March 31, 2021
It’s official! You asked for it and you got it. New Runecast Analyzer 5.0 introduces proactive, actionable insights for Microsoft Azure. This means that Runecast Analyzer can now scan your Azure environment for proper alignment with best practices and compliance with CIS Benchmarks security standard.
Plus, we’ve added another region-specific security standard – with automated audits for the Australian Signals Directorate (ASD) Essential 8 risk-mitigation framework’s coverage of hybrid and multi-cloud environments.
And finally, we’re introducing a new licensing model, for greater flexibility!
Microsoft Azure is one of the fastest growing cloud services on the market – but it is often not alone in its customers’ portfolios. The real growth is with multi-clouds, a composite of technologies from various cloud providers that include Azure.
According to Stanimir Markov, CEO and Co-Founder of Runecast:
“Organizations are not making ‘either or’ choices when it comes to their IT infrastructure these days – they often use a range of services from cloud providers in addition to their on-prem resources. This mix of infrastructure options creates an extremely complex environment and increased risk for misconfigurations, service disruptions and security gaps. And that’s where Runecast Analyzer enters the picture.”
Of course, Azure security compliance (e.g. compliance with Azure CIS Benchmarks) and keeping your IT environment aligned with Azure best practices can be a challenge for even the best of teams.
To say that keeping a mixed portfolio of technologies stable and secure is challenging would be a vast understatement. While cloud providers such as AWS, Azure, and VMware typically offer their own best practice or security hardening guidelines to help users with compliance and stability issues, these resources naturally focus on the specific provider and have limited scope and range when it comes to real-world IT integrations.
Runecast Co-Founder and CTO Aylin Sali stated:
“It’s a problem of both rapid changes and poor visibility. Native tools help, but they're not designed to ensure that users have aligned their environments with best practices, security standards, or even known issues. Users need a single point of visibility across all technologies, with a platform-agnostic tool that reveals all the known and potential risks.”
The founding team at Runecast – made up of veteran IT System Admins – built Runecast Analyzer specifically to answer the developing needs faced by organizations’ IT teams. Providing Admins with proactive insights for Azure best practices and security compliance, for example, was always part of their vision – one that began with VMware and moved later also into the realms of Runecast Analyzer coverage for AWS and Kubernetes.
Take a deep dive into the Microsoft Azure functionality within the Runecast Analyzer. Watch a webinar on Best practices & security analysis for Microsoft Azure, featuring Kev Johnson and Stan Markov.
Take a deeper dive into our Microsoft Azure capabilities in the Runecast Analyzer 5.0 release with Kev Johnson’s Deep Dive article.
Aside from vendor-specific security and best practices guidelines, there are also non-vendor-related compliance standards that are region specific, such as Australia's Essential 8 standards covered in this latest Runecast Analyzer release.
Organizations in Australia can now have a single management interface for identifying and mitigating an array of compliance, risk, and security issues throughout their IT infrastructure – and they can do this analysis securely on-premises (with no data needing to leave their control).
By adding audits for Essential 8 standards and Azure best practice and CIS benchmarks, Runecast Analyzer provides an even more comprehensive set of automated best practice and security compliance checks – all with a single point of visibility.
Runecast APAC Sales Director Andre Carpenter said:
“More and more Australian businesses are adopting the ASD Essential Eight security framework for guidance on how to best prepare for a cyber incident. Traditionally, these businesses would have to commit a significant amount of manpower and time to comb through their VMware environments top to bottom to ensure appropriate hardening and compliance against this framework.
Now, through our Analyzer tool, those businesses can scan their whole vSphere environment in minutes to find out exactly where there are gaps against the ASD and best of all how to remediate them before their security audits. We’re excited to release this feature to help businesses get that time back to focus on other priorities and stay compliant.”
This addition complements other security standards already covered by Runecast Analyzer: CIS Benchmarks, NIST, ISO 27001, GDPR, DISA STIG, PCI-DSS, HIPAA, BSI IT-Grundschutz (Germany), Cyber Essentials (UK), and VMware Security Configuration Guide.
We are frequently asked to develop ‘Runecast Analyzer for everything’. By increasing support for as many platforms as possible, we are on track to make this happen. Our priority is to provide the ideal proactive auditing capabilities to help you optimize and secure your hybrid and public cloud infrastructure and operations.
To stay committed to this aim, we’re introducing a new licensing model. Firstly, AWS, Azure, and Kubernetes licensing is now separate from the existing VMware licensing. It is now possible to deploy Runecast Analyzer from the AWS marketplace and directly to Kubernetes using our Helm charts, removing the dependency on vSphere for deployment. It makes no sense to require that our customers license some vSphere hosts in this situation.
While our licensing for VMware follows the number of physical CPU sockets in use (essentially following the vSphere licensing model), this wouldn’t make sense in a public cloud environment. Instead, we use the concept of “billable assets”. For our AWS model, our billable assets are EC2 instances (excluding micro and nano-sized instances), RDS instances (excluding micro and nano-sized instances) and Lambda functions (with five executions of a function counted as a single billable asset). For Azure technologies, licensing is based on VM instances (except A0 and B1S instances), SQL (DB and Server), and Azure Functions considered Billable Assets. For Kubernetes technologies, licensing is based on Node (containing at least one pod) considered as Billable Assets. Customers must license all billable assets within an account.
Visit our Licensing & Pricing page to learn more.
Recognized by Gartner as a ‘Cool Vendor’, Runecast’s innovative technology has also been patented in the United States. Its contribution to securing mission-critical data center operations resulted in the company winning a €1.9M EU Horizon 2020 grant for further development of its Runecast A.I. Knowledge Automation (RAIKA).
Notable clients using Runecast Analyzer to mitigate service risks and ensure maximum efficiency and security within their IT infrastructure include Avast Software, Chevron, Erste Bank, FLEXdata, Fujisoft, German Aerospace Center (DLR), Near East Bank, Raiffeisen Bank, Scania, Skyguide, and de Volksbank.
Not only does Runecast Analyzer provide a single view of what is happening across workloads, but Runecast Analyzer also does this while running securely on-premises – or even offline, for the most security-conscious applications. This enhances system admins’ access to comprehensive analysis of their networks – regardless if those are on-premises, hybrid, or in the public cloud – while they maintain full control of their data.
Runecast Analyzer compiles information from an array of ‘sources of truth’ – including Knowledge Base articles (KBs), multiple vendor best practices, security standards, etc. – then uses Natural Language Processing (NLP) and Artificial Intelligence (AI) to highlight risks and automatically discover any misconfigurations that can negatively affect performance, trigger outages, or fail security audits
This time-sensitive information enables system admins to slash troubleshooting time as much as 75-85%, with an 80% reduction in monthly incidents and issues (see: University of St Andrews). Others have reported reducing upgrade planning time by 90% (see: FLEXdata).
IT admins can test Runecast Analyzer in their own environments with a 14-day free trial.