Cado Security Raises $10M for Cloud-Native Forensics

The Growing Importance of Forensics in Cybersecurity

As computer systems grow in size and complexity, the role of digital forensics in organizational security has become increasingly vital. Recent incidents, such as the SolarWinds breach, demonstrate that security isn't solely about preventing initial access or data loss.

When a network is compromised, a comprehensive investigation is often the only effective method to determine the extent of the breach, identify ongoing activity, and assess the risk of future attacks.

Cado Security Secures $10 Million in Funding

Recognizing this escalating need, Cado Security, a startup specializing in cloud-native forensics technology, has announced a $10 million funding round to facilitate business expansion.

Currently, Cado’s tools are utilized directly by organizations and also by security firms like Redacted, a San Francisco-based company co-founded by former Facebook chief security officer Max Kelly and John Hering, co-founder of Lookout.

Funding Details and Market Demand

This funding round is led by Blossom Capital, with participation from existing investor Ten Eleven Ventures. Notably, this Series A funding arrives just six months after Cado secured its seed funding, indicating strong market demand.

The Increasing Complexity of Data Security

Securing data within digital networks has become significantly more challenging over time. The proliferation of devices, the increasing volume of data, and the diversity of configurations all contribute to this complexity.

Furthermore, malicious actors are continually refining their techniques to infiltrate networks and execute their objectives.

The Impact of Cloud Adoption

The widespread adoption of cloud computing has also played a crucial role. While enabling organizations to scale operations and enhance computing capabilities, it has simultaneously expanded the attack surface and complicated investigations.

The elastic nature of cloud environments, where capacity is dynamically adjusted, presents a unique challenge, as logs of past activity can be lost when resources are scaled down.

Cado’s Response Product: A Comprehensive Solution

Cado’s Response product is designed to operate proactively across cloud, on-premise, and hybrid environments. It currently supports AWS EC2 deployments, as well as container systems like Docker, Kubernetes, OpenShift, and AWS Fargate.

Expansion to Azure is planned in the near future, while Google Cloud Platform is currently a lower priority based on customer feedback.

The Origins and Philosophy of Cado Security

Cado was co-founded by James Campbell and Christopher Doman last April. Their concept stemmed from their combined experiences in security services at PwC, and with government organizations (Campbell in Australia) and AlienVault (acquired by AT&T).

Throughout their careers, they consistently encountered challenges related to the availability of adequate forensics data, which is essential for investigating complex breaches.

Modernizing Forensics for the Cloud Era

Traditional forensics tools, particularly those dealing with cloud data, often relied on processing data using open-source tools and analyzing results in spreadsheets, according to Campbell. He emphasized the need to modernize this approach for the cloud era.

Addressing the Time-Critical Nature of Breach Investigations

A typical breach investigation can take up to a month to complete, as it involves examining “every part of the disk, the files in a binary system,” as Doman explained. A thorough analysis requires examining logs at a granular level.

However, this timeframe is often unacceptable, as a month allows attackers to remain active within a network. Consequently, many forensics tools only analyze approximately 5% of an organization’s data.

Cado’s Innovative Approach

Cado’s solution, protected by pending patents, involves utilizing big data tools to automate and accelerate the labor-intensive process of analyzing activity logs. This allows for the identification of unusual patterns and anomalies.

This automation empowers security teams to concentrate on understanding the attacker’s actions and implementing effective remediation strategies.

Potential Impact on Major Breaches

The implementation of more advanced and rapid tracking and investigation technologies could have potentially mitigated the impact of incidents like the SolarWinds breach.

Future Plans and Integrations

Cado’s future plans include expanding integrations to support a wider range of systems and extending beyond traditional “infrastructure as a service” deployments.

Industry Perspective on Cado Security

“Over the past year, enterprises have compressed their cloud adoption timelines while protecting the applications that enable their remote workforces,” stated Imran Ghory, partner at Blossom Capital. “However, as high-profile breaches like SolarWinds illustrate, the complexity of cloud environments makes rapid investigation and response extremely difficult, as security analysts often lack specialized cloud expertise.”

Ghory continued, “Cado Security addresses this challenge with an elegant solution that automates time-consuming tasks, such as capturing forensically sound cloud data, enabling security teams to move faster and more efficiently. Blossom Capital is excited to support Cado Security’s rapid growth.”