Cyber Essentials Security Standard & ServiceNow Support

Runecast today releases version 4.7.5.0 of its popular Runecast Analyzer, adding support for the Cyber Essentials standard for VMware workloads. This new standard complements the already released audits for compliance with DISA STIG, PCI-DSS, HIPAA, CIS, NIST, BSI IT-Grundschutz, ISO 27001 and the VMware Security Configuration Guide, providing the most comprehensive set of security compliance checks on the market for VMware workloads. Today also sees the launch of a Runecast plugin for ServiceNow, to enable tickets to be automatically generated and assigned in ServiceNow when findings are seen in Runecast Analyzer. 

What is Cyber Essentials?

If you work in the UK public sector or your business operates in conjunction with such, you’re likely to be aware of the Cyber Essentials security standard. Cyber Essentials was set up by the UK Government in conjunction with the Information Assurance for Small & Medium Enterprises (IASME) and the Information Security Forum (ISF) and was launched on the 5th of June 2014.

As of October 1st 2014, the UK Government mandates all suppliers bidding for contracts involving handling certain sensitive and personal information be Cyber Essentials Certified.

Cyber Essentials guides on a number of fundamentals of information security, with a focus on securing the largest attack vector – services exposed to the internet. It covers the following areas.

  • Boundary firewalls and internet gateways
  • Secure configuration
  • User access control
  • Malware protection
  • Patch management

There are two tiers of Cyber Essentials certification: the base level (called Cyber Essentials) requires that a business complete a self-assessment and submit a payment to the IASME certifying board. The higher Cyber Essentials Plus certification mandates the same protections and controls be in place. Still, it involves an assessor carrying out a technical audit of systems, end-user devices, internet gateways and services exposed to unauthenticated users over the internet. The costs involved in the Cyber Essentials Plus audit vary dependent on the size and complexity of the organization’s network. With Runecast Analyzer, you can get ahead of the auditors by scanning in advance, remediating the findings and ensuring that you pass the audit first time!

Who needs Cyber Essentials?

While Cyber Essentials is developed and administered in the United Kingdom, it is by no means only used there. As mentioned earlier, any organisation bidding for work for the UK government is likely to require certification, and the low barrier to entry by allowing self-assessment means that organizations worldwide are certified.

How does Cyber Essentials compare with other regulatory standards?

Cyber Essentials is focussed on getting the basics right, and as such has a significantly smaller scope than other standards, such as ISO 27001:2013, PCI-DSS and DISA STIG. By keeping the scope of works small and focussed, it is more likely to be attainable by smaller organisations with smaller IT departments. By requiring this certification to bid on UK Government contracts, this kind of approach helps to move the needle in the correct direction by helping organisations ensure that they have technologies, policies, and procedures that ensure greater security of UK citizens’ data throughout the supply chain.

As of today, Runecast Analyzer (version 4.7.5.0) adds automated audits and reporting for Cyber Essentials compliance in vSphere environments. 


ServiceNow Integration

ServiceNow is one of the most popular IT Service Management (ITSM) tools available, and a frequent ask from our customers is the capability to integrate Runecast Analyzer into their ServiceNow instance. Today, we answer this call, with a plugin for ServiceNow that can generate and assign support tickets based on new findings for vSphere, NSX-V, NSX-T, vSAN and Horizon.

Whether the ServiceNow instance is deployed on-premises or in the cloud, the ServiceNow architecture leverages the MID (Management, Instrumentation, Discovery) server to communicate with and move data between the ServiceNow platform and other applications, data sources and services. The MID server is a Java-based UNIX daemon or Windows service.  Once the Runecast plugin file is deployed to the ServiceNow platform and configured with the details of the location and API access token of the Runecast Analyzer, the MID server pulls the config. It initiates a period poll of the Runecast Analyzer instance. At this point, your ServiceNow integration is complete.

On each poll from the plugin, the data for each finding is compared against the previous poll, and where there is a change, a ticket can be created or updated in ServiceNow instance via the ServiceNow REST API. The only new connectivity requirement is from the MID server to the Runecast Analyzer REST API (on TCP 443) because of the architecture involved. Where the MID server was not already deployed, this can be installed on either Linux or Windows, and outbound connectivity will also be required from this server to the ServiceNow instance. A read-only API access token is required from the RCA instance for authentication.


The Runecast Analyzer ServiceNow plugin is available for download now from the Runecast customer portal.

Runecast Analyzer helps you to get a crystal clear view of your organisation’s cyber security level and identify potential gaps before they cause any issues or audit failures. Try it free in your environment and let us know what you think (you can tell us from directly within the Analyzer’s UI).

Get a free 14-day trial of Runecast

Try Runecast Analyzer's secure, on-premises cloud transparency in your VMware, AWS & Kubernetes environment free for 14 days.

Download Free Trial
About the Author | Kev Johnson

Kev is a time-served sysadmin, technology consultant, and 5-time vExpert. Prior to joining Runecast as Systems Engineer, he was the Technical Marketing Architect for vSphere Lifecycle at VMware. Outside of work, his passions are Scottish football, cheese, craft beers, travel, and spicy foods. You can find Kev at his blog https://v-it.pro and also as a co-host on the OpenTechCast podcast. Find him on Twitter @kev_johnson.

No items found.
All Blog articles