This article introduces Rudder 9.0, a major release of our infrastructure security automation platform, launching Policy & Benchmark Compliance for automated CIS compliance on Linux. It provides a CIS Benchmark compliance tool with automated remediation for up to 5× faster hardening, plus support for the latest Linux distributions and improvements in vulnerability and patch management.
Securing your systems – it’s a challenge that every organization faces. Today, true security typically means complying with your security policy.
When setting your security policy, the CIS Benchmarks™ are the gold standard. Your biggest challenge isn’t just knowing how compliant your systems are with these, but actually making them fully compliant. That’s why we created Policy and benchmark compliance— a feature designed for automated benchmark compliance at scale— now integrated into the Rudder platform with the release of Rudder 9.0, available from today.
For a deep dive into the challenges associated with deploying the CIS Benchmarks™, check out our dedicated pre-release article.
New to Rudder? Rudder is an infrastructure security automation platform, helping you design and enforce your security model across Linux and Windows systems. Beyond our new Policy and benchmark compliance solution, Rudder optimizes patch management and vulnerability assessment, tailored to your organization’s specific needs.
Policy and benchmark compliance integrating CIS Benchmarks
For many organizations, compliance with standards like CIS Benchmarks™ has become critical – for security reasons as much as commercial purposes. But deploying hundreds of controls across diverse landscapes, then auditing them and fixing issues manually is a nightmare for sysadmins and security teams.
Rudder’s Policy and benchmark compliance is designed to break that cycle, including integrating CIS Benchmarks™ on RHEL 9. Forget tools that just scan and report. This solution is built by ops for ops, delivering end-to-end compliance.
What sets Rudder apart? We don’t stop at auditing. Instead of just flagging configuration drifts, our solution allows you to take immediate action, with automated remediation designed for production environments. This full-cycle approach – from benchmark compliance checks to automated remediation – saves time while ensuring reliable, lasting compliance.
Early user tests show that achieving benchmarks compliance is at least five times faster with Rudder Policy and benchmark compliance.
Audit, remediate, deploy
Our solution integrates CIS Benchmarks™ for RHEL 9 and supports securing RHEL 8, Ubuntu 20.04 & 22.04 and Debian 11 & 12.
Everything is automated to reduce the chance of human error during implementation or remediation. And that’s just the beginning: Microsoft Windows Server integration is currently under development and will soon be available to beta testers.
Think of CIS Benchmarks™ as the GPS of security, and Policy and benchmark compliance as your autopilot. The solution ensures your audits and deployments stay fully aligned with CIS standards. The benchmarks are updated with each new version, saving your teams a significant amount of time in ensuring continued compliance.
Rudder lets you choose how to work:
- Audit mode: Audits without remediating
- Enforce mode: Audits and applies fixes automatically.
You can apply these modes to a system group, a single system, or just one category within a benchmark.
Certain controls require parameters specific to your environment and security policy – all accessible through a user-friendly interface with clear input requirements.
With Rudder 9.0, automated CIS compliance becomes part of your daily operations, not a one-time project.
Practical control and visibility over CIS Benchmarks™
Our goal is simple: build a solution that actually helps ops teams and isn’t just another marketing tactic. We’ve placed actionability and compliance management at the heart of the new solution. So, while you focus on tasks where you can add value — Rudder takes care of the rest! The goal is to make automated CIS compliance transparent and manageable, not hidden behind scripts or reports.
Track your compliance status in real time with clear, practical and intuitive dashboards, structured in line with benchmarks sections. Each control is fully documented in the interface to help you understand what’s expected.
Every benchmark also comes with its own compliance score, complementing those already available in our other solutions. You now have a complete, real-time view of your security posture, taking your compliance management to the next level.
By combining auditing with remediation, it’s never been easier to tangibly strengthen your systems security and quickly demonstrate compliance to auditors or customers.
What’s new in Rudder 9.0
Here’s a snapshot of the highlights in the latest release of Rudder. But if you want to explore all the new features in detail, check out the docs.rudder.io.
Expanded compatibility
The first thing you’ll notice in Rudder 9.0 is its expanded compatibility: the solution now fully supports Red Hat Enterprise Linux 10 and Debian 13, for servers as well as agents.
Smarter vulnerability and patch management
You asked, we delivered. You can now filter CVE lists by system groups. This new feature serves two key purposes: it helps identify CVEs on anonymized machines, and it enables targeted remediation based on environment type (dev, prod, DMZ, etc.).
As for patch management, Rudder now includes server-side hooks that trigger actions before and after patch campaigns. You can automatically set the machine status before patching, then receive detailed reports as soon as each campaign wraps up.
Goodbye manual checks, hello automation.
Visual and reporting improvements
-
- A redesigned technique editor makes drag & drop actions effortless.
- Creating configurations has never been easier with Rudder!
- CSV exports are now available for more graphs in Rudder. This feature is still in technical preview but will soon expand to every page.
- Sharing and analysing your data just got simpler.
- A redesigned technique editor makes drag & drop actions effortless.
SecNumCloud compliance and security upgrades
We’ve completely revamped agent-server communication to meet SecNumCloud requirements for one of our certification projects. The great news is that soon everyone will benefit from full HTTPS communication over port 443 (no more special ports!) and the ability to use your own PKI for authentication certificates. This feature is currently in technical preview, but is available upon request, with a stable version coming soon.
Every year, Rudder’s security is reinforced through independent audits by Cure53, one of the most highly respected cybersecurity firms. On top of that, many of our users regularly conduct pentests and share their findings with us at security@rudder.io.
A big thank you to everyone who helps make Rudder even more secure, day after day.
Redefining system hardening and CIS compliance
Upgrade to Rudder 9 today. Simply follow our guide.
This major new release focuses heavily on evolving our Policy and benchmark compliance solution, including integrating CIS Benchmarks™ on RHEL 9, and will be shaped by your feedback in the months to come.
We have been growing rapidly for the past four years, and we’re proud to shake up the world of system hardening and compliance by tackling the real operational challenges faced by IT and security teams.
And we’re just getting started – the best is yet to come!
Want to stay up to date?
Subscribe to the Rudder newsletter:
