Vice President - Infrastructure & Security at Oman Airports
Automate Your Cyber Essentials Compliance with Runecast
About Cyber Essentials Compliance
Cyber Essentials is a simple but effective, UK government-backed scheme that will help you to protect your organization, whatever its size, against a whole range of the most common cyber attacks. Its controls provide guidance on the basics that can be done to prevent the most common attacks. In doing so, it’s possible to avoid being seen as a low-hanging fruit by attackers looking for minimal-effort opportunities.
Cyber Essentials certification comes in 2 flavours: the basic Cyber Essentials certification, and the enhanced Cyber Essentials Plus. The non-plus version requires an organization to complete a self-assessment (though you are required to provide evidence as to your responses), whereas the Plus variant requires the same basic self assessment, which then goes through a hands-on technical validation by an assessor from the IASME consortium. There are no extra controls required for Plus certification, only the validation method differs.
If you would like to bid for UK central government contracts which involve handling sensitive and personal information or the provision of certain technical products and services, you will require Cyber Essentials Certification. In doing this, the UK Government aims to reduce risk throughout it’s supply chain.
Cyber Essentials provides guidance that can be broken down into 5 technical control themes:
- Firewalls – as the majority of attacks originate from the internet, ensuring a trusted and secure border is important
- Secure Configuration – this includes minimizing attack surfaces, disabling unused services, using TLS certificates where possible and using secure vs plaintext protocols
- User Access Control – covering things like ensuring least privilege, having admins login with regular accounts and escalate privileges only when required. Granting Domain Admin access to all and sundry will trip you up here, and rightly so!
- Malware Protection – Malware protection throughout your organization, including end-user devices, servers and and the internet boundary
- Security Update Management – plainly put: patching. Making sure that you’re closing vulnerability gaps by applying patches in a timely and organized fashion.
The process of checking for compliance within your VMware environments can be arduous and costly, and any kind of manual checks are subject to human error, so it is important to automate as much as possible.
Runecast is a patented enterprise IT platform that provides IT ops and security teams one platform for configuration monitoring, vulnerability management, security compliance, remediation, upgrade planning and reporting.
- Disruptive, patented solution that automates proactive analysis of logs, configuration drift, and security posture within your environment.
- Simple, lightweight platform that is super-easy to deploy and operates securely on-premises (no data needs to leave your control) to provide you with remediation steps before any issues can lead to a PSOD or downtime.
- Operational transparency and best practices alignment
- Real-time configuration management, vulnerability scanning and security compliance audits
- Freed up team resources (to work proactively on growth drivers)
How Runecast helps you to be audit-ready
Runecast Analyzer automates the process of checking VMware vSphere resources for compliance against the Cyber Essentials standard – over 20 cross-referenced checks. Each finding maps to a specific Cyber Essentials technical control theme, and as with all other standards covered within Runecast Analyzer, we show the details not only of all of the impacted objects, but also both the wording from the standard and a technical translation, as well as details of how to manually audit the finding and remediate any non-compliances.
With Runecast Analyzer, you get year-round, 24/7 visibility into your audit compliance posture. It allows you to get immediate visibility into risks and non-compliances inherent in your environment, allowing you to identify gaps between where you are and a fully compliant state, and also show as soon as any objects move out of compliance.
The solution runs entirely on-premises, with no data leaving your control. All analysis takes place on the Runecast Analyzer appliance. Move to a more proactive way of handling your compliance requirements!