Alert Augmentation: Cado and AWS GuardDuty
With threats continually evolving, staying ahead of them is essential. The Cado Platform’s integration with AWS GuardDuty detections seamlessly integrates the strengths of both services to provide seamless detection and investigation, enhancing security operations for cloud environments. AWS GuardDuty is Amazon's threat detection service that provides continuous monitoring for malicious activity and unauthorized behavior to help protect AWS accounts, workloads, and data. When integrated with the Cado Platform, the combination offers powerful automated incident response capabilities that speed up investigations and minimize the time to resolution.
Simplifying Detection with GuardDuty
With this integration, users can automatically import alerts generated by AWS GuardDuty into the Cado Platform. GuardDuty continuously monitors for various threats including reconnaissance, privilege escalation, and account compromise, and ensures that every security alert is logged. The Cado Platform then acts on these alerts, collecting additional relevant forensic data to streamline and automate the investigation. This means that when analysts come to view the alerts in the Cado platform, they are shown not just the alert but also additional contextual information collected by the platform, giving them everything they need to make informed decisions they can be confident in.
Setting up a GuardDuty detection rule is straightforward. Define the environment where the detection will be active, select severity levels, and enable automated monitoring. This process ensures that every suspicious activity identified by GuardDuty is responded to with the full capability of Cado’s forensic tool kit.
Setting up a GuardDuty detection integration in Cado
Select GuardDuty from the Detections menu:
Give the Detection Rule a Name, Description, and severity level:
Select the environment(s) the rule will be active in:
Set additional options for the Detection Rule such as Attack techniques to monitor or automated responses:
Automated Investigation for Faster Incident Response
Once GuardDuty detects a potential threat, the Cado Platform immediately gets to work automatically capturing relevant forensic and contextual information from the AWS environment, including logs, disk images, and memory dumps. This not only accelerates response times but also ensures that no critical forensic evidence is missed.
Cado’s integration supports real-time visibility and can be deployed in minutes with zero performance impact on systems. By leveraging GuardDuty's robust and well-proven threat detection capabilities, alongside the Cado Platform, security teams can build a repeatable investigation process that reduces time-to-resolution and decreases reliance on manual investigation efforts.
Customizing Detection and Response
The integration also provides flexibility to configure detection rules based on specific environments and threat vectors. The ability to customize how Cado responds to different threat types, be it suspicious activity or full-scale malicious actions, makes it adaptable to a wide variety of incident response workflows.
Security teams can also customize the investigation process based on the severity of the alert. Cado automates the response for lower-level threats, such as suspicious login activities, while offering deeper investigation tools for more pressing threats like malware or potential account compromise. This layered approach to security ensures that teams can respond proportionately without overwhelming resources.
Reducing Costs and Bridging the Skills Gap
One of the key benefits of Cado’s platform is its ability to reduce investigation times by up to 80%. With GuardDuty integrated, Cado further reduces operational overheads by eliminating the need for manual intervention in the early stages of threat detection. By automating much of the process, Cado helps organizations close the skills gap in their SOC teams, enabling even junior analysts to handle more advanced tasks.
The combination of AWS GuardDuty’s advanced threat detection and Cado Platform’s automated forensic investigation creates a powerful tool for cloud security. By automating much of the investigation process and providing real-time, in-depth forensic capabilities, this integration allows security teams to respond to threats faster, with more accuracy, and with lower operational costs. If you want to know more about the Cado Platform and what it can do contact us for a demo.
More from the blog
View All PostsCado Releases Memory Forensics For Enhanced Visibility and Context
August 3, 2021Investigating Tanium Live Response collections in the Cado platform
October 20, 2022Resources for DFIR Professionals Responding to WhisperGate Malware
January 17, 2022Subscribe to Our Blog
To stay up to date on the latest from Cado Security, subscribe to our blog today.