How to empower IT Sec and Ops teams to predict and solve IT problems

Every IT system administrator knows the difficulty of dealing with a problem where the root cause takes hours (and sometimes days) to dig, while the part of the IT infrastructure entrusted to them is not available to users, open to attack, or not complying with mandatory security standards.

Digging into vast stacks of online documentation – knowledge base articles, technical details, best practices, security guidelines, forum posts – they will eventually lead to the right answer, but at what cost ?

As virtualization professionals and former IBMers dedicated to managing VMware environments for the company’s customers, the founders of Runecast knew the pain (and cost) well. So, in 2014, they set out to build a platform that they themselves wanted to have when they worked at the company.


The question of how to increase transparency and unified visibility across all platforms across a broader company’s technology stack is a most difficult point facing not only security and IT operations teams, but also CISOs and CIO.

IT Sec Ops platform

Runecast is a patented enterprise IT platform created for administrators, by administrators, and tailored to the needs of the teams and leaders of that enterprise.

Most importantly, however, it is a proactive platform that aims to help IT admins anticipate potential problems before they become a headache and fix potential issues before they lead to service delays or exploitative vulnerabilities.

The goal can be seen in the company name and on the platform: the casting (casting) of rune stones is how some cultures try to predict the future that will happen if no change is made in the present. Runecast Analyzer does exactly this, and then provides actionable solutions to avoid harmful situations.

Its power lies in Runecast AI Knowledge Automation (RAIKA), a technology that uses natural language processing (NLP) to crawl and analyze the previously mentioned mountain of available unstructured knowledge resources to make the rules machine readable.

RAIKA covers many different resources: knowledge-based articles, online documentation, forums, blog posts, and even curated Twitter accounts of influencers.

“There are‘ influencers ’in the virtualization community who post articles or tweet about specific problems before they are even officially recognized by the vendor,” said Stanimir Markov, one of Runecast’s co-founders and current CEO, at Help Net Security, and pointed out that that is one of the things that allows Runecast to be proactive.

Some of these knowledge sources are more organized (e.g., hardware compatibility lists) and some are less so (e.g., blog posts or knowledge base articles), he explained. In the former case, making rules was completely automated, but in the end, the rules were validated by people to make sure they weren’t sending the wrong rules to customers.

IT Sec Ops platform

RAIKA provides the rules with Runecast Analyzer’s patented rules engine, which analyzes millions of interrelated objects that represent an organization’s IT infrastructure and, based on the rules RAIKA makes, excludes groups of objects that cohesive with dangerous configurations that can cause a server to crash, a vulnerability to crop up, or not following a security framework.

It all happens seamlessly in the background, and the results are automated and proactive guidelines for IT administrators to act on.

A platform to secure everything

Runecast Analyzer was initially a VMware-specific analytics tool, but as more organizations began using cloud services and containers, Runecast decided to transform it into a platform that allows administrators to analyze and manage the security posture of their:

  • On-prem VMware environment
  • Private and/or public cloud (AWS, Azure, VMware to AWS)
  • Kubernetes clusters, and
  • Windows and Linux machines (on-prem or in a public cloud, physical or virtual).

The Runecast dashboard displays a full hybrid IT environment, showing the most critical areas that should be prioritized, so the team knows what to do next.

Runecast Analyzer is used by security and IT operations teams for simulating and planning infrastructure upgrades, troubleshooting, fixing incorrect configurations and for vulnerability management and remediation through standard tooling such as of PowerCLI, Ansible, or AWS CLI and has automatically generated and well -documented scripts/playbooks.

“They can choose to run those scripts and playbooks right away or schedule them to run in the next maintenance window. Our experience as admins has taught us that sometimes it’s hard to approve changes because everyone needs to know “stakeholders know exactly what will happen during the change. That is why it is very important that the scripts generated by Runecast are well documented: stakeholders can easily see exactly what the scripts will do and the changes will be easier to approve.” said Markov.

