Investigation and Response Automation

Cado Security supports native deployment in AWS GovCloud (US). AWS GovCloud (US) is the set of Amazon's Regions designed to host sensitive data, regulated workloads, and address the most stringent U.S. government security and compliance requirements. This means that Cado customers can now perform investigations on workloads running in GovCloud in the same way as they would be able to for workloads in AWS Standard Regions.

Cado Security delivers the visibility that’s required to identify and eliminate risk across Azure environments, regardless of its size and complexity. The Cado platform enables investigations of virtual machines, disks from Azure Compute, Azure Kubernetes Service (AKS), and cloud logs such as Azure activity logs. Cado also supports importing objects from Azure Blob Storage and numerous file formats including Azure’s native VHD and VHDX.

Cado Security enables cloud incident response in Google Cloud Platform (GCP) environments. The Cado platform supports investigations of resources such as Google Compute Engine and Google Cloud Kubernetes Engine (GKE), including key logs and artifacts. Cado also supports the ability to acquire data from GCP Storage Buckets, which is common in the event an analyst wants to analyze disk images or zip files that have been uploaded to the bucket or to investigate its contents.

Container-based technology has come a long way and delivers great benefits for enterprises. However, the dynamic and ephemeral nature of these resources can make it nearly impossible to investigate a potential compromise. The Cado platform enables security teams to automate the acquisition of forensically-sound data of containers to ensure critical information is not lost. Cado Security ensures security teams can quickly investigate compromises in ephemeral environments by delivering support for AWS, Azure, and GCP containerized environments. Cado also parses logs from Docker and Kubernetes.

The Cado Security platform delivers extended visibility of AWS ECS Fargate and Lambda. Cado enables security teams to capture, process, and analyze critical evidence including key files and folders from AWS Fargate – a serverless compute engine for containers that works with both Amazon Elastic Container Service (ECS) and Amazon Elastic Kubernetes (EKS). The platform also empowers security teams to investigate the execution of AWS Lambda serverless functions alongside other valuable data sources in a single timeline to deliver enhanced context to incident investigations.

Organizations heavily rely on email for transfer-of-fund requests, making BEC one of the most common and expensive threats. The Cado Security platform enables security teams to acquire Microsoft 365 Unified Audit Log (UAL) to investigate and respond to Microsoft 365 compromises, such as Business Email Compromise (BEC), Account Takeover (ATO), and insider threats. With Cado, security teams can seamlessly analyze key SaaS logs alongside other critical sources captured across on-premises and cloud environments.

Cado Security supports investigations of data captured from on-premises environments. By uploading on-premises data to an Amazon S3 bucket, Azure Blob, or a GCP Storage Bucket and importing it into the Cado platform, security teams can take advantage of Cado’s scalable architecture and processing engine, while benefiting from added context when analyzed alongside other valuable data sources.