Runecast Cloud Security Posture Management v6.2

Runecast Cloud Security Posture Management (CSPM) a.k.a Runecast Analyzer version 6.2 was released earlier this week. I’d say that the most important feature in this release is the support for Google Cloud Platform (GCP) which includes CIS compliance, configuration tracking and best practices analyses.

Picture borrowed from the official Runecast web page

With GCP added to Runecasts management capabilities you can keep your application, services and workloads secured via just one user interface (UI) across both public cloud and as on-premises including:

  • AWS
  • Azure
  • GCP
  • Kubernetes
  • VMware
  • Windows Operating System
  • Linux Distributions

This will allow your organization to save time (operating one instead of multiple solutions) and cost including licenses, education & day2 operations

Let’s discuss some of the new and or update capabilities with 6.2


Keep your deployment process secure and your test, development & production images free from vulnerabilities via the Kubernetes Admission Controller integration. Manually scanning images is also possible and Runecast can perform scans at both the K8s cluster & node levels.

Picture borrowed from the official Runecast web page

Better Security for Infrastructure and OS

Proactive Protection includes new security profiles and new standards. Operating System security brings BSI IT-Grundschutz for Windows Operating system in addition to DISA STIG (also updated with version 6.2), CIS Benchmarks, latest Microsoft CVEs & Linux vulnerabilities plus vulnerability scanning & configuration analysis. Infrastructure Security includes e.g. NIST profiles for Azure, DISA STIG for VMware vSphere 7.

Open ID Connect (OIDC)

Runecast now integrates with OpenID Connect which is a bit more API friendly compared to OpenID 2.0.

Picture borrowed from the official Runecast web page

Useful links