Since the launch of Runecast Analyzer 1.0 back in 2015, there have been many, many new features added over the course of hundreds of releases. In the beginning, the core functionality was proactively analysing VMware environments to highlight latent risks documented in the VMware Knowledge Base.
From there, subsequent releases have added HCL analysis for vSphere, Best Practices checks for many different technologies, many, many compliance checks for regulatory standards (and the capability to customise these to meet your needs). Finally, with Runecast Analyzer 4.0, there was the addition of AWS coverage – the world’s most popular public cloud.
Version 4.0 shipped in December 2019, and since then, the demand for new standards for AWS coverage has been high. Runecast is a highly responsive company, and the roadmap for Runecast Analyzer has often been shaped based on customer feedback. Almost as soon as Runecast added AWS support, the obvious question was “what’s next?”
Today, we are proud to announce the addition of support for Microsoft Azure into Runecast Analyzer.
Microsoft’s Azure public cloud was a little later to the party when compared to the dominant Amazon Web Services, but is growing market share aggressively, especially where organisations have typically consumed Microsoft’s software in the form of an Enterprise License Agreement. According to research published in October 2020 by Synergy Research Group, AWS currently holds 33% of the public cloud market, with Azure following closely behind at over 18%. Azure has been growing aggressively and continues to close the gap.
What does this look like?
In line with our integrations with other technologies, we start with the most commonly requested functionality: best practices and the latest CIS benchmark. CIS benchmarks have consistently been among the most requested knowledge profiles when discussing new technologies, and we roll out the CIS benchmark 1.3.0 for Azure with 96 checks in total. There’s a brand new dashboard focussed specifically on Azure services. Obviously, all of the Azure functionality rolls up into the global view, too, so you can see everything at the high level and dive all the way into specific services if that’s what you need.
As you can see from the new Azure dashboard, the supported services are broken down into Compute & Containers, Storage & Databases, Network & Security and Users & Roles.
Connecting Runecast Analyzer to your Azure account is super simple: you create an Application ID & Client Secret in your Azure Directory, then drop the details into the wizard. Hit Continue, and so long as connectivity is good, you’ll see your new Azure tenant in the connected systems, ready for analysis.
Runecast has worked closely for some time now with the Center for Internet Security – Analyzer is already CIS certified for the AWS and VMware benchmarks. Work is going on behind the scenes to finalise certification for the Kubernetes and now the Azure coverage.
Beyond this, there are several best practices for Azure, as detailed by Microsoft.
What is covered?
Runecast Analyzer covers every check included in the CIS benchmark for Azure and several best practices. These cover the following services:
- Azure Active Directory
- Azure App Services
- AKS (Azure Kubernetes Service)
- Key Vault
- MySQL Server
- Network Security Groups
- PostgreSQL Server
- SQL Server
- Storage Accounts
- Virtual Machines
As with the other technologies that Runecast Analyzer provides proactive analytics for, expect the lists of supported services and regulatory standards to grow over time. Obviously, as this happens, the number of checks performed will grow!
How Do I Get This?
In line with the AWS and Kubernetes functionality, the Azure functionality is licensed as a separate module in Runecast Analyzer. This provides the flexibility to license only the technologies relevant to your needs – it makes no sense to require customers to license VMware technologies if they’re not using VMware! You can find pricing details on our Licensing & Pricing page.
New Deployment Models!
In addition to the coverage for Microsoft Azure, I wanted to draw your attention to a couple of new options available for deployment. While historically, Runecast Analyzer has always been VMware focussed, as we introduced more technologies, we have intended that customers consume the product on their platform of choice. With this in mind, I’m delighted to confirm that Runecast Analyzer is now available to deploy natively to Amazon Web Services through the AWS Marketplace. It’s also possible to deploy Runecast Analyzer directly to Kubernetes (everybody drink!), using our Helm chart. Deployment instructions are all detailed in our new Docs platform, at https://docs.runecast.com.
In this world of constant change, one thing that is a reassuring constant is the need for security. A perfect example of this is the cyber attack on the Australian Channel 9 TV station. While details are thin on the ground at present, the impact has been high, with live broadcasts disrupted throughout the last few days. The Australian Cyber Security Centre has for some time now maintained guidance on how to improve your security posture. Essential 8 is this guidance - think of it as a little similar to Cyber Essentials in the UK, in as much as it covers the basics to help improve the baseline security posture with a minimal degree of effort. It isn’t as in-depth as the likes of ISO27001 and DISA STIG, but it’ll help to protect you against the vast majority of attacks by getting the basics right. With the release of Runecast Analyzer 5.0, we see the addition of Essential 8 as a knowledge profile for vSphere. Be sure to enable this in Settings > Knowledge Profiles.
Take a deep dive into the new functionality within Runecast Analyzer 5.0. Watch a webinar on Best practices & security analysis of Microsoft Azure, featuring Kev Johnson and Stan Markov.
Read our release overview article, to see what else is new in Runecast Analyzer 5.0!
Meet other Runecasters here:
Register for a free trial
Our customers and partners tell us that, once they tried Runecast Analyzer, they couldn’t afford NOT to use it in their tech stack.