Measuring aspects of a network’s security posture through penetration testing, red teams, and adversary emulation is resource intensive. CALDERA offers an intelligent, automated red team system that can reduce resources needed by security teams for routine testing, freeing them to address other critical problems.
CALDERA can be used to test endpoint security solutions and assess a network’s security posture against the common post-compromise adversarial techniques contained in the ATT&CK model. CALDERA leverages the ATT&CK model to identify and replicate adversary behaviors as if a real intrusion is occurring. This enables automated assessments of a network's susceptibility to adversary success, allowing organizations to see their networks through the eyes of an advanced persistent threat on-demand and to verify defenses and security configuration based upon known threat techniques. CALDERA uses an adversary representation language, the ATT&CK profile, a decision engine to process gathered knowledge and choose subsequent actions, and an agent to conduct the operation. Use of CALDERA can reduce resources needed for assessments and allow red teams to focus on sophisticated solutions to harder problems. It will also allow organizations to more rapidly tune behavioral-based intrusion detection systems as they are deployed.
CALDERA is complementary to other forms of security assessment. A network’s security posture is commonly assessed based on software patch levels, security controls, and defender tools. While many intrusion detection tools rely on searching for known threat indicators which change frequently, assessments and adversary detection are rarely based upon adversary behavior. This leaves defenders guessing how they would detect and respond to active threats. CALDERA helps defenders move beyond detection of indicators of compromise to detection and response of adversary behavior.
To discuss licensing CALDERA, or collaborative activities, please contact MITRE's TTO.