The Cado team has been hard at work over the past three months and we’re excited to share all of the platform enhancements we’ve recently delivered. These improvements were designed to address three pivotal focus areas that our team has defined as the most important for our customers:
- Risk Mitigation – Our goal is to enhance our customers’ ability to rapidly identify the underlying cause of an incident by providing immediate access to an unprecedented depth of data
- MTTR Reduction – In incident response, time is of the essence. We’re helping our customers minimize the scope and impact of comprimises by drastically expediting attack containment and response.
- Amplifying Productivity – We’re bringing forensics to analysts of all levels by simplifying complexities such as ensuring investigations can seamlessly span across multiple cloud environments
Here are some of our top features delivered by the Cado team over the past quarter:
New Import User Interface
Cado has adopted a much more uniform way of importing data from the various data sources. This makes the process of providing all the necessary pieces of information much more consistent across different cloud providers and technologies.
Azure Cross Cloud Collection Enhancements
Enterprises have embraced multi-cloud strategies to adhere to evolving regulations, manage risk and enhance resiliency. But managing multiple clouds introduces added complexity – especially for security teams. The Cado platform now supports the ability to acquire evidence from GCP when primary deployment in Azure. This enhancement ensures investigations across multi-cloud environments are further streamlined.
New Timeline View
Cado is excited to have revamped the look and feel of the timeline feature so that it is more intuitive to navigate and pivot off key artefacts during an investigation. From card view to a powerful tabular view, we hope this will greatly streamline the analysis process. This new view also aligns with our mission to make forensics more approachable so that analysts of all levels can perform incident response in the cloud.
Faceted search will allow users to narrow down their search results quickly using facet options, which represent categories of data. The facet options Cado presents will provide awareness to the user on the core data types/ attributes the events contain, enabling them to refine datasets quickly and efficiently using the facet navigation, rather than having to add filters to their query in the search bar manually, which can burden the user.
Saved search will allow users to save investigation queries for re-use at a later date. During an investigation, particularly in the earlier analysis phases, a user will be exploring and pivoting across datasets and will have naturally built-up a considerable query in the search bar. Users can now preserve this query so they can re-execute it on their next session (or even share it with colleagues). This feature will save precious investigation time by not having to rebuild a query from scratch, thus enabling rapid search and visibility.
Reducing Response Time
Cado’s automation rules enable security teams to define collection and response actions based on criteria defined by the user. For example, a user can set up an automation rule that will automatically isolate a compromised cloud server immediately following detection. This approach ensures damage and spread is prevented while a deeper dive forensics investigation can take place.
Incident Readiness Dashboard
A proactive approach to cloud incident response enables security teams to understand whether they are prepared to quickly investigate and respond to threats before an incident occurs. Cado’s Incident Readiness Dashboard provides security teams with the ability to proactively run readiness checks, see readiness trends over time, and identify issues that could prevent the organization from rapidly responding to active threats. Cado also delivers a readiness score which is based on several factors, including whether the organization is able to acquire critical forensic evidence across its cloud environment.
Centralized Bucket for Collection
The Cado platform supports the ability to designate a centralised S3 bucket for evidence storage and preservation – even if the evidence is acquired across multiple cloud platforms. By centralising evidence, security teams only have to manage access to one bucket. This approach enables organisations to minimise the audit trail, which massively simplifies and streamlines chain of custody and ultimately reduces the risk of unauthorised access.
Enhanced Role-Based Access Control
Cado has built strict controls into the platform to ensure that only authorized users have least-privileged access to the cloud resources they may need to acquire during an investigation, and also to the processed data and investigation results within the Cado platform. This integrates seamlessly into your corporate SSO and IAM systems.
Cado now supports full High Availability configuration, taking full advantage of the capabilities made available by cloud providers to ensure that there’s no single point of failure in our system.
This glimpse into our recent achievements offers a taste of the incredible progress we’ve made over the past quarter. We’re extremely excited about the positive impacts these new features are having on our customers. While it represents a significant step forward in revolutionizing forensics and incident response for the cloud, there’s so much more to come! As we advance on our mission, we’re excited to continue to deliver cutting-edge features and functionality and keep you updated along the way!