The latest release of Runecast Analyzer 4.1 has been released recently and brought an interesting feature that allows you to run automated CIS Benchmarks. One might ask what is CIS Benchmarks? Those are industry-standard checks which are making sure that your infrastructure is secured against known security vulnerabilities. Runecast Analyzer 4.1 and Center for Internet Security (CIS) can analyze your environment for any security risk according to CIS standards, and report you on any issues.
Outside of CIS standards, Runecast Analyzer can already execute rules from other security standards, such as HIPAA, PCI DSS, DISA STIG, GDPR or BSI IT-Grundschut.
We have reviewed the product in our detailed product review here – Runecast Analyzer Product Review 2019. Runecast provides VMware knowledge base articles, best practices, and security hardening recommendations that are constantly updated and centralized, and present them within the dashboard showing you whether your environment has issues or not.
After VMware vSphere, there has been Horizon View added where you can scan and analyze your Horizon infrastructure to have a complete analysis of the deployment status and health. So Runecast analyzer is now compatible with VMware vSphere/vSAN/NSX/Horizon and AWS IAM/EC2/VPC/S3.
Screenshot from the lab where you'll see how to activate the different security profiles. (Not all of them has to be active if you don't need them).
Quote from Runecast:
Center for Internet Security (CIS) is an industry-standard for secure configuration guidance. CIS Benchmarks, also known as CIS Security Standards for VMware, have been added to the expanding list of compliance standards available in Runecast Analyzer. The recently added feature gives admins an automated way to ensure that their networks are fully compliant with the latest security standards, benchmarks and checklists from CIS.
How does it work?
The product, after downloading the latest security checklist from internet, executes the checks on-prem so there are no sensitive data leaving outside. In fact, once you update the Runecast appliance (update available via offline bundle too) the product can work without internet connection.
Runecast has automated checks which are performed on schedule. The results can be delivered by e-mail or shown on the Runecast main dashboard. Example of a screenshot from Runecast on L1TF (Note: vulnerability is named “L1 Terminal Fault” or L1TF. The main difference from Spectre/Meltdown is that this vulnerability only affects Intel processors)
As you can see, Runecast detects which hosts are affected and provides you with a detailed solution on how to mitigate the risk.
Runecast is also able to check VMware logs. You can set the Runecast appliance IP as ESXi syslog destination. If you already have another syslog server, you can just add the Runecast IP as a secondary destination from within the Runecast User interface.
There is a possibility to use the RESTful API or the Runecast vRO plugin for further integrations with vRO workloads.
You should follow VMware best practices for configuration, security, on a daily basis. How to proceed without much work? When you want to follow VMware best practices, hardening guidelines and also VMware hardware compatibility list (HCL) concerning compatible hardware, firmware or drivers and you don't want to spend hours on VMware HCL website, you have Runecast which can do the heavy work for you.
It can notify you about the differences in your configuration and what's recommended in all those KBs so you just need to apply them to your infrastructure. Yes, it is a manual step, but it takes off like 80% of the “search and compares work” which you would have to do to find out about your virtual infrastructure anyway.
Source: Runecast Blog post.
Download 14 Days trial of Runecast here.
More from ESX Virtualization
- 5 Ways to Change Hostname of your ESXi host
- How To Disable Timeout on your ESXi Host Client – The Easy Way [Tip]
- How to reset ESXi 6.x root password and under which conditions
- VMware API Explorer Is a Free Built-in Utility in VCSA
- V2V Migration with VMware – 5 Top Tips
- ESXi Free Version – 3 Ways to Clone a VM
- What is ESXi Compatibility Checker?
- How To SlipStream Latest VMware ESXi patches into an Installation ESXi ISO File