It is always a great feeling when you are able to watch a product or solution that you knew was destined to be great, form, grow, and develop over time into just what you expected – an awesome product that continues to exceed expectations. Runecast Analyzer is one of those products that I have had the pleasure of working with for the past few years now. Seeing it grow, incorporate new features and expand as a solution, tackling complex problems and challenges is really great to see. Runecast has now made an announcement of the next major version of the product, Runecast 6.0. In this post, we will cover Runecast 6.0 released with new features including Log4j scanning in your environment.
Runecast 6.0 released with new features
The big news with this release of Runecast 6.0 is OS-level analysis for Windows and Linux! The next product evolution makes total sense as, if you are like me, you have probably said, “I wish I had a Runecast-like product to check other environments besides VMware, AWS, Azure, etc.” Runecast has effectively brought all the features and functionality you are accustomed to using with Runecast and provides these features now with operating system (OS) security and analysis.
Whereas Runecast started off as a best practices analyzer for VMware, it has now evolved into much more – a fully-featured IT security and operations tool that helps to quickly identify vulnerabilities and security issues across the board. Runecast shows they are serious about security, even in their own product.
Apache Log4j vulnerability scanning
After officially releasing Runecast Analyzer 6.0 on December 12th, they quickly released a patched version, 220.127.116.11 that is not only fully patched against Log4j but also scans for and detects Log4j in the environment across your Windows and Linux estate, which comes at a tremendous time of need for organizations.
Most businesses are still scrambling to audit and find vulnerable Windows and Linux machines in the environment before an attacker does. Without a tool like Runecast 18.104.22.168 that can scan for the vulnerability across your infrastructure landscape, it could literally be like finding a needle in a haystack.
Runecast is even providing a free assessment service to help businesses find and remediate Log4j vulnerabilities in their environment. Note the following from the official Runecast blog post:
Due to the severity and widespread impact of this issue, Runecast is currently offering a free assessment of your estate. This includes all applications running on Windows, Linux, VMware, and even Kubernetes.
OS-level scanning for Windows and Linux
Quite honestly, the new Runecast 6.0 OS-level scanning and analysis capabilities fill a need that has existed for quite a while, in my opinion. While there are other tools out there that can scan Windows and Linux OS’es, Runecast provides the full solution that can cover your entire estate – VMware, AWS, Azure, Windows, Linux, Kubernetes, etc.
Having a single-pane-of-glass view of the security posture of all your systems in a single solution is incredible. With the new OS-level analysis, Runecast 6.0 includes CIS benchmark certificate for Windows Server 2016 and Red Hat Linux 8. Currently, with this new OS scanning feature, you get 350 rules preconfigured in the Runecast platform. In true Runecast style, these rules, scans, and compliance framework checks will no doubt grow and evolve over time.
In addition, you get configuration drift management and vulnerability assessment capabilities that can scan both bare-metal installs and virtual machines. Also, scans of Windows and Linux virtual machines can be on any hypervisor platform, not just VMware, etc.
More security profiles available
Also, new with this release is the addition of more security profiles. Azure coverage is extended with BSI and GDPR profiles. DISA STIG now supports vSphere 6.7.
Runecast coming full circle – application layer scanning
The Runecast Analyzer solution has continued to evolve and is now coming full circle with the capabilities and features included in the product. Now as an increasingly security-focused product, the Runecast solution is empowering organizations to ensure security and other best practices at the infrastructure layer AND the workloads themselves. This is key.
Even if your infrastructure is bulletproof, if your workloads contain horrendous vulnerabilities, most likely you are still in a dangerous position. Alternatively, if your workloads are hardened, but the infrastructure is full of vulnerabilities, you are at risk as well. Today, cybercriminals are not looking for a specific vulnerability only. They are looking for ANY vulnerability that can lead to compromise, ransomware, data leak, etc.
Having a solution like Runecast that can cover the full circle of the infrastructure, workloads, and applications will be a gamechanger.
- Official blog post covering the Runecast Analyzer 6.0 release
- Runecast response to the Log4j vulnerability
Runecast continues to push the envelope of best practices and security scanning with a unique and extremely valuable tool that organizations need today. Cybersecurity threats are only going to increase. Having full visibility to vulnerabilities across your entire estate (infrastructure, workloads, and applications) is the only way to find vulnerabilities before the bad guys do. This is what Runecast provides.
Read my previous posts covering Runecast here:
- Runecast Analyzer 5.1 Adds Remediation and Config Vault
- Microsoft Azure Best Practices with Runecast Analyzer 5.0
- VMware NSX-T Best Practices with Runecast Analyzer 4.7
- Runecast 4.6 Released with ISO/IEC 27001 Compliance Checks