I have written many times about the Runecast Analyzer solution that years ago started as a vSphere-only tool. However, now Runecast is a multi-faceted cybersecurity and compliance tool in addition to providing best practices recommendations and remediations across multiple environments, transcending vSphere. The news of Runecast 6.2 released new features, including container image scanning and GCP support. Let’s look at this release and see what it brings to the table.
What is Runecast?
In case this is the first time you have heard about Runecast, let’s get a brief overview of the solution. Runecast provides an all-in-one appliance that scans your environment for many of the difficult-to-detect problems and issues that may be present, including configuration issues, security issues, and best practices issues across the environment.
A few versions ago, Runecast introduced the ability to proactively remediate issues found in the environment by offering a way to generate PowerCLI and other code to run in the environment to remediate issues found.
As mentioned, the product continues to get better and more powerful with each release, adding more environments and additional scanning capabilities to the capabilities offered in the product. I have many times referred to the Runecast solution as one of the best products you will stand up in your environment, hands down. Its capabilities and quick time to value are hard to find in other solutions.
Runecast 6.2 Released New Features
The new Runecast 6.2 release brings exciting new features to the platform, including the following:
- Container image scanning
- Integrate with K8s admission controller to secure your deployment processes or run image scans manually.
- GCP support
- Best practices, CIS compliance and configuration tracking.
- OIDC
- Login to Runecast with your OIDC identity provider.
- New security profiles
- Visit Knowledge profiles section for a complete overview of available profiles
Container image scanning
Unquestionably, Kubernetes security has become a hot topic as more organizations adopt Kubernetes to modernize their business-critical workloads. Without a solution like Runecast, it can be difficult to secure Kubernetes deployments.
With the new Runecast 6.2 release, Runecast now integrates directly with your Kubernetes Admission Controller to provide container image scanning. You can connect to your container deployments from any platform that supports webhooks, directly to Runecast’s image scanning.
It allows enforcing your built-in policies as part of container image deployment. Pull requests must meet the enforcements of the container image policy before they are allowed. Once a container deployment is requested, Runecast takes the template or manifest for the container to be deployed and sends the policy result for the image back to Kubernetes.
Another great feature of this process is that Runecast can give visibility to any updates or patches for the image before deployment. This feature allows for remediating any issues before the container is deployed.
GCP support
Organizations today are becoming very “multi-cloud” in their cloud strategies, meaning they are “cherry picking” which hyperscale public cloud environments and services they want to take advantage of, allowing picking the best services from each that align with their business. Google Cloud Platform is becoming more popular among companies for certain solutions and services.
Runecast now supports adding your GCP environment and provides full insights into your GCP deployments. You can now scan your GCP environment against recognized best practices for Cloud Security Posture Management purposes.
You will also be able to measure your compliance against CIS Benchmarks and Google’s own published best practices. In addition, the Runecast Configuration Vault allows seeing changes made immediately helping to gain visibility to configuration drift.
OIDC
Runecast is still very much aligned with traditional operations, including traditional integrations. The Runecast 6.2 release now integrates with Jira and OpenID Connect. This will help to speed along your daily workflows
New security profiles
Runecast 6.2 brings your security protection and visibility to the next level with multiple features and capabilities, including the most robust proactive protection found in any Runecast release.
In Runecast 6.2, the latest Microsoft CVEs and Linux vulnerabilities are combined with:
- CIS Benchmarks
- DISA STIG (updated for both Windows and Red Hat Linux Enterprise 8)
- Vulnerability scanning and configuration analysis
- BSI IT-Grundschutz for Windows (a brand new addition)
Runecast 6.2 has new compliance and security standards for vSphere and Azure, adding DISA STIG for:
- vSphere 7
- New NIST profiles for Azure
This is particularly important for our US customers, who may be constrained to operate under DISA if they use the DoD’s network or use NIST in other government areas.
Runecast FAQs
- What is Runecast? Runecast has become a powerful Cloud Security Posture Management (CSPM) tool that provides cybersecurity scanning and best practices recommendations for a wide range of environments and solutions, including VMware vSphere, AWS, Azure, GCP, NSX-T, Horizon, Kubernetes, and many others. It provides tremendous visibility into very hard-to-detect configuration issues in the environment and makes the very hard “best practices” moving target much easier to hit.
- Is Runecast free? Runecast offers a fully functional trial version that allows organizations to try out the functionality. You simply fill out the online form and submit it for someone at Runecast to reach out and set up the trial license.
- What new features are found in Runecast 6.2? The main features, as discussed, are the new container image scanning, GCP support, OIDC, and new security profiles support.
Wrapping Up
Runecast, what can I say, the great keeps getting greater! The new features will undoubtedly be exciting for organizations that are using Kubernetes in their modern application development lifecycle and those that may be using Google Cloud Platform (GCP) for part of their cloud infrastructure. As always, this release’s new security profiles and scanning features are an additional win.
0 Comments