Software

Runecast 4.6 Released with ISO/IEC 27001 Compliance Checks

Runecast 4.6 Released with ISO/IEC 27001 Compliance Checks check for ISO 27001 compliance, vsphere 7 security guide, and DISA STIG export

Runecast is at it again – introducing great new features that continue to help customers to meet compliance and best practices recommendations in an ever-growing list of environments. The value of the product continues to grow with each new update and release. Today, Runecast has announced ISO/IEC 27001 compliance checks into the latest Runecast Analyzer 4.6 release. Let’s take a closer look into Runecast 4.6 released with ISO/IEC 27001 compliance checks and see how the new compliance checks can be implemented.

Customer-Driven Features and Release Cycles

Before we take a look at the latest and greatest features found in the 4.6 release of Runecast Analyzer, I wanted to highlight the customer-driven features and release cycles that are found in the solution. Runecast is aggressively introducing new features and capabilities within the product and this is very much driven by the feedback that Runecast gets from its customer base.

I was able to attend a pre-release briefing with Runecast yesterday covering the 4.6 release with Kev Johnson of Runecast. It was great to hear how seriously they take customer feedback and feature requests when introducing new features into the product.

If you take a look at the features that have been released just this year, it is amazing to see how many new capabilities have been included in the past few months.

Just to cover the past few months (I probably missed a detail here and there), the following features have been introduced:

  • Enterprise Console (April)
  • CIS for AWS (April)
  • Full vSphere 7 support (May)
  • NIST for AWS (May)
  • EC API (June)
  • Rolling out new UI – starting with HCL (June)
  • Performance enhancements (July) – performance improvements under the hood
  • DISA STIG update (July) – updated quarterly, so Runecast will be releasing these every quarter
  • Pure storage best practices (July)
  • GDPR for AWS (September)
  • Custom profiles (September)
    • Give you an API so you can build your own checks in the future (September)
  • Kubernetes checks (September)

Runecast 4.6 Released with ISO/IEC 27001 Compliance Checks

One of the highly requested new compliance checks that customers have been requesting is the massive ISO/IEC 27001 standard. Most will have no doubt already heard of the ISO 27001 security standard. For those that haven’t, it is a massive information security standard that was first jointly introduced in 2005 by the International Standards Organization (ISO) and the International Electrotechnical Commission (IEC). Its purpose is to serve as an international standard for how to manage information security.

This is an important security standard that is endorsed by industry-leading security experts. It is a generally easy to understand security framework that helps organizations understand and identify security risks to help mitigate the possibility of a data breach event. It may sound like a security standard for large corporations. However, it is a security framework that can benefit businesses of all sizes.

Attackers are setting their sights on the SMB sector more than ever. They realize that as a whole, SMB’s generally do not have the technical expertise and solutions available to protect against security risks as do larger corporations.

ISO 27001 key characteristics:

  • ISO27001:2013 – the basis of ISMS
  • Reduce information security costs
  • Covers people, processes, and technology
  • People, processes, and technology
  • Done well, this can improve company culture
  • Provides a central framework for keeping information safe
  • Increase attack resilience
  • Respond to evolving threats
  • Protects confidentiality, integrity & availability of data
  • secures information in all forms

Upgrading and Activating ISO 27001 Knowledge Profile

Not only does Runecast automate best practice recommendations for your environment and the discovery of these, but it also automates its own lifecycle management. This includes auto-updating to the latest release of the appliance. This leaves you with a simple task to complete – place a check in the box for the new compliance check you want to implement.

Runecast implements the new compliance checks in what it calls Knowledge Profiles. The knowledge profiles can easily be checked and unchecked under the Settings in the WebUI. After the appliance has been upgraded to the 4.6 release, you simply go in and select the new ISO 27001 knowledge profile.

Enabling-the-ISO-27001-knowledge-profile-in-Runecast-Analyzer-4.6
Enabling the ISO 27001 knowledge profile in Runecast Analyzer 4.6

After enabling the new ISO 27001 knowledge profile, analyze your environment and the new ISO 27001 finding will be noted. One of the powerful features of the Runecast ISO 27001 security compliance scan is it notes the specific ISO control for which the finding applies. This takes any guesswork out of matching up findings with the specific ISO controls. Brilliant!

After-analyzing-with-the-ISO-27001-compliance-checks-enabled
After analyzing with the ISO 27001 compliance checks enabled

Runecast 4.6 Other New Features

While the ISO 27001 compliance check is the major news of this release, there are a couple of other really nice additions to the 4.6 release to note:

  • vSphere 7 Security Configuration Guide included
  • DISA STIG export checklist file

vSphere 7 Security Configuration Guide Included

VMware recently updated their security configuration guide to include vSphere 7 recommendations. With Runecast 4.6, these have been incorporated into this latest release so you can implement the best practice security recommendations in line with the latest vSphere release and updated guidance from VMware.

DISA STIG Export Checklist File

In Runecast 4.6 a unique feature has been included that allows you to export the DISA STIG findings from Runecast and import these as a file into the “STIG Viewer” that is provided by the DoD Cyber Exchange.

The benefit here is that you can provide an auditor with the file from Runecast and these can be imported directly into the STIG Viewer for viewing.

Concluding Thoughts

Runecast, in my opinion, is one of those resources that continues to grow in value with each new release. It allows organizations to benefit from implementing best practices in their environments, including vSphere and AWS. Also, it takes the heavy lifting out of effectively auditing for and implementing compliance frameworks in your environment, such as ISO 27001. Runecast 4.6 Released with ISO/IEC 27001 Compliance Checks will undoubtedly allow organizations to benefit from this prevalent and important security compliance framework.

Be sure to check out Runecast and download a free trial of the new version here.

Subscribe to VirtualizationHowto via Email ๐Ÿ””

Enter your email address to subscribe to this blog and receive notifications of new posts by email.



Brandon Lee

Brandon Lee is the Senior Writer, Engineer and owner at Virtualizationhowto.com, and a 7-time VMware vExpert, with over two decades of experience in Information Technology. Having worked for numerous Fortune 500 companies as well as in various industries, He has extensive experience in various IT segments and is a strong advocate for open source technologies. Brandon holds many industry certifications, loves the outdoors and spending time with family. Also, he goes through the effort of testing and troubleshooting issues, so you don't have to.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.