What's new in the Cado platform: Q2 2024 recap

As we are more than halfway through 2024, we are excited to share the latest updates and features brought to the Cado platform. Our team has been hard at work to bring you new features and integrations designed to improve and enhance your digital forensics and incident response capabilities. In Q2 and into Q3, we’ve been focusing on expanding our support for SaaS environments, improving integration with leading security tools, end-to-end workflow automation, and more. Here’s a detailed look at what’s new in the Cado platform.

New Features

Google Workspace (SaaS Log Acquisition)

We've introduced support for acquiring logs from Google Workspace, enabling seamless integration with your SaaS environments. This new feature allows you to capture and import logs from Google workspace, providing insights into Admin activity, Sign-ins, and data access.  

Integration with Microsoft Defender for Endpoint

Our latest integration with Microsoft Defender for Endpoint provides enhanced security and streamlined workflows for incident response. Now, you can execute Cado Host via Defender for Endpoint, allowing for a broad set of key forensic artifacts to be collected. This provides important contextual data, meaning incidents can be fully scoped and understood wherever they occur.

Acquisition with Temporary Credentials (Time-Based Credentials/JIT Access)

To further secure and simplify the acquisition process, we now support the use of temporary credentials (AWS STS), also known as Just-In-Time (JIT) access. This feature allows you to deploy Cado with minimal permissions. This means reduced deployment times, allowing for cross account roles with long term access and high privileges no longer needing to be embedded into the application. This reduces security concerns of internal cloud teams.

Dedicated Log Parsers for Key AWS Sources

Conducting investigations in AWS environments has never been easier with our new dedicated log parsers. These parsers are specifically designed for five of the most important log sources; CloudTrail, GuardDuty, VPC Flow, S3 Server Access, Route 53.

Automated Investigations for SOC Analysts

The Cado platform now enables customers to dramatically streamline the effectiveness of their SOC using end-to-end workflow investigation automation capabilities. This update to the Cado platform alleviates the pressure on SOC teams, who often find themselves inundated with data and alerts. Traditional methods of threat detection and response are labor-intensive and time-consuming, leading to burnout among analysts. By automating end-to-end workflows and leveraging AI to provide data-rich insights, Cado Security enables SOC teams to make informed decisions swiftly and accurately.

This update is designed to address the most pressing challenges faced by SOC teams:

• Unified Alert Management: SOC teams can now easily connect different alert sources across both cloud and on-prem systems, providing a comprehensive view of potential threats.
• Accelerated Response Times: By automatically collecting and processing crucial data, the platform enables faster responses to incidents, reducing the time taken from detection to action.
• Prioritized Threat Management: Cado’s reclassification logic helps SOC teams focus on the most significant events, ensuring that critical threats are addressed promptly.
• Empowered Analysts: The platform performs automated triage, helping SOC tier 1 analysts understand the scope, impact, and broader context of incidents, thereby enhancing their decision-making capabilities.
• Improved Efficiency Metrics: SOC teams can track and reduce key metrics such as mean-time-to-respond, and mean-time-to-resolution, leading to more efficient operations.
• Integrated Tools and Workflows: Actionable results can be seamlessly integrated into existing systems like SIEMs, task managers, and other productivity tools, streamlining operations across the board.
• Clear Response Recommendations: The platform provides concise recommendations for responding to incidents, enabling SOC teams to take decisive actions with confidence.
• Seamless Team Collaboration: Cado Security facilitates smooth handoffs between SOC tier 1, tier 2, and Incident Response teams, ensuring continuity and collaboration throughout the investigation process.

Upcoming Enhancements

Saved Scripts for Run Command

We are currently working on enabling saved scripts for the Run Command feature, which will allow the user to create a library of scripts. We will also allow the user to specify one or more "inputs" and "outputs" in their scripts:

• Input: a file will transfer onto the target, which can be invoked with the script. e.g. if you want to execute a third part binary such as Volexity for memory analysis
• Output: a file will transfer off the target to an S3 bucket. Continuing with the example given, this would be the resulting memory capture.

We are committed to continuously improving the Cado platform to meet the evolving needs of our users. These updates reflect our dedication to providing robust, user-friendly, and efficient tools for digital forensics and incident response. Stay tuned for more updates as we continue to innovate and enhance our platform. If you have any feedback or suggestions, please don't hesitate to reach out.