December 13, 2022
A new release of Runecast is out and it introduces changes that consolidate it as a major Cloud Native Application Protection Platform (CNAPP).
Version 6.3.0 adds support for new security compliance policies and standards and expands upon the existing security capabilities.
Runecast is on a mission to improve Security Compliance and IT Operations for the whole world. In this latest version of our Cloud Native Application Protection Platform (CNAPP) we have added new standards and expanded upon our existing security capabilities, making cybersecurity available and efficient for even more organisations. This blog post walks you through the new capabilities and summarises the improvements made in order to bring efficient cybersecurity management to even more organisations. First let’s start with what’s new.
To further improve your shift-left approach, additional Kubernetes security standards are available in version 6.3 with the help of our all new daemon set. Runecast now deploys custom daemon sets, in order to collect additional data from Kubernetes nodes. The daemon set is deployed at the start of any analysis and removed once the data collection is completed. This additional collection enables our platform to examine your nodes even more thoroughly and even more security standards to be available to you, while ensuring that they only remain temporary and don’t become a large drain on resources.
This release also implements the extensive K8s hardening guide from the Cybersecurity & Infrastructure Security Agency (CISA). You may know that CISA maintains the Known Exploited Vulnerabilities (Catalog), which enables IT Security Professionals to see which vulnerabilities have been detected ‘in the wild’. Runecast already has the KEVs catalog implemented, so that you can see which vulnerabilities to prioritise in your infrastructure, but CISA has provided a 66 page hardening guide on how to secure Kubernetes. With this information in the analysis engine, our customers can easily automate checks which avoid common misconfigurations and implement the recommended hardening measures.
Runecast is now able to check your Kubernetes environments against CIS Benchmarks. The Center for Internet Security (CIS) is a non-profit organization focused on improving public and private sector cybersecurity and Runecast adds CIS to our already impressive list of automated compliance checks. Their K8s standard includes ways to avoid common misconfigurations, vulnerabilities and best practices which should be applied in container security.
Added to this, and with the extension in our coverage of K8s, Runecast is the first platform which provides automated BSI IT-Grundschutz compliance monitoring for Kubernetes. Combined with the existing coverage of VMware vSphere, Microsoft Azure, and Windows OS this means organisations can apply the systematic and in-depth coverage of this German security standard to their hardware, software, containers and cloud computing. Runecast offers total coverage of BSI compliance, including monitoring and reporting, in one platform.
To explore our Kubernetes capabilities with a free trial, click here.
In addition to these new capabilities, there were some enhancements in previous minor releases that are also essential for customers that manage large-scale environments, such as increased NIST coverage. Now there are NIST checks for Linux RHEL (included with version 184.108.40.206) and for Windows Server 2012, 2016, 2019 and 2022. This enables organisations to reduce cybersecurity risks in large-scale environments.
Enterprises who need to scan large-scale OS environments now benefit from combined-OS scanning against the US NIST cybersecurity framework. This gives another way of viewing the analysis information, by grouping together OS results and bringing even more clarity to analyses.
To request an OS licence for Runecast 6.3 contact us here.
For a quick summary of our latest release, watch this video:
Two new features come from our ongoing UI improvements, including our improved comparison feature and new object statuses. The Compare Analysis feature allows quick comparison between the results of analyses, immediately highlighting differences and enabling administrators to quickly move towards remediation or improvement. This way users can quickly see when issues have transitioned from state to state, i.e. from pass to fail.
Coupled with this are our new patch object statuses. This helps to effectively plan patch installation for hosts affected by a security issue and enables users to provide evidence that objects have been patched or remediated against particular issues, or that they are not affected.
Another addition to our Configuration Vault is a tasks analysis ability, which enables users to quickly identify who made changes in their infrastructure configuration. Our Config Vault is an excellent resource for showing what has changed in an environment and now the ability to know when changes were made, and by whom, brings greater understanding and accountability to configuration drift and changes from the expected. This feature collects vCenter Tasks per object type and displays its name, initiator and when the task was performed for hosts and virtual machines. You can find it under the Task Tab in the Configuration Vault.
Increase your chances of a flawless upgrade to a VMware supported version of vSphere with our Hardware Compatibility List for vSphere 8. In case you missed the news, vSphere 6.7 was officially end of life in October 2022 and vSphere 8 was released in September, meaning some of your systems may be out of date. Runecast now provides an ESXi 8.0 upgrade simulation to check upfront if your hardware will be supported after the latest upgrade, according to VMware’s own Hardware Compatibility List. We've recently hosted a practical session with tips for planning and successful execution of secure VMware vSphere upgrade.
Continuously scan your PowerShell for alignment with the Cybersecurity Information Sheet from NSA, CISA, NZ NCSC and NCSC-UK. PowerShell is a fantastic and powerful tool, but if it is not secured properly that power could be used by nefarious actors - if they have access to your infrastructure. Because of this, cybersecurity authorities from the United States, New Zealand, and the United Kingdom recommend proper configuration and monitoring of PowerShell, as opposed to removing or disabling PowerShell entirely. With the new Best Practices for PowerShell in Runecast you can quickly and efficiently scan and configure your systems to work for you and not for any unauthorised persons.
One great feature of our latest release is the ability to scan your infrastructure for compliance against the Turkish Data Protection Law (Kişisel Verileri Koruma Kurumu or KVKK). In the same way that you can scan for NIST, BSI, HIPAA and other security standards, Runecast now enables enterprises that need to be compliant with KVKK to run automatic audits with ease.
This is already greatly helping our customers in Turkey who are able to show their compliance information for KVKK in the main dashboard, allowing them to easily see where they are compliant and which areas need work.
Runecast is an AI-driven cloud protection platform that enables your Security and Operations teams to save time and effort. If you would like to find out more about how your teams can benefit from these and existing features, contact our team for a demo.
Watch the webinar on our latest features: