Action1 5 Blog 5 Action1 Rockledge: Enhancing security architecture to stay ahead of next-generation threats

Action1 Rockledge: Enhancing security architecture to stay ahead of next-generation threats

Published:
May 28, 2026
Last Updated:
May 28, 2026

By Gene Moody

First 200 endpoints free, no feature limits.

No credit card required, full access to all features.

Today we are announcing Rockledge – Action1’s newest product release. 

Rockledge is about making security architecture a product advantage in an era where endpoint management platforms are becoming high-value targets. With this release, we’ve invested our engineering effort into security architecture – and treat security as a major product feature.  

While customers naturally look forward to new capabilities or visible feature expansion, we believe the most important responsibility of an endpoint management platform is to remain secure, resilient, and trustworthy amid rapidly evolving threats. That responsibility has never mattered more. 


The threat model is changing with emerging AI capabilities 

The security landscape is changing quickly. 

CISA recently urged organizations to harden endpoint management systems following a cyberattack against a major U.S. organization. At the same time, the emergence of AI-assisted vulnerability research and exploitation, illustrated by Anthropic’s Mythos, is accelerating how quickly attackers can identify and weaponize weaknesses across software platforms, including endpoint management infrastructure. 

As research, automation, and exploitation of vulnerabilities get faster, security vendors need to adopt a different mindset. The easy path would be to keep pushing customer-facing feature velocity as fast as possible and treat deeper security engineering work as something that can be postponed. We chose a different path. 

Rather than waiting for the industry to react after the next wave of attacks, we made a deliberate decision to invest ahead of the curve and reinforce the underlying architecture of Action1 now. That meant temporarily prioritizing platform hardening and security engineering over accelerating customer-facing feature velocity.  

This was not about responding to a single issue. It was about preparing the platform and our customers for the next generation of threats. 


Cyber resilience by design  

The goal of Rockledge is cyber resilience across our own infrastructure and our customers’ endpoints. This means ensuring the platform remains predictable, controlled, and secure, even under attack. To achieve this, engineering effort behind this release focused on five security architecture enhancements: 

  1. Network Isolation & Access Control: Further tightening the exposure of platform components and the definition of access paths. Reducing unnecessary entry points, minimizing attack surface, and ensuring that all access is intentional, controlled, and traceable.
  2. Web Application Firewall Protection: Expanding protection around external-facing interfaces and relay paths to provide more proactive filtering, inspection, and defense against evolving attack techniques.
  3. Service Isolation (Blast Radius Reduction): Increasing separation between services so they operate independently with tightly constrained trust boundaries. This significantly limits opportunities for lateral movement and reduces the impact radius of any isolated compromise.
  4. Strict Least-Privilege Access: As Action1 continues to scale, we conducted a comprehensive review and reduction of both human- and service-level permissions to ensure access is strictly limited to what is operationally required.
  5. Zero-Trust Enforcement Across Internal Systems: Continuing the elimination of implicit trust relationships between internal components and enforcing verification at every interaction point. The objective is to rapidly detect, contain, and isolate abnormal behavior, even under adverse conditions. 

Looking ahead: Endpoint Takeover Prevention  

This direction also connects to what we’re preparing to release next. In the upcoming version of Action1, we will introduce Endpoint Takeover Prevention (ETP) – new industry-unique technology designed to minimize the risk of unauthorized endpoint control.  

ETP introduces a customer-controlled cryptographic trust model where: 

  • Commands sent to endpoints require cryptographic signing by the customer. 
  • Actions cannot be executed without explicit customer-side authorization. 
  • Endpoint control no longer depends solely on the security state of the cloud platform itself. 
  • Customers maintain an independent layer of trust and control over managed systems. 

This creates a critical separation between platform access and endpoint command authorization. Even in scenarios where the Action1 backend infrastructure is targeted, endpoints remain protected by customer-controlled cryptographic trust boundaries. 

Rockledge strengthens the platform foundation; ETP builds on that foundation by adding a customer-controlled authorization layer for endpoint commands. 

We believe this represents an important evolution in how endpoint management platforms should be designed in the AI era. 

As threats continue to evolve faster and become increasingly automated, resilience and security architecture matter more than ever. Our priority is not simply to add more features, but to set the highest security standard for patching and endpoint management platforms. 

We’ll share more details on ETP as we get closer to release, but we wanted to provide transparency into why foundational security engineering has been a major focus in recent months. 

We appreciate the trust our customers place in Action1 and remain committed to building the platform with long-term security, resilience, and reliability at its core.

See What You Can Do with Action1

 

Join our weekly LIVE demo “Patch Management That Just Works with Action1” to learn more

about Action1 features and use cases for your IT needs.

 

spiceworks logo
getapp logo review
software advice review
trustradius
g2 review
g2 review