At first glance, your XDR seems like an ideal tool to investigate an incident. But an XDR alone can leave you with some serious headaches in the aftermath of an incident. Every single Cado customer has an XDR - yet they choose Cado in addition to speed up their investigations. As we’ve said before, an XDR only works when it is installed and running - however in addition, an XDR:
When you integrate Cado with your XDR platform you can use the connectivity of your XDR to automate the process of collecting and analyzing a “triage package”. This package contains of all the data you’re likely to need to understand the root cause and scope of an incident, including:
We already have an out of the box integration with SentinelOne - which means that you can get up and running in a matter of minutes - but our customers have set up integrations with a variety of XDR tools.
Even if your XDR agent isn’t even running on the target system at the time of the incident, you can still deploy Cado Host to automate the process of collecting, uploading, and analyzing the data you need. If you use existing forensics tools then we can pull data from those tools too to provide a unified investigation platform. What’s more, if the system is running in the cloud, you can set up Cado to collect this data and more - up to and including full disk, memory and cloud logs - automatically when a suspected incident occurs.
Once you have all the data, Cado processes and analyzes this data to create a super-timeline of all malicious, important, and relevant activities, and lets you tell the story of exactly what happened.
Having all this data at your fingertips will vastly shrink the time needed to respond effectively to an incident. To learn more, contact our team. If you're already eager to perform your own investigation, take advantage of our 14-day Free Trial.