How to empower IT Sec and Ops teams to anticipate and resolve IT problems

Every IT system administrator knows the misery of facing a problem for which the root cause requires hours (and sometimes days) to unearth, all the while part of the IT infrastructure entrusted to them is unavailable to users, open to attack, or not compliant with mandatory security standards.

Digging through vast stacks of online documentation – knowledge base articles, technical specifications, best practices, security guidelines, forum posts – eventually leads them to the right answer, but at what cost?

As virtualization professionals and former IBMers who focused on managing VMware environments for the company’s customers, the Runecast founders know the pain (and cost) too well. So, in 2014, they set out to build a platform that they themselves would have loved to have had when they worked for the company.


The question of how to increase transparency and unified visibility across all platforms in a wider company technology stack is an ultimate pain point faced not only by the security and IT operations teams, but also by CISOs and CIOs.

platform IT Sec Ops

Runecast is a patented enterprise IT platform created for administrators, by administrators, and is tailored to the needs of those teams and enterprise leaders.

Most importantly, though, it is a proactive platform aimed at helping IT admins anticipate potential problems before they become a headache and fix potential issues before they lead to service disruptions or exploitable vulnerabilities.

The objective is reflected in the name of the company and the platform: casting (tossing) rune stones is how some cultures attempted to predict the future that would happen if no changes were made in the present. Runecast Analyzer does precisely this, and then provides actionable solutions to avoid damaging situations.

Its power lies in Runecast AI Knowledge Automation (RAIKA), a technology that uses natural language processing (NLP) to crawl and analyze the previously mentioned mountain of available sources of unstructured knowledge to turn it all into machine-readable rules.

RAIKA plugs into many different sources: knowledge base articles, online documentation, forums, blog posts, and even curated Twitter accounts of influencers.

“There are ‘influencers’ in the virtualization community who are posting articles or tweeting about specific problems even before they’re officially recognized by the vendor,” Stanimir Markov, one of the Runecast co-founders and current CEO, told Help Net Security, and pointed out that that is one of the things that allows Runecast to be proactive.

Some of these knowledge sources are more structured (e.g., hardware compatibility lists) and some less (e.g., blog posts or knowledge base articles), he explained. In the former case, the creation of the rules is fully automated, but in the latter, the rules are validated by humans to make sure they are not sending incorrect rules to the customers.

platform IT Sec Ops

RAIKA feeds the rules into Runecast Analyzer’s patented rules engine, which analyzes millions of interdependent objects that represent an organization’s IT infrastructure and, based on the rules RAIKA produces, isolates groups of interdependent objects that have risky configurations that may cause a server to crash, a vulnerability to crop up, or non-compliance to a security framework.

This all happens seamlessly in the background, and the results are automated and proactive guidelines for IT administrators to act on.

One platform to secure it all

Runecast Analyzer was initially a VMware-specific analytics tool, but as more organizations started using cloud services and containers, Runecast decided to transform it into a platform that allows administrators to analyze and oversee the security posture of their:

  • On-prem VMware environment
  • Private and/or public clouds (AWS, Azure, VMware on AWS)
  • Kubernetes clusters, and
  • Windows and Linux machines (on-prem or in a public cloud, physical or virtual).

The Runecast dashboard shows an entire hybrid IT environment, revealing the most critical areas to prioritize, so the team knows precisely what to work on next.

Runecast Analyzer is used by IT security and operations teams for simulating and planning infrastructure upgrades, troubleshooting, fixing misconfigurations and for vulnerability management and remediation via standard tooling like PowerCLI, Ansible, or AWS CLI and with automatically generated and well-documented scripts/playbooks.

“They can choose to run those scripts and playbooks immediately or schedule them to run during the next maintenance window. Our experience as admins has taught us that it’s sometimes difficult to get changes approved because all stakeholders need to know exactly what’s going to happen during the change window. That’s why it’s so important that the scripts Runecast generates are well-documented: the stakeholders can easily see exactly what the scripts will do and will approve changes more easily,” Markov noted.

