Patching that proves itself.

Patchwise watches every device against the world's live threat feeds, verifies real installed versions machine-by-machine, fixes what's actually vulnerable — and hands your clients the evidence.

Book a live demo Watch it think ↓
CISA KEV + NVD + EPSS Fleet scan every 3 hours 9 business apps version-verified
patchwise — live fleet view · simulated demo data
Needs attention ⚠ new KEV detected
P1·KEV CVE-2026-11645 name-only MER-Reception MER-Warehouse-02 MER-Sales-NB MER-Accounts
P2 CVE-2026-9874 verified NGM-Sales-03
Open items
2
Verified current
0
Devices
38
CISA KEV CATALOGNVD · NISTFIRST.ORG EPSSGOOGLE VERSIONHISTORYSUPEROPS RMM
0k+
CVEs evaluated against your fleet
0×
full fleet scans, every single day
0%
of findings version-verified before they clear
0-person
approval on every staged patch
The problem

Most patch tools cry wolf.

They match by product name, ignore what's actually installed, and keep screaming long after the fleet is safe. The result: alert fatigue for your IT team and reports your clients stopped believing.

🙈

Version-blind alerts

A new CVE lands and every machine with the product gets flagged — even the ones already running the patched build. Nobody can tell real risk from noise.

38 alerts · 5 real
👻

Ghost devices

Laptops that haven't been switched on in weeks hold alerts open forever. You can't patch a powered-off machine — but most tools never tell you that's the reason.

offline 25 days, still "urgent"
🤷

Unprovable reports

"Trust us, you're patched" doesn't survive an insurance audit. Clients want evidence: what was found, on which device, and proof it was actually fixed.

zero evidence trail
How it works

Detect. Verify. Fix. Prove.

A fully automated pipeline that runs eight times a day — and never marks anything safe without checking the actual installed version first.

🛰️

Sync

every 3h

Every managed device and its full software inventory, pulled from the RMM.

🎯

Match

live feeds

Installed software matched against CISA KEV, NVD criticals and EPSS exploit scores.

🔬

Verify

per machine

Installed versions checked against the vendor's actual latest release — no name-only guessing.

🔧

Fix

2-person approval

Patches staged with a reviewer, ticketed, deployed — or auto-updates verified.

📜

Prove

client-ready

Findings clear only with evidence, and every fix lands in the client's report.

Live walkthrough

Watch Patchwise think.

A real day in the life of a finding — from the moment an actively-exploited CVE drops, to the moment your client sees the proof. All data below is simulated.

An exploited CVE drops. Patchwise already knows who's exposed.

The moment CISA flags a vulnerability as actively exploited, Patchwise sweeps every device's installed software and raises a P1 — with the exact machines, not a vague product name.

  • CISA KEV picked up within the next scan cycle
  • Matched to real installed software, fleet-wide
  • Exploit likelihood scored with EPSS
New detection⚠ P1 · actively exploited
CVE-2026-11645 · Chromium V8CVSS 9.0 · KEV8 machines flagged
BLA-Partner-NBchecking…queued
BLA-Receptionchecking…queued
BLA-Finance-01checking…queued

Every machine's real version, checked against the vendor's latest.

No name-only guessing. Patchwise reads the installed build on each device and compares it to the actual latest stable release — live from the vendor.

  • Already-updated machines are recognised instantly
  • Outdated machines named, with installed → latest
  • Offline devices flagged — you can't patch a powered-off laptop
Version verificationlive · vendor latest 149.0.7827.103
BLA-Partner-NB149.0.7827.103✓ up to date
BLA-Reception149.0.7827.103✓ up to date
BLA-Finance-01148.0.7778.179 → 149.0.7827.103outdated
BLA-Archive-PClast seen 11 days agooffline 11d

Fix the one machine that needs it. The finding clears itself.

The patch is staged for just the outdated device, a second technician approves, and once every machine verifies current the finding resolves automatically — with the reason recorded.

  • Tickets list only machines that need work
  • Two-person approval on every deployment
  • Auto-clears the moment the fleet verifies current
Remediation✓ resolving
Stage patch → BLA-Finance-011 machine · not 8ticket #4127
Approved by second reviewer4-eyes policy✓ deployed
CVE-2026-11645 · Brightlineall machines verified current✓ auto-cleared
Risk scorerecalculated, version-aware98 → 0

Your client sees proof, not promises.

Every fix lands in a plain-language report with the official CVE record linked — the document your clients hand to insurers, auditors and their own customers.

