📜 Post with us on Reddit
📝 Create a new article
🏭 Create a company page
🇬🇧 - in English
🇫🇷 - en Français (FR)
🇵🇹 - em Português (PT)
🇩🇪 - in Deutsch (DE)
🇯🇵 - 日本語で (JA)
Sponsored articles

You can edit almost every page by Creating an account. Otherwise, see the FAQ.

Kept on Wikipedia:CrowdSec

From EverybodyWiki Bios & Wiki





CrowdSec (software)
Developer(s)CrowdSec
Initial release15 May 2020
Repositoryhttps://github.com/crowdsecurity/crowdsec/
Written inGo
Engine
    Operating systemLinux, BSD
    LicenseMIT License
    Websitehttps://crowdsec.net/

    Search CrowdSec on Amazon.

    CrowdSec is a massive multiplayer firewall developed by the eponym software editor and designed to protect Linux servers, services, containers, or virtual machines exposed on the internet with a server-side agent. It was inspired by Fail2Ban and aims to be a modernized, collaborative version of that tool:.[1].

    CrowdSec is a free and open source EDR distributed under an MIT License with the source code available on GitHub[2]. CrowdSec is using a behavior analysis system, based on logs, to identify malevolent IP-addresses and provides an adapted response to all kinds of attacks. Each time an aggressive IP is blocked, all users in the software are informed.[3]

    If the CrowSec agent detects an aggression, the offending IP is then dealt with and sent for curation. If this signal passes the curation process, the IP is then redistributed to all users to protect them against this IP. CrowdSec’s core concept is to locally block attacks based on both behavior and crowd generated block lists and then share back IPs detected as aggressive with all CrowdSec users.[2] Once a member of the CrowdSec community reports an IP address that was used to launch an attack, CrowdSec’s software blocks it across its network.[4] When an IP is flagged as aggressive, the user chooses to remedy the threat in the most appropriate manner (ban, captcha, 2FA etc.).

    The goal of the team behind the project is to leverage the crowd power to create a real-time IP reputation database.[5]

    History[edit]

    Both company and software were launched in January 2020 by three French serial entrepreneurs and cybersecurity professionals: Philippe Humeau, Thibault Koechlin, and Laurent Soubrevilla[6]. For more than a decade, they had this idea in mind of making efficient security accessible by adding a community aspect to it[7]. The founders believe that CrowdSec can succeed because there are more humans working in cybersecurity than there are hackers and if the defenders banded together, that human-driven power could have a big impact.[8]

    The company says it has already detected 250,000 rogue IPs and attracted users from 90 countries[9].

    The first version of CrowdSec v0.0.1 was released on May 15, 2020.[10] In December 2020, the stable CrowdSec v.1.x version was released[11].

    The release of CrowdSec v.1.0.x in January 2021 introduced several improvements to the previous version and a major architectural change: the introduction of a local REST API[2]

    Features[edit]

    CrowdSec allows users to detect attacks and respond at any level (block in a firewall, reverse proxy, CDN or directly at the applicative layer).[3]

    The tool uses leaky buckets internally to allow for tight event control. Scenarios are written in YAML to make them as simple and readable as possible without sacrificing granularity. The inference engine lets a user get insights from chain buckets or meta-buckets, that is if several buckets (e.g., web scan, port scan, and login attempt failed) overflow into a "meta-bucket," a "targeted attack" remediation can be triggered.[12]

    Aggressive IPs are dealt with using bouncers (blockers). The CrowdSec Hub offers ready-to-use data connectors, bouncers (e.g., Nginx, PHP, Cloudflare, Netfilter), and scenarios to deter different attack classes. These bouncers can remedy threats in various ways.

    Crowdsec works on bouncers such as CAPTCHA, limiting applicative rights, multi-factor authentication, throttling queries, or activating Cloudflare attack mode when needed. Users can get a sense of what's happening locally (and where it's occurring) with a lightweight visualization interface and strong Prometheus observability.[13]

    Integrations[edit]

    CrowdSec can be integrated with other tools. The system not only detects attacks, it can also trigger various actions once something is detected, such as[14]

    • Running arbitrary scripts
    • Executing a block in netfilter/iptables
    • Denying an IP in Nginx
    • Blocking in WordPress
    • Blocking people in Cloudflare

    Fundraising[edit]

    In October 2020 the company raised €1.5 million in a pre-seed round led by Reflexion Capital.[15]

    In April 2021 CrowdSec has secured $5 million in seed funding from Breega.[4]

    References[edit]

    1. "Crowdsec, un outil de prévention d'intrusions, conçu pour protéger les serveurs, les services et les conteneurs, présenté comme une version modernisée et collaborative de Fail2Ban". Developpez.com (in français). Retrieved 2021-05-25.
    2. 2.0 2.1 2.2 "Releases · crowdsecurity/crowdsec". GitHub. Retrieved 2021-05-20.
    3. 3.0 3.1 N, Balaji (2020-12-08). "CrowdSec, An Open-Source, Modernized & Collaborative fail2ban". GBHackers On Security. Retrieved 2021-05-20.
    4. 4.0 4.1 "Crowdsec leverages crowdsourcing to reinvent cybersecurity economics". VentureBeat. 2021-05-04. Retrieved 2021-05-20.
    5. Feed 73up, 23 Oct 2020 Philippe Humeau. "New open source project crowdsources internet security". Opensource.com. Retrieved 2021-05-20.
    6. "CrowdSec veut devenir le " Waze " de la cybersécurité". Les Echos (in français). 2020-10-15. Retrieved 2021-05-27.
    7. "Our culture & values". The open-source massively multiplayer firewall leveraging the crowd power. Retrieved 2021-05-25.
    8. "Crowdsec leverages crowdsourcing to reinvent cybersecurity economics". VentureBeat. 2021-05-04. Retrieved 2021-05-20.
    9. "CrowdSec, the open-source massively multiplayer firewall". The open-source massively multiplayer firewall leveraging the crowd power. Retrieved 2021-05-20.
    10. "Release v0.0.1 · crowdsecurity/crowdsec". GitHub. Retrieved 2021-05-27.
    11. Day, Brittany. "Get started with CrowdSec v.1.0.X." Linux Security. Retrieved 2021-05-20.
    12. "CrowdSec - Open Source Security Automation Tool". Putorius. 2021-03-01. Retrieved 2021-05-20.
    13. Day, Brittany. "Introducing Crowdsec: A Modernized, Collaborative Massively Multip". Linux Security. Retrieved 2021-05-20.
    14. "CrowdSec, An Open-Source, Modernized & Collaborative fail2ban - THCBin Tech Blog". Retrieved 2021-05-20.
    15. "Cybersécurité: CrowdSec lève 1,5 million d'euros auprès de Reflexion Capital". FrenchWeb.fr (in français). 2020-10-15. Retrieved 2021-05-20.


    This article "CrowdSec" is from Wikipedia. The list of its authors can be seen in its historical and/or the page Edithistory:CrowdSec. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.

    Page kept on Wikipedia This page exists already on Wikipedia.
    Retrieved from "https://en.everybodywiki.com/index.php?title=Kept_on_Wikipedia:CrowdSec&oldid=4563681"
    License CC BY-SA 3.0
    Powered by MediaWiki
    Powered by Semantic MediaWiki