Other out-of-the box plugins allow it to work with VMware vCenter Server and ServiceNow (to automate ticket creation). There’s also a full restful API that can be leveraged to extract information from Runecast, to run analysis or do other actions.

Ultimately, it’s all geared towards allowing administrators to work from the interfaces they already use.

A CSPM solution like no other

The fact that Runecast Analyzer covers VMware, AWS, Azure, Kubernetes, Windows and Linux differentiates it from similar offerings out there. Organizations don’t need to get a cloud security posture management (CSPM) product for their cloud(s) and then another IT operations or security solution for their on-prem environments – they can just use Runecast for that.

The speed of its deployment also makes it stand out.

“It shouldn’t take more than 10 to 15 minutes to deploy it, connect it to your infrastructure and start seeing results. Runecast comes as a preconfigured, pre-installed virtual appliance, and you can deploy it on your premises or in the cloud,” Markov explained.

Another big differentiator is the platform’s full offline capabilities. Runecast doesn’t upload any data outside the customer organization, and it can run in places where there’s no internet connection, making it an ideal solution for organizations in the financial services, government, and military sectors.

“You can deploy the Runecast virtual appliance in AWS, but it’ll be your AWS space, not one of our AWS servers, and nothing will go out of your organization,” he clarified.

Finally, the platform also allows organizations to track their compliance level and the adoption of specific regulatory standards – CIS CSC, GDPR, HIPAA, PCI DSS, DISA STIG, NIST, BSI IT-Grundschutz, ISO 27001, and others – across their entire estate and to get alerted when compliance gaps arise.

“This is how you can continuously keep track of your security posture and, as we offer a historical view of the reports, any time you have an audit you can easily prove your compliance over time,” he added.

The future of Runecast

Arising from a niche area of demand within VMware environments, Runecast received one seed round of funding before its innovation was recognized in 2019 with the European Union’s Horizon 2020 grant, for expanding its coverage to additional mission-critical IT environments. In 2020, it was named a Gartner Cool Vendor, and has won Computing awards for Cloud Security Product of the Year and Best Place to Work in Digital.

Enterprises like Avast, DocuSign, and the German Aerospace Center rely on Runecast for proactive risk mitigation, security compliance, operational efficiency and mission-critical stability.

Runecast is always working on improving its platform. The latest additions are its OS analysis (Windows and Linux) capability, and Config Vault, a feature that allows admins to prevent configuration drift.

With big and complex environments, it’s easy to lose sight of what changes in the environment have been made by the many employees and consultants that are allowed to make them. Config Vault keeps all the configuration data that Runecast collects with every analysis, allowing admins and security teams to see when something has been changed. They can also define a “golden baseline” and get alerted when deviations from it are detected, as well as check how consistently their servers are configured.

Plans for the future of the platform include more compliance standards that customers can scan their infrastructure against, new OS analysis capabilities, and a strengthened Kubernetes offering.

“Compared to other technologies out there, Kubernetes is still fairly new, and admins and DevOps people are still learning the best security practices. One of the important additions that we are planning on releasing soon is the Shift Left capability, which shifts security sooner in the development cycle. So Runecast will not only be able to scan the clusters and containers that you currently have, but it will also be able to scan the templates that you’re using and integrate that into your CI/CD pipeline. That way you can be sure even before deploying the containers that they will be fully compliant to best security practices,” Markov shared.

The overarching plan for Runecast Analyzer can be summed up as “Runecast for everything,” so customers can expect support for other technologies, public clouds, and applications.

The lines defining organizations’ IT infrastructures are getting blurrier by the day, and their rising complexity is making it impossible for IT system administrators to oversee and manage it correctly without help from automation.

Runecast Analyzer aims to make IT system admins’ life easier by allowing them to be proactive, to head-off problems instead of spending hours and days putting out fires, by and letting them concentrate on optimizing the hybrid IT environments needed for business.

Don't miss