Manage your Security and Compliance Globally Across Environments and Geo-locations via Runecast Platform

Runecast has grown again by providing global visibility enabling you to be able to achieve 100 % compliance within your enterprise. This can now be achieved with one unified platform. As enterprises have many geo locations and separate datacenters and remote offices across the globe. The management of such an environment with separate and siloed software isn't usually the best you want. Ideally, a single pane of glass is what's kind of a holy grail for IT admins. Runecast's latest platform update does just that!

Until now, there was not a possibility within the Runecast platform, to have multiple teams (SecOps, Compliance, IT infrastructure, DevOpes)  each managing security, infrastructure health, or compliance within a different geographical location. This is a new feature in Runecast 6.1 called Organizations, which is particularly useful when your company has many offices around the world and you want to avoid siloed reporting and management.

You can grant access to your teams based on their geo-location to be able to manage the infrastructure that they are responsible for. You can actually replicate your existing company structure now. Runecast has integration to Microsoft AD or LDAP so your team will see only what they need to see (previously, all teams saw everything) depending on the permissions they are assigned to or depending on the level of their role.

From other innovations, we can mention KEV correlation which stands for Known Exploited Vulneratilibies (KEV). This is a catalog that contains common vulnerabilities. The mission of the CVE program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. In fact, it is CISA (Cybersecurity & Infrastructure Security Agency) in the USA that maintains the KEV catalog which is a very useful tool to fight against cyberattacks.

While it is clear that military and government organizations have to be compliant, there is due date in the KEV catalog and for those organizations it is mandatory. For others, they can still use it as a guide and be patched and fully protected. KEV can be used with DISA STIG (Defence Information Systems Agency) (Security Technical Implementation Guides) and use it for example for closing remote access ports or removing factory defaults admin passwords.

Runecast platform brings also more security profiles that can be applied to the OS level now (DISA STIG profile) and vSphere can now be evaluated against GDPR. Overall, there are also improved views allowing you to filter, inspect and resolve all reported issues.

The Runecast platform provides configuration, best practices, vulnerability, and security compliance across your global estate. Your teams located across the globe have all the required information to proactively secure your infrastructure and maintain uptime.

Quote from Runecast:

Servers and appliances which are physically located in separate regions and controlled by different Operations teams can now be put in different Organizations in the Runecast interface, saving your teams time while bringing better operational transparency.

Screenshot from Runecast

Runecast is becoming a Single Pane of Glass for security and compliance

Here is a list of compliance standards that the Runecats platform supports right now (growing):

• DISA STIG
• BSI IT-Grundschutz
• ISO 27001
• GDPR
• CIS Benchmarks
• NIST
• HIPAA
• PCI DSS
• Cyber Essentials (UK)
• Essential 8 (Australia/NZ)
• CISA KEVs vulnerabilities catalog

Runecast 6.1 New Features

• Organizations – as we mentioned above, Runecast can now truly match your organization's geographical locations where you can have a single appliance and many security and infrastructure teams managing their offices from different locations. Please note that there is still the option to have the Enterprise console and have multiple departments within one company where each department has its own Runecast appliance independently installed and maintained. If your teams are still running multiple Runecast appliances please note that the Organizations apply only to the appliance they are configured on.
• CISA Catalog – Runecast security platform now includes CISA catalog of Known Exploited Vulnerabilities. CISA is a Cybersecurity and Infrastructure Security Agency in the USA that has a catalog of all vulnerabilities that are known to have been exploited.
• Increased security Reach with GDPR compliance – Now Runecast has also added GDPR compliance monitoring for VMware. Windows servers in 2016 and 2019 has a new level of scanning DISA STIG available.
• New UI – Runecast platform has a new look as well. With improved clarity within the vSphere environment, you can have better usability and have more responsiveness when navigating and taking actions. With the new issues list, there are newly added powerful ways to observe, filter, inspect and resolve all reported issues.

Screenshot from Runecast

Final Words

This is not Runecast we knew just a couple of years ago. This Runecast is bigger, richer, more global, and more open to a global scale. Runecast has really evolved to become a Security product platform with a possibility of security audit and compliance, as well as keeping your IT infrastructure up-to-date with the best performance and optimization. Runecast has the possibility to manage Kubernetes as well since many organizations taking advantage of modern apps. Kubernetes Security Posture Management (KSPM) software allows you to audit those workloads and have the latest security and vulnerabilities remediation options.

Runecast is becoming really multi-platform security and compliance tool that progressed enormously. It's now a tool that can be used not only by IT admins but also by security teams, CIOs or CISOs. We're evolving into an IT environment where an IT admin with several “hats” has clearly more and more work because of security and compliance. While just a couple of years ago, being an IT admin the job of security and compliance could be done by a single man in small organizations, this becomes more and more difficult today.

Larger IT departments can use single software for the company's security, compliance, best practices, patches, and (or) remediations, for all their multi-cloud and multi-site environment, via a single appliance.

Discover, manage, audit, and remediate across different platforms via a Single Pane of Glass. Runecast platform covers not only on-prem environments with vSphere, different OS types, Horizon, NSX-T, VSAN, Kubernetes, but also public and private clouds such as vCloud Director, AWS, or Azure.

Tight integration with VMware vSphere

Source: Runecast

Some of our Previous posts about the Runecast platform:

• Runecast 6 and OS-level Support Windows/Linux
• Runecast can help to detect vulnerability in Apache Log4j Java library
• vSphere Upgrades easier now with Runecast
• Track configuration changes in your vSphere Environments with Runecast Configuration Vault Feature

More posts from ESX Virtualization:

• VMware vCenter Converter Discontinued – what’s your options?
• How to upgrade VMware VCSA 7 Offline via patch ISO
• vSphere 7.0 U3C Released
• vSphere 7.0 Page [All details about vSphere and related products here]
• VMware vSphere 7.0 Announced – vCenter Server Details
• VMware vSphere 7.0 DRS Improvements – What's New
• How to Patch vCenter Server Appliance (VCSA) – [Guide]
• What is The Difference between VMware vSphere, ESXi and vCenter
• How to Configure VMware High Availability (HA) Cluster

Stay tuned through RSS, and social media channels (Twitter, FB, YouTube)