In my previous article, I discussed the subject of improving your (or your company’s) Cybersecurity posture. There are many solutions out there that employ different technologies, features and techniques to detect, analyse, prevent attacks and protect systems. Among the upcoming, Crowdsec seems to be in a class of it’s own and fast getting recognition from the forces that be.
What is Crowdsec?
CrowdSec is a massive multiplayer open-source and collaborative intrusion prevention system (IPS) that analyzes visitor (IP) behavior &reputation and provides an adapted response to all kinds of attacks while sharing signals across the community, hence Crowd Security.
How Crowdsec Works
One of the best philosophy that I personally think will make Crowdsec a big success is the idea of outnumbering the malicious actors. Many solutions are sophisticated and a lot more features but going solo will not be very effective. Crowdsec simply leverages the behavior of an IP to qualify whether someone is trying to hack you, based on your logs. If your CrowdSec agent detects such aggression, the offending IP is then dealt with and sent for curation. The System hosts a very large amount of known IP’s which can be very useful data in preventing any attacks from such.
The engineers at Crowdsec are busy behind the scenes integrating the solution with many use case scenarios and it’s spreading like wild fire. Here below are some of the use cases and scenarios:
Debian / Ubuntu
With such a myriad of services and scenarios that can be protected, you can rest assured that you’ll have an intelligent robust layer of security added and you will have further improved your Cybersecurity posture. You can protect you instances from brute-force on SSH, web-form, databases, router logins and many more. For an icing on this cyber cake, Crowdsec also has an online dashboard console where you can view all the alerts and stats of what’s happening with on your protected service. So go ahead and visit Crowdsec and get started