Photo by Dan Burton on Unsplash

Photo by Dan Burton on Unsplash

CrowdSec crowd security service

Strength in Numbers

Article from ADMIN 73/2023
Threats can be detected and averted at an early stage with crowd security, in which organizations form a community to take concentrated action against cyberattacks by sharing attack data. We explain how this strategy works with the CrowdSec cloud service.

Cyberattacks are constantly on the rise, and ransomware is spreading rapidly. As a result, corporations also need to update their security strategies constantly. And it is better to fight against aggressors together than go it alone, according to CrowdSec [1], an open source cloud service and participative intrusion protection system (IPS) capable of analyzing the behavior of systems and providing a customized response to attacks. The tool acts as a community, sharing attack intelligence and fighting cyber criminals together. In this way, corporations can rely on data from the entire community to protect their servers, and not just on information obtained from their enterprise.

Information can come from syslogs, CloudTrail events, security information and event management (SIEM) systems, and other sources (e.g., from firewalls or the event viewer of Windows servers). Community members can access the details of the analyzed data and build their own intrusion detection systems (IDSs). The process of sending and receiving information can also be fully automated. After the initial setup, the system is autonomous. You can check the cloud service web console to discover whether your servers have been attacked and whether you need to take any action.

The software used in a CrowdSec network runs locally, but it can access community data offline, which means the software agent at the local data center can quickly identify unfriendly IP addresses drawn from community information. If your installation discovers new, unfriendly IP addresses itself, it in turn can upload that data to the cloud. After verification, these new addresses are published in the community.

Agent-Based Flexible Use

Corporations do not need to replace their entire security setup when they start using CrowdSec. Because the functionality resides in the cloud, you don't

Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus