'unattended upgrades' is the name of the package on Ubuntu that will give you automatic security updates
The Server Guide suggests installing apticron to get notification emails
If you're running at least 16.04, you can also sign up for the LivePatch service (free for 3 machines) which can patch the kernel without reboots. Similar services from RedHat etc. cost ~2K per year.