Issuing a security and compliance auditing policy across on-premises and multi- and hybrid cloud environments can be a challenge. Learn how Runecast 6.1 helps businesses solve these difficult security and compliance challenges.

Organizations worldwide are using a wider variety of services and solutions than ever before. This includes a mix of both on-premises and cloud resources. As a result, business leaders, including CIOs and CISOs, must grapple with challenges associated with managing, securing, and auditing for compliance in services and business-critical data across on-premises, cloud, and hybrid cloud environments.

The last few releases of Runecast have resulted in a solution that is no longer just an analyzer or tool to be used only by IT admins. Instead, it has evolved into a holistic enterprise platform, allowing security and operations teams and business leaders to tackle today's complex hybrid cloud challenges.

Security and compliance policy—A top priority but challenging

Security and operations teams and C-level executives alike understand the tremendous danger to their business from modern cybersecurity threats, such as ransomware, data leaks, and others. For example, high-profile ransomware attacks cost businesses millions from encrypted data, intentional data leaks, and lost customer trust. In addition, as companies increasingly use cloud resources, security and operations teams have difficulties maintaining visibility and understanding security risks across the various environments used in business-critical operations.

Ransomware groups often take advantage of actively exploited vulnerabilities that exist in unpatched on-premises or cloud resources. As a result, a challenge for CISOs and security operations teams is understanding the overall cybersecurity posture of the multiple environments and technologies used for business-critical services.

For example, a typical organization may run infrastructure across multiple environments and technologies. These include:

  • A private cloud data center running on top of VMware vSphere
  • VMware Horizon for remote connectivity
  • VMware NSX-T for software-defined networking
  • Amazon Web Services (AWS)
  • Microsoft Azure
  • Modern workloads inside Kubernetes clusters

Each technology and environment may have its own dashboard, native security views, and tooling. In addition, compliance is a significant challenge related to running infrastructure across multiple environments and technologies. Much like the security challenges, having a single view and visibility of compliance risks is cumbersome or nonexistent using native tools.

C-levels, CISOs, and security and operations teams understand that the security challenges facing their businesses today require a proactive approach. However, putting the "proactive" approach into practice can be challenging. Such challenges can include the following:

  • Transparency and reporting—Surfacing issues and being able to report on those issues across environments accurately
  • Vulnerability management—Discovering vulnerabilities in your on-premises and cloud infrastructure
  • Security compliance policy—Businesses that fall under PCI-DSS, HIPAA, GDPR, and other compliance regulations need to have visibility into compliance issues across their estate and know how to correct them to avoid costly compliance violations
  • Empowering teams with time-saving tools—Teams are often left struggling to juggle high-priority security and compliance objectives with daily operations

Runecast 6.1—A single pane of glass for security and compliance policy

In its early days, Runecast began by helping customers understand how to align their VMware vSphere environments with best practices and evolved to include compliance audits. However, many years later, with the release of Runecast 6.1, Runecast has become a fully featured enterprise platform.

It still scans, audits, and provides visibility into issues in VMware vSphere and other technologies for operations teams. However, it now provides a holistic view of security, compliance, and security posture management, both on-premises and in cloud environments, far beyond its beginnings.

Note the following strategic areas of Runecast 6.1, which help organizations bolster their security and compliance management:

  • Security, compliance, and risk management for hybrid and multicloud
  • Cloud and Kubernetes Security Posture Management (CSPM, KSPM)
  • Vulnerability management and assessment
  • IT operations management (ITOM)

Security and compliance policy management for hybrid and multicloud

Runecast 6.1 provides businesses with a single platform to audit and remediate compliance and security risks across environments, whether in private data centers or in the public cloud. Runecast covers a growing list of compliance standards, including the following:

  • CIS Benchmarks
  • NIST
  • BSI IT-Grundschutz
  • ISO 27001
  • GDPR
  • Cyber Essentials (UK)
  • Essential 8 (Australia)
  • CISA KEVs catalog

In Runecast 6.1, OS support is extended with coverage of the DISA STIG profile. In addition, it now shows the Known Exploited Vulnerabilities (KEV) catalog so businesses can prioritize which vulnerabilities they want to remediate based on those exploited in the wild.

Runecast 6.1 displays the known exploited vulnerabilities to easily prioritize remediation

Runecast 6.1 displays the known exploited vulnerabilities to easily prioritize remediation


Organizations are using cloud technologies more than ever, including Kubernetes, for modern workloads. However, navigating the waters of security and compliance in the cloud, especially with technologies such as Kubernetes, can be difficult. KSPM is becoming a real "thing" that organizations must wrap their heads around. Ransomware is now targeting vulnerable Kubernetes clusters.

Runecast gives CISOs and security operations visibility into all assets across their estate, including cloud environments and Kubernetes, for modern workloads. In addition, it allows scanning configurations and logs to give visibility into health and security concerns. SecOps and IT Ops can also use Runecast to build remediation with standard tools that many are already using, such as PowerCLI or Ansible.

Runecast is among a select few tools that give companies visibility to security and compliance issues in their Kubernetes clusters. As you can see below, SecOps and IT Ops can filter based on the severity of the problems discovered and a specific compliance profile.

Scanning a Kubernetes cluster with Runecast 6.1

Scanning a Kubernetes cluster with Runecast 6.1

Vulnerability management and assessment

Finding vulnerabilities in your environment before the bad guys do is a neverending task that is tedious and ineffective if left to manual means. Without a vulnerability management tool, it is arguably impossible to stay ahead of vulnerabilities and improper security configurations across a wide range of infrastructures.

Here again, Runecast provides a great tool to help with this task. Instead of having to log into multiple dashboards and use different tools and logic to find vulnerabilities, Runecast aggregates all of this for you into the Runecast console. It enables seeing vulnerable or insecure configurations in VMware, Azure, AWS, Kubernetes, Windows, or Linux in private and public clouds.

You can configure automatic scans hourly, daily, weekly, or at custom times that align with your business, providing security teams with visibility into vulnerabilities.

Runecast provides automatic scans across your infrastructure estate

Runecast provides automatic scans across your infrastructure estate


One of the most impressive features of Runecast for organizations is its ability to show you documented best practices, bugs, vulnerabilities, and security guidelines for a specific technology. It uses a proprietary AI-based rules engine that captures all vendor and compliance framework findings in a single location.

Instead of finding out about a best practice or security configuration after a breach or other environmental issue, IT Operations can handle the findings proactively. Its proactive rules engine enables the continuous scanning of environments to provide health and risk analysis in multicloud or hybrid cloud deployments.

It also allows IT Ops to view configuration drift in the environment. Misconfigurations often account for security breaches or infrastructure downtime. As mentioned earlier, Runecast 6.1 generates remediation scripts for automated remediation.

Subscribe to 4sysops newsletter!

Generating remediation scripts for misconfigurations using Runecast 6.1

Generating remediation scripts for misconfigurations using Runecast 6.1

Wrapping up and impressions

Runecast 6.1 has evolved into a true enterprise solution, providing a single pane of glass for security, compliance, security posture management, cloud security, Kubernetes best practices and security, and many other use cases. CISOs and SecOps teams face a monumental challenge to both secure and govern the operation and security of business-critical infrastructure across multiple infrastructure landscapes, both on-premises and in the cloud. When using traditional or native tools, this is an impossible task. Runecast brings everything together into a unified, seamless solution, taking the complexity and challenges out of security and compliance across multi- and hybrid clouds.


Leave a reply

Your email address will not be published. Required fields are marked *


© 4sysops 2006 - 2023


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account