New open source tool helps security analysts gather data following incidents
Incident investigations in today's environments such as the cloud, containers and serverless environments can be a challenge. In particular collecting volatile data quickly following an incident to help security teams identify root causes and respond faster.
Cado Security is launching a new new volatile artifact collector tool that allows security analysts to collect a snapshot of volatile data, adding critical context to incident investigations.
Called Cado varc, the tool seamlessly acquires volatile data helping security and incident response professionals analyze critical evidence such as running processes, process memory and network connections. As soon as suspicious activity is detected, Cado varc can be automatically deployed to collect and identify further activity.
"Today, analyzing volatile data is an extremely manual and time-consuming process. And, for volatile data to be most valuable, it must be captured in the moment of malicious activity," says Chris Doman, CTO and co-founder of Cado Security. "Cado varc drastically simplifies the process, extracting only the most relevant data at the speed security professionals require. We are thrilled to continue our commitment to innovation and the security community by making this new open source tool available for analysts to conduct faster, more efficient incident investigations."
The output from varc is designed to be easily imported to other tools to aid investigations. The tool can be executed across Windows, Linux, OSX, cloud environments, containerized Docker/Kubernetes environments, and even serverless environments such as ECS Fargate and AWS Lamba. For Cado enterprise clients, varc and other memory analysis features are built into the Cado platform, allowing security teams to gain full context when analyzed alongside other critical data sources such as full disk, cloud-provider logs, and more.
You can find out more on the Cado site.