Our Story

About PatchGuard

Built by the engineers who lived through the problem.

Why We Built This

After a CVE-2021-44228 weekend, we stopped waiting for the right tool.

The Log4Shell disclosure dropped on a Friday afternoon. Our CTO Ana Kowalski was running infrastructure for a financial services client at the time — 1,400 servers across three cloud providers, two data centers, and a Kubernetes cluster that ran on a different team's patch schedule. By Saturday morning they had a list of 312 potentially affected hosts. By Sunday evening they had patched 58 of them.

The bottleneck wasn't people. It was process. Every patch required a change ticket, a manual rollback plan, a post-deploy health check. Tools existed for scanning. Nothing existed for the whole pipeline.

PatchGuard was founded in late 2022 to close that gap. We built the tool that would have gotten those 312 hosts patched by Saturday morning — automatically, with rollback safeguards, and with an audit trail that auditors would actually accept.

Data center infrastructure
Principles

What shapes how we build

No black boxes

Every scoring decision, every deployment action, every rollback is logged with the exact reason. Security teams need to explain what happened — to their CISO, to auditors, to incident responders. PatchGuard makes that possible.

Fix it, don't just find it

Vulnerability scanners have been around for 30 years. Detection isn't the problem. Remediation is. We measure our success by CVEs closed, not CVEs found. Every product decision is filtered through that lens.

Built for real environments

Real hybrid clouds have legacy servers, mixed OS versions, and networks that IT stopped documenting three office moves ago. PatchGuard is designed to work with messy reality — not an idealized architecture diagram.

Results

What security teams achieve with PatchGuard

94%

Regional Bank — 600 Assets

Cleared a 14-month patch backlog in 30 days after deploying PatchGuard. Their previous process required a change advisory board review for every patch. PatchGuard automated approvals for Medium and High severity, escalating only Critical findings to the CAB queue.

4 min

SaaS Platform Provider — 1,800 Assets

Average time from critical CVE disclosure to deployed patch across their Kubernetes fleet and EC2 instances. Previously averaged 6.5 days. PatchGuard's agentless cloud connectors and automated canary rollout made the difference.

0 rollback failures

Healthcare Network — 320 On-Prem Servers

Deployed 847 patch operations across Windows Server and RHEL systems in a HIPAA-regulated environment over six months. Zero rollback failures. Full audit trail for every change, used successfully in their last SOC 2 review.

By The Numbers

Where we are today

2022
Founded in Washington, DC
3,200+
CVE signatures monitored
12,000+
Patch operations completed
SOC 2
Type II certified since 2024

Talk to the team that built this.

We're engineers who ran infrastructure at scale. We'll give you an honest assessment of whether PatchGuard fits your environment.

Get in Touch Meet the Team