Video: 10 Minute IT Jams - An update from Cado Security
Cato Security wants to make the cloud safer. CEO and co-founder James Campbell says his company is delivering a new level of speed and efficiency for security teams facing an urgent and growing challenge: cyber incidents in the rapidly evolving world of cloud computing.
Speaking on the "10 Minute IT Jams" podcast, Campbell outlined the origins and aims of Cato Security. "Our mission is to empower security teams with a smarter and faster way to investigate and respond to cyber incidents in the cloud," he said.
A global shift to cloud services has been both a blessing and a curse for organisations, Campbell explained, introducing new efficiencies but also complex new risks. The transition, he noted, has vastly expanded the attack surface, often catching companies unprepared. "A lot of our customers were definitely adopting the cloud - really, really embracing it. So, a lot of the workloads, a lot of the data was shifting to the cloud," he said.
But with that shift, incident response became a new kind of headache. "I noticed as I was helping these customers, now having incidents in the cloud, just how complex the cloud really was and how much of a grind it was to actually do some level of detailed investigation - understand what was going on and how to respond to that," Campbell explained.
From that real-world pain point, the idea for Cato Security was born. "We said, a lot of this should be automated. We should be using the cloud to solve its own problem, really," he added.
The result: a cloud forensics and incident response platform designed to help security teams "gain immediate access to forensic data across multi-cloud, container and serverless environments," according to Campbell. "Ideally, enabling them to quickly respond and identify a root cause and scape and essentially limit the impact of the incident in a more timely manner."
Cato Security's core innovation is in simplifying and speeding up the highly technical process of cloud investigation. "Traditionally, what's happened is some people will have, say, log files from a web server or a firewall, and then they'd go off and look at their endpoint detection, investigate that system, maybe do forensics with off-the-shelf tools - and ultimately, they'd piece together all the little events on multiple data sources, sometimes even in a spreadsheet," Campbell explained, describing the laborious process often faced by security analysts.
Cato aims to bring order to this chaos. Their platform collects, processes and displays multiple streams of forensic data - from log files to disk analysis and containers - in a central timeline, within what Campbell calls a "single pane of glass."
"That central view is really critical and helps you understand what's really going on," Campbell said, citing the example of an attacker moving from one cloud container to another. Without a unified timeline, "it would have been very hard to see that they actually got onto one system and then actually jumped across to another."
Recent improvements in the company's platform focus on automating even more of the investigation process. "One thing we've really been focusing on, and have another version about to be released which I'm really excited about, is around automated investigations," Campbell said. With the proliferation of cloud technologies, the diversity and quantity of data sources have exploded. "You have various different types of new technologies - a lot of people don't even know how half of them work in honesty," he said.
The solution comes in automatically pulling together and analysing all the relevant data for an incident, reducing the need for specialist intervention. "That means automating that data capture and streamlining that end-to-end incident response…and presenting in a way which is a nice, easy, single timeline viewer," Campbell said. "It just massively decomplicates doing investigations in the cloud."
Helping everyday analysts do forensics is a strategic focus for the product team. Campbell knows from experience that digital forensics has traditionally required rare expertise and years of training. "A lot of companies can't even hire enough people that have the right skill set in the forensic space," he said.
With its platform, Cato hopes to "make forensics more approachable or an everyday thing," Campbell explained. "It's almost levelling [analysts] up but through technology and through that automation. That's what we're trying to achieve here."
The goal is not to erase the need for experts, but to free them up to focus on cutting-edge threats while automating the repetitive or routine elements of the job. "The idea is to save them time so they can go do more advanced stuff and deep dive even further and really understand stuff and pick things apart. So there's still a lot to gain from the more advanced end of the scale as well," Campbell added.
For organisations looking to test the waters, Cato Security offers a Community Edition alongside demos and free trials. "If you want to kick the tyres on the product, we encourage people to check that out," Campbell said.
With cyber threats growing more sophisticated and the cloud more central than ever to business operations, Campbell is bullish about Cato Security's direction. His company's drive to tame the cloud's complexity could prove vital in helping all kinds of businesses safeguard their most critical data.
"I really appreciate the opportunity to share what we're doing, and we look forward to helping more organisations take control of their cloud security," Campbell said.