Runecast has added OS analysis into its flagship enterprise platform for proactive configuration and vulnerability management, security compliance, and remediation.
The new Runecast enables IT security and operations teams to proactively find and resolve issues within their IT infrastructures – all the way down to their Windows and Linux operating systems.
The expanded capabilities build upon Runecast’s experience in providing users with deeper single-platform transparency into their hybrid environments – whether they are built from VMware, AWS, Azure or Kubernetes – together with proactive remediation to more efficiently fix discovered issues.
Deciphering your technology complexity
The expansion of Runecast capabilities comes as the lines defining organizations’ IT infrastructures have blurred. “Companies have increasingly complex hybrid IT infrastructures – with a mix of operating systems, containers, public clouds and on-premises operations – and this is definitely a trend that will further evolve,” said Stanimir Markov, CEO and Co-Founder of Runecast. “Within such complexity, it is easy to miss risky misconfigurations, vulnerabilities or regulatory non-compliances – which can cause enormous issues for CIOs to have to deal with reactively. By adding OS coverage to Runecast, we are giving organizations a greater ability to effectively mitigate risks with their limited resources.”
Helping admins make the shift from firefighting to fire prevention
Operating systems from Microsoft and Linux play a critical role in enabling various technology elements to play together – therefore it is crucial to protect them from vulnerabilities. Log4j and WannaCry are just two well-known and costly examples of how OS and application vulnerabilities can turn IT teams’ procedures upside down.
The “just keep it working” approach puts information and operational pressure on IT system administrators. Admins have to constantly be in firefighting mode to find and remove new vulnerabilities – whether in the OS or the hybrid cloud – and they have to keep all of those individual parts operating regardless of where they are located, within the limits of their budget.
“Admins face two major challenges here,” pointed out Aylin Sali, CTO and Co-Founder of Runecast. “First, just as the company infrastructure is physically all over the map, so is the admins’ oversight and management of it. It’s tough to deal efficiently with diverse technologies spread across various locations – and we saw this first hand with log4j in December 2021. IT security and operations teams really need a single point of view where they can see their entire infrastructure and analyze the situation.”
“Second, the complexity of environments makes it even more difficult to apply the needed – and already known – fixes. IT security expert SwiftOnSecurity once tweeted that ‘Pretty much 99.99% of computer security incidents are oversights of SOLVED PROBLEMS’ – and that is correct. The vast majority of network issues have already been solved, admins simply need a way to get this information funneled to them in one place and then a way to easily apply the needed changes proactively,” he added.
IT security and operations teams can do more
Runecast automation enables system admins to work smarter and more effectively. “We found that 90% of the issues discovered during firefighting had been already documented – and could have been avoided with some automation – so this is what we are doing now with our automated configuration and vulnerability management, compliance audits and remediation capabilities,” said Markov.
Automated compliance takes the pain out of perpetual audits of best practices, vulnerability management and security compliance. It includes an organization’s internal custom profiles and the most common standards – such as CIS Benchmarks, NIST, HIPAA, PCI DSS, DISA STIG, BSI IT-Grundschutz (Germany), ISO 27001, GDPR, Cyber Essentials (UK), and Essential 8 (Australia).
Issue remediation works by sending admins an auto-generated script following the identification of potential security or stability issues. After the script is validated by the admin and added to an automation tool, the fix is automatically implemented. Remediation capabilities in Runecast encompass VMware, AWS CLI for AWS, Azure CLI for Azure, and Kubectl for Kubernetes.
See ahead or turn back time
As hybrid IT environments are increasingly complex, it becomes critical that admins have the ability to test drive additions to check future hardware compatibility. Runecast’s ESXi Upgrade Simulation feature enables IT operations teams a new level of certainty when planning upgrades by simulating future changes against the VMware Hardware Compatibility List (HCL). By revealing hardware compatibility issues in advance, this cuts the time and uncertainty from upgrade planning.
The ability to look back to see changes over time is essential given that configuration drift – resulting from additional hardware, software updates, or workload migration – remains one of the costliest causes of security breaches and downtime, as well as a pain point for upgrade planning. Configuration Vault enables comparisons between selected times, to compare how an environment was configured between points in time and help teams stay ahead of drift.
A single viewpoint for your hybrid cloud
Runecast provides automated discovery and single-platform visibility of issues for IT security and operations teams. It combines artificial intelligence with knowledge of security and operational IT issues into a patented enterprise platform that proactively identifies issues with a wide range of technologies such as Amazon Web Services (AWS), Kubernetes, Microsoft Azure, and VMware. As it analyzes this complex maze, Runecast gives admins a single point of view into the state of their technology.
“Our approach stems from our VMware experience where we realized that by proactively identifying issues and quickly feeding this info to admins, we were able to slash their downtime and cut the time they were wasting putting out fires,” stated Sali. “Since then, we have progressively expanded our approach to include operating systems and a wider range of technologies, making security and ops teams more proactive and efficient in the process.”
A blue-chip list of clients already using Runecast include Avast Software, de Volksbank, DocuSign, Erste Bank, German Aerospace Center (DLR), Raiffeisen Bank, and Scania.