feeling like they're always playing catch-up.


Although you can automate app updates with Kandji Auto Apps, Auto Apps update on a fixed schedule that you chose. Auto Apps are not aware of vulnerabilities in software and therefore, cannot accelerate updates when critically needed.

And patching on end-user computers requires a fine touch: you can't arbitrarily set hundreds of apps to enforce every update with minimal notice. That approach creates user friction, erodes trust between IT and employees, and often leads to users looking for workarounds to bypass your security controls.

If everything is a priority, then nothing is a priority. 

There has been no elegant way (without a team of systems engineers) to speed up patching for the few critical vulnerabilities, allow less-critical patches to wait longer, and give users a break from interruptions when updates aren’t as urgently required.

Today, that changes for Mac environments with the launch of Vulnerability Response—a new feature available as part of Kandji’s Vulnerability Management product. It will automatically patch any vulnerable app within Kandji’s 200+ Auto App catalog across your Mac computers based on CVE severity and the rules you set.

The Vulnerability Management Gap

Current vulnerability management workflows are disconnected by default. Systems are cobbled together by IT and security engineers. Security teams scan for vulnerabilities, generate reports, and create tickets for IT to address. IT teams then manually coordinate patching across different tools, update tickets, and follow up with end users. Meanwhile, security teams check back on tickets and verify that updates have actually been applied.

This disjointed approach leads to IT and security teams spending hours each week on vulnerability management—time spent on repetitive work across multiple tools. The statistics paint a concerning picture: the 2024 Data Breach Investigations Report (DBIR) by Verizon revealed that it takes around 30 days to remediate a mere 15% of critical vulnerabilities once patches are available. The report noted that 50% of vulnerabilities remained unpatched at the 55 day mark.

Reinventing Vulnerability Management Through Integration

Kandji's Vulnerability Management product already provided comprehensive vulnerability detection and reporting. Now, with Vulnerability Response, we're completing the circle by adding automated remediation directly within the same platform.

Rather than treating detection and remediation as separate processes requiring coordination between multiple teams and tools, we've created the first truly integrated solution that unifies vulnerability management with device management.

The workflow is elegantly simple:

Configure automated patching: Decide how fast you want Vulnerability Response to enforce software updates based on the severity of detected vulnerabilities.

Assign to devices: Scope your Vulnerability Response Library Item to devices using your Assignment Map.

Vulnerabilities are remediated: Software updates for any of Kandji’s Auto Apps execute automatically and at the appropriate pace.

Alongside the Vulnerability Response launch, we are also updating the vulnerabilities view, bringing remediation insights alongside vulnerability insights. This will make it easier to track progress and share results with internal and external stakeholders.

What This Means for Kandji Customers

Slash Manual Patch Management Time 

Vulnerability Response offloads much of the burden of patching on Mac by instantly scheduling updates based on vulnerability severity, freeing teams to focus on strategic work instead of reactive, manual, and let’s face it—boring—tasks.

Accelerate Time-to-Remediation 

Critical vulnerabilities can be exploited within weeks, but most companies take months to patch. With Vulnerability Response, Kandji can automatically patch critical vulnerabilities on Mac within a day.

Prioritize User Experience 

Any app patched by Vulnerability Response will benefit from the intelligence built into Auto Apps for non-disruptive updates. The Kandji Agent caches update files, updates silently when apps are closed, or notifies users in advance when action is required. This prevents "patch fatigue", loss of trust, and productivity hits.

Build Compliance Without Scaling Teams 

Compliance programs demand timely detection and remediative action for vulnerabilities, and we know that lean teams often struggle to keep up. You can now put this aspect of compliance on autopilot with Vulnerability Response. 

With Kandji, this powerful automation is just one drag-and-drop away from deployment to all Mac computers—deployed alongside all your other Library Items, helping you secure and manage your Mac devices.

Getting Started

Vulnerability Response is available now as a Library Item to all customers with Kandji Vulnerability Management. Organizations can configure it, add it to their Blueprint via an Assignment Map, and keep the majority of applications in their fleet on their latest versions.

There will be no need to individually configure any Auto App for Vulnerability Response to update it—if it’s in Kandji’s Auto Apps catalog, it will be patched. Today, the Auto Apps catalog has 219 of the most commonly used business apps and is growing quickly. Customers can request new apps via a feature request within the Kandji web app.

For lean IT and security teams looking to proactively manage risk without the overhead of managing multiple tools and complex integrations, Vulnerability Response makes vulnerability management both more effective and more efficient.

The days of throwing tickets over the fence are over—at least for Mac. With Kandji's Vulnerability Response, the gap between vulnerability detection and remediation is finally closed.