Fast Time to Resolution with Runecast 6.5.4

A new release of Runecast is out, and it introduces new capabilities and significant improvements, to provide organizations with more insights to reduce blind spots and speed up remediation efforts. This latest version includes exploit information for vulnerabilities, brings an enriched inventory view, and also introduces new states for issue results. In addition to these enhancements, we are thrilled to announce that Runecast version 6.5.4 automates compliance checks against Trusted Information Security Assessment Exchange (TISAX), the security standard for the German auto industry for VMware, AWS, and OS.

Keep reading to learn more about how the Runecast team has implemented all these changes and how to benefit from them to make your workloads secure and compliant anywhere.

Accelerating risk assessment for faster remediation

Version 6.5.4 allows SecOps teams to quickly check if there is any exploit information available for a vulnerability. 

In addition to the existing capability of identifying if a vulnerability is listed in CISA's catalog of Known Exploited Vulnerabilities (KEVs), a new column will now be displayed indicating whether any exploit information is available from sources such as exploit-db. The inclusion of additional sources for exploit information improves the accuracy of the information that users can gather from the platform.

In this version, users will also find the "Knowledge Profile Results" widget on the main dashboard and additional meta information in the vulnerability issue detail view, including a link to the exploit. This makes it easier to access the exploit availability information from several views – vulnerabilities profile page, dashboard widget, and vulnerability issue detail view – shortening the path for remediation. 

With this change, Runecast introduces another layer of risk prioritization based on severity levels. Users will be able now to quickly identify which vulnerabilities require their immediate attention, beginning with those that are marked as listed in the CISA KEVs catalog and then those that also are displayed as exploit information available. 

360º environment visibility: comprehensive information at all levels

The latest version of the platform implements a new feature that facilitates getting issue details for a selected object directly from the “Inventory” view. This means users can quickly access analysis findings, remediation actions and scripts, and manual answers, all without the need of navigating to a separate section of the platform.

Additionally, users now have full access to issue metadata and can use all the filtering capabilities of regular issue quick filters and grids.
‍

Users can now easily gain insights into their environments when checking the overall status of their infrastructure simplifying end-to-end vulnerability assessment and management. 

‍

Additional issue result states to increase awareness

When users access issue results to check “Analysis findings” they will notice that two new states have been added: 

‍

• Not Applicable issue state – In the past, issues related to analysis objects that were not present in the user's environment were marked as "Pass." They will now be marked as "Not Applicable."

‍

• Not Relevant issue and object states – Some security compliance profiles are designed to target specific system conditions or versions, such as CIS Windows Server 2022 Domain Controller. Previously, any other Windows Server version that was different from 2022 or not a Domain Controller would be shown as "Pass." These cases will now be listed as "Not Relevant." If all analysis findings are in this state, the issue state will also change to "Not Relevant".

This reduces confusion as well as increases awareness and ensures efficient use of resources, meaning Security teams won´t waste time on irrelevant objects because they are excluded from the list of affected objects by a given rule.

AI-powered Security Compliance Extended to TISAX Standard for German Auto Industry

‍

TISAX is a security standard developed by the German Association of the Automotive Industry (Verband der Automobilindustrie, or VDA). It is based on the internationally recognized ISO/IEC 27001 standard and aims to ensure a consistent and high level of information security across the German automotive industry.

‍

Similar to GDPR, which mandates that multinational firms adhere to a European standard while conducting business with Europeans, the TISAX certification requirement applies to all multinational automotive suppliers that wish to conduct business with German automotive firms.

By adding TISAX to the list of security compliance standards covered by Runecast, organizations operating in the automotive sector can automate the evaluation process against this standard, ensuring a high level of information security throughout their supply chain while minimizing the time, resources, and risks involved in complying with the standard. This translates to increased efficiency, reduced costs, and reduced chances of security breaches or penalties due to non-compliance.

vSphere 8.0 Update 1 now included in Runecast VMware Hardware Compatibility Checks

There is also great news for VMware users.The latest vSphere 8.0 Update 1 has been added to Runecast Hardware Compatibility Checks, ensuring even more comprehensive compatibility checks for your VMware environment. With this new update, you can now have peace of mind knowing that your virtualization infrastructure is fully supported and compatible with the latest technology advancements. Upgrade today and enjoy the benefits of seamless virtualization with vSphere 8.0 Update 1. 

[fs-toc-h2]Other features that version 6.5.4 brings to our customers 

In addition to all mentioned updates, previous minor releases and current versions extended and updated key security profiles. The list below shows which profiles have been added or updated:

• Update of CIS for RHEL 8
• Update of NSX Security Configuration Guide
• Added DISA STIG for Red Hat 7
• Added 93 new Microsoft CVEs (included in the 6.5.2.0 and 6.5.3.2 releases) 
• Added ISO27001 profile for Linux and Windows OS: 6.5.4 adds 175 rules for Windows and 80 for Linux to ensure maximum coverage for the OS environment.
• Updated ISO 27001 for AWS and vSphere updated to version 2022 from 2013: The ISO 2700 standard has not been updated since 2013. With Runecast version 6.5.4, customers can now audit their AWS and VMware vSphere environments against its latest version: ISO 2700:2022.

Conclusion 

Runecast 6.5.4 provides quick access to data at different levels, which means organizations have end-to-end vulnerability and compliance visibility from any section of the platform, making it easier for Ops and SecOps teams to coordinate remediation efforts. The automation of TISAX compliance checks marks a milestone in the capabilities of this platform, being one of the few solutions that provide coverage for this standard in the market.

‍

We value your opinion and want to hear your feedback on this and future releases. There are several ways for you to provide feedback. One way is through the "Give us feedback" option in the top menu in the Runecast platform. This allows you to directly submit your thoughts and suggestions to our team. Another way is by enabling the "Improvement program" which you will find in Settings. By doing this you will opt-in to automatically share anonymous usage data and feedback with our team. We believe that your input is crucial in helping us improve and enhance the user experience.

If you would like to find out more about how your teams can benefit from these and existing features, contact our team for a demo.