  • Security score per client, honestly calculated
  • "What we caught & fixed" — with evidence
  • Private portal per client, nothing shared
  • Insurer-ready controls summary, generated on demand
0
current
Devices monitored23
Fixed this month11 ✓
Actively-exploited caught3
CVE-2026-11645Auto-updated & version-verified
Everything in the box

Built by an MSP. For real fleets.

Patchwise was built inside F1 IT Solutions to manage real client fleets — every feature exists because a real environment demanded it.

🔬

Version-aware verification

The flagship. Every finding is checked against each machine's actual installed build and the vendor's live latest release — Chrome, Edge, Firefox, 7-Zip, VLC, Zoom and more — so "needs attention" always means it.

SOL-FrontDesk 149.0.7827.103 ✓ up to date
SOL-Dispensary 149.0.7827.103 ✓ up to date
SOL-Admin-NB 148.0.7778.179 needs update
HBC-Finance-01 149.0.7827.103 ✓ up to date
👻

Offline device flags

Devices quiet for 3+ days are flagged with "last seen" — so unreachable machines get chased, not ignored.

🧹

Self-clearing findings

Once every machine verifies current, the finding resolves itself with the reason on record. No manual closing.

⚖️

Honest risk scoring

Scores weigh exploitability, exposure and persistence — and only count machines that are actually exposed.

🎫

Staged patches + approvals

Patches are ticketed and need a second technician's approval before deployment. Four eyes, every time.

📜

Client-ready reporting

Per-client portal, a plain-language security report with official CVE references, and a one-click insurance & audit controls summary answering the questions insurers actually ask. Your clients see only their own data, always.

OS patch & EOL watch

Windows patch state per device (missing, reboot-required) plus unsupported Windows, Office and macOS flagged until removed — removals credited as fixes.

📟

Always-on watchdog

Daily integrity audits re-verify every auto-resolved finding, and CISA remediation deadlines trigger automatic escalation — the system checks itself.

The deliverable

Reports your clients actually read.

No jargon dumps. A security score, what was caught, what was fixed, and proof — each item linked to the official government CVE record.

  • 1Evidence, not promises. Every fixed item shows the device, the date and how it was resolved — auto-updated, patched by your IT team, or software removed.
  • 2Audit & insurance ready. Hand the report straight to your insurer or auditor — the record is continuous, not reconstructed.
  • 3Private per client. Each client's portal is identity-gated and scoped to their own devices. Nothing is ever shared.
PATCH·WISE Security Report
Brightline Attorneys · simulated
0%
patched

21 of 23 devices fully patched. The remaining 2 are being updated — no action needed on your side. Every device is checked against the world's known threats, daily.

CVE-2026-11645CRITICAL · EXPLOITED

A critical flaw in Google Chromium V8 that could let an attacker take control of the device.

✓ Auto-updated & version-verified · 10 Jun
End-of-life softwareUNSUPPORTED

Office 2010 no longer receives security patches — a standing risk attackers target.

✓ Unsupported software removed

See your fleet the honest way.

Patchwise is included with F1 IT Solutions managed security services — for businesses in Cape Town and across South Africa. Book a 20-minute live demo on your own fleet's data.

Book a live demo Visit F1 IT Solutions →
Questions

Frequently asked.

What is Patchwise?
Patchwise is F1 IT Solutions' vulnerability-management platform. It inventories every managed device, matches installed software against CISA KEV, NVD and EPSS threat data every 3 hours, verifies real installed versions machine-by-machine, and clears findings only once every machine is proven current.
How is it different from normal patch management?
Most tools flag by product name and leave alerts open even after machines update. Patchwise is version-aware: it checks each machine's installed build against the vendor's actual latest release across major business apps (Chrome, Edge, Firefox, Zoom, 7-Zip, VLC and more), so machines that are already safe never show as work — and findings auto-clear with proof.
How often does it scan?
Device inventory syncs every 3 hours and the full fleet is re-evaluated against the latest threat feeds on the same cycle — 8 times a day, with version verification after every scan.
What about devices that are switched off?
Patchwise tracks when every device last reported in. Anything quiet for more than 3 days is flagged distinctly — so unreachable machines get chased or retired instead of silently skewing your security posture.
What do my clients or auditors see?
Each client gets a private, identity-gated portal and a plain-language security report: devices monitored, what was caught and fixed (linked to the official NVD record), and what's being handled. It's evidence you can hand to insurers and auditors.
How do I get Patchwise?
Patchwise comes with F1 IT Solutions managed security services. Email leo@f1itsolutions.co.za or visit f1itsolutions.co.za to book a demo.