The train-like-you-fight cyber infrastructure platform

Carthage is a product for organizations that want to bring more rigor and integrity to their cyberdefense training and operations. Based on modern DevOps tools, it lets you build, store, and manage all the components of a modern enterprise as independent Git-based modules. With a handful of commands, it can automatically build fully functional, highly realistic, fully configured ranges in a matter of hours. It is so feature-rich and robust, you’ll want to use it to manage your operational infrastructure as well.

The problem with the common cyber range

If you have deployed a cyber range within your organization, chances are, one of the following is true:

It was built to last a weekend, using a single exercise’s budget. At the end of the event, it’s thrown away.  It’s like building an aircraft without an assembly line, and then mothballing it after a single sortie.

It looks nothing like a real enterprise. A cyber range is supposed to train warriors to defend a real network: a complex, years-old configuration of domains, routers, security certificates and data. But most ranges are a weeks-old pile of virtual machines that do nothing at all.
You don’t own it. You’re powerless to solve these problems. Your team has little ability to modify the range, and what little they can do, they’re not allowed to keep those improvements for the next event.

The problem with the common cyber range

If you have deployed a cyber range within your organization, chances are, one of the following is true:

It was built to last a weekend, using a single exercise’s budget. At the end of the event, it’s thrown away.  It’s like building an aircraft without an assembly line, and then mothballing it after a single sortie.
It looks nothing like a real enterprise. A cyber range is supposed to train warriors to defend a real network: a complex, years-old configuration of domains, routers, security certificates and data. But most ranges are a weeks-old pile of virtual machines that do nothing at all.
You don’t own it. You’re powerless to solve these problems. Your team has little ability to modify the range, and what little they can do, they’re not allowed to keep those improvements for the next event.

Our approach

If cyberwarriors are going to train like they fight, they need to have root. This is the founding principle of Carthage, and it leads to the following training outcomes:
Trainees become masters of the systems they protect. Every sysadmin knows that the best way to master a system is to hold daily responsibility for its basic maintenance. Carthage empowers users to hold this role over systems in a safe environment that teaches them modern DevOps tools and principles. And they do all of this work from the command line—the interface of a real-life cyberwarrior—rather than a gamified control panel or proprietary GUI. Because weapons training is only useful if you can bring those same weapons into battle.
Trainees can share and build upon each other’s work. Every Carthage module—VM, data set, and inject—is stored as a Git repository. These repos can be installed on any Carthage instance. Instead of throwing out your unit’s work after every exercise, you—along with every other cyber unit in the nation—are building the world’s most comprehensive cybersecurity asset inventory.
Unprecedented collaboration between experts. Cyberdefense is logistically messy. Experts work in cramped quarters to jointly defeat an attacker—but through the ungainly interface of a single screen. When combined with Photon, Carthage users can share the contents of their desktop with any other display in the enterprise. Participants can see other teammates’ work without leaving their desks. Photon also lets remote users persistently share control of mouse and keyboard inputs.

Our credentials

We’ve deployed secure networks for everyone from Apple to JSOC. We’ve written and managed protocols that secure every major Internet node across the world. We developed the technical foundations of DevOps before the term existed. And we’ve participated in National Guard cyber defense exercises as Red Team, Blue Team, and White Cell members. We really know what we’re doing. Learn more about us.

Read world examples

USCYBERCOM White Paper: Carthage collaboration toolkit

A 18-page summary of Carthage’s capabilities in the operators cyberspace.

Cyber Capabilities Statement

From Apple to JSOC, we have delivered products for clients across the market spectrum.

AWACS MUA: Carthage integration

A 12-page USAF assessment of Photon’s applicability to AWACS, made possible by Carthage

426th Network Warfare Squadron: Range Feedback

A 4-page report by MSgt William Reeves detailing the  experience in utilizing Carthage for their semi‐annual 1B4 boot camp.

Get Carthage

Carthage and its integration with Photon are available to U.S. Government agencies via sole source acquisition. Find out how, or contact us for references and demo information.