Analyzing AWS Nitro Instances with Cado

What is AWS Nitro?

AWS Nitro is the next generation virtualization infrastructure providing the platform for the future of EC2. It's been designed to allow for faster innovation, reduced costs, new instance types, and most importantly increased security.

In a traditional virtualization environment, a hypervisor protects the bare metal system, handles the virtualization of the CPU, memory, storage, and network as well as providing management for the virtual instances. Nitro breaks down those functions and offloads each one to dedicated hardware and software instances, significantly reducing costs while also providing all the resources of a server to any given instance.

Analyzing AWS Nitro with the Cado Platform

The Cado platform allows you to easily import and automatically analyze AWS Nitro instances.

To kick off an investigation, go to the import tab in the Cado platform, and under Amazon web services, select EC2:

From here, select what region the instance you want to analyze resides and if necessary, the corresponding role/account. When you have located the instance you want to analyze, click “Import Volumes”:

Next, you can select additional import options such as whether you want to also acquire the console logs. You can also enter analyst details for the purpose of chain of custody. When this page is complete, click “Acquire instance”: 

You will then receive a confirmation of your acquisition request:

From here, you can go to the processing view and see where your import is in the pipeline:

Once the acquisition and processing has been completed, you can go to the Evidence tab and start your investigation:

The Cado Platform automatically analyzes imported data to highlight key incident details such as root cause, suspicious activity and related users:

Interested in Learning More?

Ready to analyze your own AWS Nitro instances? Contact us to schedule a demo with our team or check out our 14-day free trial.