Cado Security launches solution for forensic investigations in ambient containers

Cado Security has introduced a solution for conducting forensic investigations in distributed container environments. Cado Security’s new offering enables security teams to investigate the root cause, scope and impact of malicious activity detected in distributed container environments to gain greater insight into cloud risk.

Distroless containers are designed for efficiency and security and do not contain standard operating system components such as shell utilities and package managers. Although these containers provide some security benefits by minimizing the attack surface, they actually leave a major security hole if something malicious actually happens. To date, it has been impossible to conduct an investigation in these environments, resulting in a significant visibility gap.

“The use of distributed containers is increasing, promising agile deployment and increased security,” said Chris Doman, CTO at Cado Security. “However, their minimalist design introduces complexity when it comes to investigation and response. This presents an urgent security challenge as millions of Distroless containers are used by companies worldwide. We are addressing this issue with the world’s first and only solution to conduct forensic investigations in these environments, providing much-needed visibility to security teams.”

Cado Security offers a solution that addresses the unique challenges that distributed containers pose for security teams. Cado’s patent-pending approach collects data from distribution-less and private clusters without impacting the target container to enable immediate investigation.

Data collected includes running processes, important log files, and forensic artifacts. Cado also leverages its previously open source “varc” toolset to collect memory from individual processes for forensic analysis. This evidence is then seamlessly presented within the Cado platform, providing unprecedented visibility into cloud risk.