Bryan Hutchinson
Security compliance checks
Security and Compliance
In this article:

Runecast platform has been designed with customer input from numerous military and defense-sector organizations. It is the only product on the market that enables defense-sector organizations to achieve the following in online and air-gapped environments from a single easy-to-use interface:

  • Proactive elimination of outage risks & latent issues in key IT infrastructure
  • Automated continuous security compliance monitoring, reporting, remediation, and historical analysis against all common standards including DISA STIG and “draft” vSphere STIGs
  • Vulnerability Management incorporating CISA KEV and Exploit Kit availability catalogs
  • Configuration Management including baseline comparisons and historical drift monitoring
  • Automated VMware HCL compliance checks and ESXi upgrade simulations
  • VMware Capacity Management
  • Targeted VMware Log Analysis
  • Consolidation of disparate tools across different technologies to provide a single and  unified view across all core infrastructure, including virtualized, containerized, hybrid and public cloud environments

Runecast covers VMware, Windows, Linux, Kubernetes, AWS, Azure, and GCP environments with the following proactive automation:

Security and Compliance

Runecast automates continuous security compliance monitoring, reporting, remediation, and historical analysis against many different security standards, including DISA STIG and “draft STIGS” in vSphere, Windows and Linux environments with exports in CKL, PDF & CSV format, and auto-populating remediation scripts for many STIG controls. 

Importantly, Runecast automates more processes for STIG compliance than any other product on the market. It automates answers for more STIG contols than other products, and includes CKL-format exports for reporting directly in STIG Viewer without any additional manual effort. The fast-growing volume of auto-populating remediation scripts enables mass remediation of STIG non-compliances to further reduce manual workloads and compliance-related IT-hours.

As DISA typically only releases official STIGs towards the end of a vSphere version’s lifecycle, we also support the “draft” vSphere STIGs (VMware vSphere STIG Readiness Guides) for customers running the latest versions of vSphere.

With Runecast’s continuous security compliance automation, customers do not need to “prepare” for security compliance audits as they are able to achieve and prove “audit-readiness” on a daily basis and export all necessary reporting data at any time. Runecast’s retention of all historical data enables users to export historical evidence of their compliance posture for any user-defined historical period.

Many non-US military customers have developed their own security standards based upon DISA STIGs. Runecast allows them to quickly modify the checks in any security standard (including DISA STIGs) to create their own user-defined security standard which they can scan against. 

In Kubernetes environments, Runecast supports vulnerability assessments and CI/CD integration. This enables automatic scans of Kubernetes clusters for security, availability, performance and manageability best practices as well as monitoring and detecting changes in cluster configurations.  All vulnerability information is provided in a convenient form, no individual command line scanning is required. You can integrate with Kubernetes admission controller and your CI/CD pipeline to make image scanning part of your build process.

Vulnerability management

Runecast automates vulnerability scanning incorporating CISA’s Known Exploited Vulnerabilities (KEV) catalog and also alerts if an Exploit Kit is available for any vulnerability. This helps with triage and prioritization in remediation.

Configuration management

Runecast tracks any changes in configurations and allows you to easily monitor against user-defined baselines and historical drift. This includes being able to see who made specific changes and when.

Proactive latent issue detection in VMware

Runecast constantly scans your VMware environments against the latest version of the VMware Knowledge Base (KB), proactively identifying any latent exposure to KB articles so you can remediate issues before they impact the environment. This eliminates troubleshooting and firefighting IT-hours while mitigating outage risks on mission-critical infrastructure.

Best Practices auditing

Runecast constantly scans all environments against Best Practices and proactively alerts you whenever a best practice has been deviated from so it can quickly be rectified. This ensures more stable infrastructure.

VMware HCL auditing and automated ESXi upgrade planning

Runecast constantly scans your VMware environments against the latest version of the VMware HCL to immediately alert you whenever you are non-compliant, right down to firmware and driver levels. It also automates upgrade simulations against any ESXi version to instantly show what non-compliances would arise if the upgrade went ahead. This saves huge amounts of time and eliminates outage risks and issues when upgrading VMware infrastructure.

Targeted VMware log analysis

Runecast’s targeted VMware log analysis automatically finds the “needle-in-the-haystack” that typically consumes so much time for Engineers. Every time you run a scan, Runecast correlates all your VMware logs against the VMware Knowledge Base and immediately identifies any exposure to KB articles. We also provide a tool that quickly identifies any problematic behavior in VMware logs not covered by the VMware Knowledge Base.

VMware Capacity Management

Runecast provides Capacity Management functionality for VMware environments that reports resource use for every VMware cluster's CPU/memory including overcommitment ratios and predictive trends providing insights into likely future utilization changes. In-depth data on each cluster enables further assessment of capacity metrics and by simulating potential host failures, you can strategize upcoming workload placements to determine the most suitable cluster for your upcoming projects.

Enterprise Console

Built to the specifications of one of our largest military customers, this feature allows you to deploy multiple Runecast appliances and then link them back to any Runecast instance to create a central monitoring dashboard. Military users often use it for monitoring mobile data centers (including ships etc.) from a central HQ SOC base via uploads over intermittent secure satellite connection.


Runecast incluudes out-of-the-box integrations with ServiceNow, Jira, and the vSphere Client. The latter provides access to all Runecast data directly in the vSphere Client where VMware engineers are most often working. There is also a comprehensive Rest API fully documented within the product in swagger format.

Role Based Access Control

Runecast allows you to assign individual users “read-only” or “admin” rights and limit which systems they have access to.

General product features

Runecast is a purpose-built single platform spanning most core infrastructure technologies, it’s not different tools “bolted” together. This means you can monitor all supported technologies seamlessly from a single and very-easy-to use UI with excellent reporting capabilities.

The product is designed from the ground up to be compatible with air-gapped deployments, so an internet connection is not required and for air-gapped sites we offer two fast update options.

It deploys natively into any of the environments we support and for defense-sector users that is typically a VMware on-premises deployment as a virtual appliance. You can monitor any connected environments with the same appliance (e.g. you could monitor AWS from an on-prem VMware deployment as long as there is a network connection, or visa versa).

The deployment takes just minutes and there is no learning curve, so training is not required. Runecast never uploads any data from any environments in which it’s deployed, unless the user manually opts to send anonymized data back to Runecast to help with development.

In most cases, Runecast works through APIs to collect data. The only case where we currently need to use agents is for Windows and Linux. The agent we use for this is open-source “OSQuery” but in H2 of this year (2023) we will introduce an agentless solution for Windows and Linux.

We provide zero-touch remediation scripts for hundreds of issues and non-compliances, including DISA STIG compliance checks (where scripted remediation is possible). The scripts can be used to mass-remediate and are auto-populated with the correct specific names of inventory objects, so they don’t need to be edited before they are run. 

Runecast includes very easy-to-use, granular, and flexible filtering capabilities at many different levels. This includes being able to filter out any specific checks against different inventory objects.

Most importantly, Runecast retains all scans in the appliance that is running on-premises (or in your cloud environments) to enable easy analysis of historical data at any depth.

Our licensing is subscription-based and volume-tiered. We license each supported technology stack separately (e.g. VMware, Kubernetes, OS, AWS, Azure, GCP) and you get all the functionality for any tech stack in the same license (e.g. if you subscribe to a “VMware” license you get all the functionality we offer in VMware environments). You can apply multiple licenses to the same Runecast appliance, so you can monitor all supported technologies from the same appliance.

Meet other Runecasters here:

Get a demo

Would you like to see more of what Runecast can do for you? Schedule a demo and we'll pair you with our specialist.

Get a 1:1 demo