By enabling security professionals to drastically simplify the collection and analysis of volatile data, they gain enhanced visibility to identify root cause and respond to incidents faster.
Volatile data analysis provides critical context to incident investigations, arming security analysts with additional insights that can help them craft a more effective response plan. Analyzing volatile data can be extremely useful in scenarios where an agent-based solution cannot be deployed. For example, high-availability production servers cannot support agents, but volatile data can be captured to enable live investigation.
Through the power of automation, which is core to the Cado enterprise platform, Cado varc seamlessly acquires volatile data helping security and incident response professionals analyze critical evidence such as running processes, process memory and network connections. As soon as suspicious activity is detected, Cado varc can be automatically deployed to collect and identify further activity.
“Today, analyzing volatile data is an extremely manual and time-consuming process. And, for volatile data to be most valuable, it must be captured in the moment of malicious activity,” said Chris Doman, CTO & Co-Founder, Cado Security. “Cado varc drastically simplifies the process, extracting only the most relevant data at the speed security professionals require. We are thrilled to continue our commitment to innovation and the security community by making this new open source tool available for analysts to conduct faster, more efficient incident investigations.”
The output of varc is designed to be easily consumed by other tools for immediate investigation, including the Cado Community Edition. Additionally, Cado varc can be executed across Windows, Linux, OSX, cloud environments, containerized Docker/Kubernetes environments, and even serverless environments such as ECS Fargate and AWS Lamba.
For Cado enterprise clients, varc and other memory analysis features are built into the Cado platform, allowing security teams to gain full context when analyzed alongside other critical data sources such as full disk, cloud-provider logs, and more.