April 27, 2023
A new release of Runecast is out, and it introduces new capabilities and significant improvements, to provide organizations with more insights to reduce blind spots and speed up remediation efforts. This latest version includes exploit information for vulnerabilities, brings an enriched inventory view, and also introduces new states for issue results. In addition to these enhancements, we are thrilled to announce that Runecast version 6.5.4 automates compliance checks against Trusted Information Security Assessment Exchange (TISAX), the security standard for the German auto industry for VMware, AWS, and OS.
Keep reading to learn more about how the Runecast team has implemented all these changes and how to benefit from them to make your workloads secure and compliant anywhere.
Version 6.5.4 allows SecOps teams to quickly check if there is any exploit information available for a vulnerability.
In addition to the existing capability of identifying if a vulnerability is listed in CISA's catalog of Known Exploited Vulnerabilities (KEVs), a new column will now be displayed indicating whether any exploit information is available from sources such as exploit-db. The inclusion of additional sources for exploit information improves the accuracy of the information that users can gather from the platform.
In this version, users will also find the "Knowledge Profile Results" widget on the main dashboard and additional meta information in the vulnerability issue detail view, including a link to the exploit. This makes it easier to access the exploit availability information from several views – vulnerabilities profile page, dashboard widget, and vulnerability issue detail view – shortening the path for remediation.
With this change, Runecast introduces another layer of risk prioritization based on severity levels. Users will be able now to quickly identify which vulnerabilities require their immediate attention, beginning with those that are marked as listed in the CISA KEVs catalog and then those that also are displayed as exploit information available.
The latest version of the platform implements a new feature that facilitates getting issue details for a selected object directly from the “Inventory” view. This means users can quickly access analysis findings, remediation actions and scripts, and manual answers, all without the need of navigating to a separate section of the platform.
Additionally, users now have full access to issue metadata and can use all the filtering capabilities of regular issue quick filters and grids.
Users can now easily gain insights into their environments when checking the overall status of their infrastructure simplifying end-to-end vulnerability assessment and management.
When users access issue results to check “Analysis findings” they will notice that two new states have been added:
This reduces confusion as well as increases awareness and ensures efficient use of resources, meaning Security teams won´t waste time on irrelevant objects because they are excluded from the list of affected objects by a given rule.
TISAX is a security standard developed by the German Association of the Automotive Industry (Verband der Automobilindustrie, or VDA). It is based on the internationally recognized ISO/IEC 27001 standard and aims to ensure a consistent and high level of information security across the German automotive industry.
Similar to GDPR, which mandates that multinational firms adhere to a European standard while conducting business with Europeans, the TISAX certification requirement applies to all multinational automotive suppliers that wish to conduct business with German automotive firms.
By adding TISAX to the list of security compliance standards covered by Runecast, organizations operating in the automotive sector can automate the evaluation process against this standard, ensuring a high level of information security throughout their supply chain while minimizing the time, resources, and risks involved in complying with the standard. This translates to increased efficiency, reduced costs, and reduced chances of security breaches or penalties due to non-compliance.
There is also great news for VMware users.The latest vSphere 8.0 Update 1 has been added to Runecast Hardware Compatibility Checks, ensuring even more comprehensive compatibility checks for your VMware environment. With this new update, you can now have peace of mind knowing that your virtualization infrastructure is fully supported and compatible with the latest technology advancements. Upgrade today and enjoy the benefits of seamless virtualization with vSphere 8.0 Update 1.
In addition to all mentioned updates, previous minor releases and current versions extended and updated key security profiles. The list below shows which profiles have been added or updated:
Runecast 6.5.4 provides quick access to data at different levels, which means organizations have end-to-end vulnerability and compliance visibility from any section of the platform, making it easier for Ops and SecOps teams to coordinate remediation efforts. The automation of TISAX compliance checks marks a milestone in the capabilities of this platform, being one of the few solutions that provide coverage for this standard in the market.
We value your opinion and want to hear your feedback on this and future releases. There are several ways for you to provide feedback. One way is through the "Give us feedback" option in the top menu in the Runecast platform. This allows you to directly submit your thoughts and suggestions to our team. Another way is by enabling the "Improvement program" which you will find in Settings. By doing this you will opt-in to automatically share anonymous usage data and feedback with our team. We believe that your input is crucial in helping us improve and enhance the user experience.
If you would like to find out more about how your teams can benefit from these and existing features, contact our team for a demo.
Take your action against risks and discover the end-to-end vulnerability assessment with Runecast 6.5.4.