The sad truth is that for all the awesome things that the internet can bring us, there’s also a whole lot of jackasses out there just waiting to get their hands on any number of IT assets. One of the most common tools these nefarious hackers use is the IP address of a machine they’ve worked their way into.
With the use of this unique IP address, a hacker can anonymously launch an attack. When you factor in that organised attack groups work in concert, hundreds of thousands of malicious IP addresses can be aimed at any variety of targets.
Essentially, system administrators, DevOps and SecOps teams are fighting a battle against an army of unknown proportions. That’s not to say that they don't have weapons of their own, but resources only go so far.
But not if CrowdSec has anything to say about it. "This cyberwar is asymmetrically favorable to hackers, who benefit from time, use stolen resources and mainly open-source software, and face increasingly fragmented and permeable perimeters (Cloud drives, SaaS, VMs, containers, VPNs, etc.),” comments CrowdSec CEO Philippe Humeau. “Our goal is to rebalance the cybersecurity game by creating innovative, free and collaborative software in order to fight, together, hacking on a global scale."
The concept is simple (enough in theory); CrowdSec applies the same methodology used by hackers, but in reverse. Instead of a coordinated attack, CrowdSec is offering a coordinated offense.
When a CrowdSec agent detects an attack, a report is generated by the platform, and if legitimate, distributed to all users of the platform. In doing so, the CrowdSec community is generating one of the largest IP blocklists in the world, in real-time.
An unprecedented first line of defense, CrowdSec is specifically designed for today’s cloud-based world. The service offers simple solutions such as denying access from a verified malicious IP address to two-factor authentication, CAPTCHA’s, or putting limits on user rights.
Port scans, web scans, password attacks, identity theft attempts, application denial of service attacks, bots, and credit card stuffing or fraud also all fall under CrowdSec’s arsenal of defenses.
And as privacy is always a concern, CrowdSec meets GDPR requirements by not exporting logs and collects a bare-bones set of data, mainly a time stamp, the attacking IP address, and recorded actions.
Founded just a few days after Christmas 2019 by Philippe Humeau, Thibault Koechlin, and Laurent Soubrevilla, CrowdSec is planning on expanding the team, and presumably the product offering with the funding provided by Breega. Pledged to remain free to its community, CrowdSec’s commercial offering is slated to go live later this year, and the company reports that they are already in talks with major corporates, and cloud and hosting companies.
"Digital has become a natural extension of our lives and we need to provide an answer to the societal problem posed by mass hacking,” comments Breega co-founder Maximilien Bacot. “The techniques (or trends) developed over the last 30 years have clearly failed to address this problem. So it seems logical to us to propose a community-based approach, which has already proven effective in so many other areas, yet has not been applied to cybersecurity ... until now."