Other out-of-the box plugins allow it to work with VMware vCenter Server and ServiceNow (to automate ticket creation). There is also a completely peaceful API that can be used to retrieve information from Runecast, to run a review or take other actions.

Ultimately, it’s all focused on allowing administrators to work from the interfaces they already use.

A CSPM solution like no other

The fact that Runecast Analyzer covers VMware, AWS, Azure, Kubernetes, Windows and Linux sets it apart from similar offerings out there. Organizations don’t need to take a cloud security posture management (CSPM) product for their cloud (s) and then another IT operations or security solution for their on-prem environment-they can just use Runecast for there.

The speed of its deployment also accentuates this.

“It shouldn’t take more than 10 to 15 minutes to deploy it, connect it to your infrastructure and start seeing results. Runecast comes as a preconfigured, pre-installed virtual appliance, and you can turn it on.” deployed in your area or in the cloud, ”Markov explains.

Another big difference is the full offline capability of the platform. Runecast does not upload any data outside the customer’s organization, and it can run in places where there is no internet connection, making it the ideal solution for organizations in financial services, government, and military.

“You can deploy the Runecast virtual appliance on AWS, but this is your AWS space, not one of our AWS servers, and nothing will appear in your organization,” he clarified.

Finally, the platform also allows organizations to monitor their level of compliance and the adoption of specific regulatory standards-CIS CSC, GDPR, HIPAA, PCI DSS, DISA STIG, NIST, BSI IT-Grundschutz, ISO 27001 , etc. – throughout their estate and to be alert when compliance gaps appear.

“This is how you can continue to monitor your security posture and, while we offer a historical look at the reports, any time you have an audit you can easily verify your compliance over time,” he added. .

The future of Runecast

Due to a niche of demand within VMware environments, Runecast received a seed round of funding before recognizing its innovation in 2019 using the European Union’s Horizon 2020 grant, for expanding its scope to further mission-critical IT environment. In 2020, it was named Gartner Cool Vendor, and won the Computing awards for Cloud Security Product of the Year and Best Place to Work in Digital.

Businesses such as Avast, DocuSign, and the German Aerospace Center rely on Runecast for proactive risk reduction, security compliance, operational efficiency and mission -critical stability.

Runecast is always working on improving its platform. The latest additions are OS analysis capability (Windows and Linux), and Config Vault, a feature that allows admins to prevent configuration drift.

In large and complex environments, it is easy to forget what environmental changes have been made by the many employees and consultants who are allowed to make them. The Config Vault maintains all configuration data that Runecast collects in each review, allowing admins and security teams to see if anything has changed. They can also define a “golden baseline” and be alerted when deviations are detected from it, as well as check how consistently their servers are configured.

Plans for the platform’s future include more compliance standards that customers can scan their infrastructure, new OS testing capabilities, and a strengthened Kubernetes offer.

“Compared to other technologies out there, Kubernetes is still relatively new, and admins and DevOps people are still learning the best security practices. One of the key additions we plan to release soon is the Shift Left capability, which shifts security earlier in the development stage. So not only can Runecast scan the clusters and containers you currently have, but it will also be able to scan the templates you use and integrate that into your CI/CD pipeline. That way you can be sure even before deploying the containers that they are fully compliant with best security practices, ”Markov shared.

The overall plan for Runecast Analyzer can be structured as “Runecast for everyone,” so customers can expect support for other technologies, public clouds, and applications.

The lines that define organizations ’IT infrastructures are becoming blurred day by day, and the increasing complexity of them is making it impossible for IT system administrators to manage and manage it correctly without help. from automation.

Runecast Analyzer aims to make the lives of IT system admins easier by allowing them to be proactive, to deal with problems instead of spending hours and days putting out fires, by and let them concentrate on optimizing the hybrid IT environments needed for the business.

#empower #Sec #Ops #teams #predict #solve #problems #Source Link #How to empower IT Sec and Ops teams to predict and solve IT problems

Leave a Comment