Runecast Solutions Ltd., a leading provider of a cloud-native application protection platform (CNAPP) for virtualized, hybrid and multi-cloud environments, is pleased to announce its inclusion in the U.S. Cybersecurity & Infrastructure Security Agency (CISA) K-12 Online Toolkit.
The CISA K-12 Toolkit provides recommendations and resources to help IT professionals “build, operate, and maintain resilient cybersecurity programs” for their school district IT environments. The toolkit also offers free cybersecurity trainings and resources available for the K-12 community. CISA states:
“K-12 organizations are under continued threat from malicious cyber actors, and real-world incidents have demonstrated potentially significant impacts on students, school personnel, and communities[...] To help schools address these cybersecurity risks, CISA developed a report with recommendations and cybersecurity guidelines for leaders in the K-12 community. The report and this corresponding toolkit are designed to help K-12 schools and school districts most effectively reduce their cybersecurity risks.”
CISA Report Recommendations
The report (PDF) details what it calls Highest Priority Security Controls, as well as Additional High Priority Security Controls, which include minimizing exposure, awareness and training campaigns, near-term investment prioritization, and leveraging the NIST Cybersecurity Framework (CSF). However, the Highest Priority Security Controls are as follows:
- Implement multifactor authentication (MFA)
- Identify and fix known security flaws, prioritizing those that are being actively used by malicious actors
- Perform and test backups
- Develop and exercise a cyber incident response plan
As part of the second highest priority, identifying and remediating known security vulnerabilities (related to Cybersecurity Performance Goal 5.1), CISA urges IT professionals to:
“Prioritize remediation of vulnerabilities listed in CISA’s Known Exploited Vulnerabilities (KEV) Catalog, either by signing up for recurring updates when new vulnerabilities are added or by using a third-party service that automatically identifies the presence of vulnerabilities on the KEV catalog, including but not limited to Palo Alto Networks Cortex, Tenable Nessus, Runecast, Qualys VMDR, Wiz, Rapid7 InsightVM, and Rapid7 Nexpose.”
According to Markus Strauss, Chief Product Officer at Runecast, “By prioritizing the remediation of previously exploited vulnerabilities, organizations can effectively minimize the risk of a security breach. It's critical for CISOs and IT teams to proactively identify and remediate these vulnerabilities as a part of their regular security maintenance program.”
The Future: Proactivity and Consolidation
These shifts toward proactive approaches are not going unnoticed. IT professionals routinely bemoan the long and unpredictable hours required for firefighting and other reactive approaches (for example when planning upgrades or preparing for audits). As a result, organizations are increasingly looking toward proactive platforms for vulnerability assessment, security compliance, configuration management and proactive ITOM.
As well, organizations are beginning to consolidate their many disparate toolsets – often with large gaps or overlaps, both of which can be costly – into single-platform solutions for proactively mitigating threats and ensuring compliance. Some solutions like Runecast have transformed to provide coverage for on-premises, hybrid and multi-cloud environments alike, reflecting the complex evolutions in customer requirements.
Vulnerability Management with Runecast
Vulnerability management requires a more proactive approach – automatically detecting vulnerabilities as they become known. You can view known vulnerabilities in many public sources, such as the United States government's National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD), where they are available for review. Runecast was one of the first security platforms to include coverage for the CISA catalog of Known Exploited Vulnerabilities (KEVs), using Runecast AI Knowledge Automation (RAIKA), Natural Language Processing (NLP), Machine Learning (ML) and a patented rules engine – for the proactive discovery of vulnerabilities, misconfigurations, and any non-compliance with common security standards and vendor best practices. “It's important to view improving and maintaining your cybersecurity posture as an ongoing initiative, not a one-time effort with a fixed endpoint,” Strauss said. “Consistently integrating cybersecurity measures and procedures into your daily processes is critical to maintaining a robust and sustainable security posture.”
Customers in the Education (EDU) Sector
Many educational institutions around the world rely on Runecast for helping to secure their IT environments. Runecast’s EDU customers include New York’s Victor Central Schools (U.S.), BYU Idaho (U.S.), Aberystwyth University (Wales), University of St Andrews (Scotland), Stralsund University (Germany) and Seijo University (Japan).
Automated audits of security standards include CIS Benchmarks, NIST and many others. Runecast also helps protect student and faculty data by working securely on-premises and even offline (so data never leaves your control).
Customers using Runecast typically report between 75-90% time savings in the areas of troubleshooting, upgrade planning and the ability to achieve, maintain and verify security compliance. It enables IT teams to do far more with less, resulting in operational transparency, cost savings, and security compliance.
According to Dan Monaghan, Cyber Security Officer for Aberystwyth University, “Runecast frees up time to proactively look for configuration and security issues. Given the cost and value that Runecast offered, it made no sense to even spend time trialling alternatives.”
David Henderson, Director of Computer Services at Victor Central Schools stated, “We did not see anything else on the market that could do what Runecast does.”
Runecast Solutions Ltd. is a leading global provider of a patented, AI-driven vulnerability assessment and cloud-native application protection platform (CNAPP) for IT Security and Operations teams. Forward-focused enterprises like Avast, DocuSign, the German Aerospace Center (DLR) and Merck/MSD rely on Runecast for proactive vulnerability and configuration management, security and compliance assessment, operational efficiency and mission-critical stability. Headquartered in London, U.K., Runecast is a Gartner Cool Vendor and has won Computing awards for Cloud Security Product of the Year and Best Place to Work in Digital.