Free Open Source Tool Automates Collection of Volatile Data to Provide Security Analysts Critical Context to Conduct Cloud Incident Response
LONDON – October 19, 2022 – Cado Security, the cloud investigation and response automation company, today announced the launch of its new open source community tool, Cado varc. The new volatile artifact collector tool allows security analysts to collect a snapshot of volatile data, adding critical context to incident investigations. By enabling security professionals to drastically simplify the collection and analysis of volatile data, they gain enhanced visibility to identify root cause and respond to incidents faster.
Volatile data analysis provides critical context to incident investigations, arming security analysts with additional insights that can help them craft a more effective response plan. Analyzing volatile data can be extremely useful in scenarios where an agent-based solution cannot be deployed. For example, high-availability production servers cannot support agents, but volatile data can be captured to enable live investigation.
Through the power of automation, which is core to the Cado enterprise platform, Cado varc seamlessly acquires volatile data helping security and incident response professionals analyze critical evidence such as running processes, process memory and network connections. As soon as suspicious activity is detected, Cado varc can be automatically deployed to collect and identify further activity.
“Today, analyzing volatile data is an extremely manual and time-consuming process. And, for volatile data to be most valuable, it must be captured in the moment of malicious activity,” said Chris Doman, CTO & Co-Founder, Cado Security. “Cado varc drastically simplifies the process, extracting only the most relevant data at the speed security professionals require. We are thrilled to continue our commitment to innovation and the security community by making this new open source tool available for analysts to conduct faster, more efficient incident investigations.”
The output of varc is designed to be easily consumed by other tools for immediate investigation, including the Cado Community Edition. Additionally, Cado varc can be executed across Windows, Linux, OSX, cloud environments, containerized Docker/Kubernetes environments, and even serverless environments such as ECS Fargate and AWS Lamba. For Cado enterprise clients, varc and other memory analysis features are built into the Cado platform, allowing security teams to gain full context when analyzed alongside other critical data sources such as full disk, cloud-provider logs, and more.
To access Cado varc, please visit: https://www.cadosecurity.com/cado-community-edition/ or https://github.com/cado-security/varc
About Cado Security Cado Security is the cloud investigation and response automation company. The Cado platform leverages the scale, speed and automation of the cloud to effortlessly deliver forensic-level detail into cloud, container and serverless environments. Only Cado empowers security teams to investigate and respond at cloud speed. Backed by Blossom Capital and Ten Eleven Ventures, Cado Security has offices in the United States and United Kingdom. For more information, please visit https://www.cadosecurity.com/ or follow us on Twitter @cadosecurity.