Cado is a cloud investigation platform designed to simplify and accelerate forensic investigations across multi-cloud and hybrid environments. By automating data capture and providing unified visibility, Cado enables security teams to focus on understanding incidents and mitigating threats efficiently. Affected: AWS, Azure, GCP
Keypoints :
- Cado streamlines forensic investigations by automating data capture from various platforms.
- It supports data collection from AWS EC2 instances and Tanium for endpoint data.
- Cado provides a unified view of data across multi-cloud and hybrid environments.
- The platform captures forensic data from containers and serverless functions.
- AI-driven analytics help identify indicators of compromise and streamline analysis.
- Security teams can respond faster by focusing on understanding threats rather than manual data gathering.
MITRE Techniques :
- TA0001 β Initial Access: Cado collects data from various entry points across cloud platforms.
- TA0002 β Execution: Automated data capture from containers and serverless functions ensures timely acquisition of evidence.
- TA0007 β Discovery: Cado normalizes data across environments, allowing for quick correlation of events.
- TA0009 β Collection: The platform automates the gathering of logs, memory dumps, and disk images.
- TA0011 β Command and Control: Cado enables tracking of attacker movement across multi-cloud environments.
Indicator of Compromise :
- No IoCs Found
Full Research: https://www.cadosecurity.com/blog/from-data-capture-to-analysis-how-cado-simplifies-cloud-investigations