Gain real-time & crowdsourced protection against aggressive IPs.
Our mission is simple Make the Internet a safer place for everyone
CrowdSec
CrowdSec generates a real-time crowdsourced CTI (cyber threat intelligence database): when a malicious IP is identified and blocked locally, it is then shared with the community.
Real-time data
Zero-false positives
Actionable Threat Intelligence
Behavior analysis
Contextualized data
How the CrowdSec agent works
Where you can use CrowdSec
OS
Services
Languages & frameworks
Plaftorms
CrowdSec Threat Intelligence
Community-fueled IP reputation database
The most advanced real-world CTI
Only highly accurate and detailed information
Highly curated data sets
Seamless integration with your cybersecurity solution
CrowdSec Security Engine
CrowdSec Console
CrowdSec Threat Intelligence
CrowdSec Security Engine
Local detection, global remediation
CrowdSec Security Engine defends against intrusions by analyzing logs to identify and block offending IPs. Flagged IPs are then sent to the community blocklist to protect the Crowd.
Real-time detection of suspicious traffic & behavior
CrowdSec Security Engine, the open-source intrusion prevention system written in Go, protects against attacks on any server by parsing real-time service logs (servers, SSH, WordPress etc. logs) by detecting malicious behaviors.
- A variety of scenarios to detect attacks: bruteforce, HTTP attacks, scans, L7 DDOS, website scalping/scrapping etc.
- Compatible with most OS (Linux/BSD/Windows), all popular servers (Nginx, Apache, Traefik, Caddy etc.), container-type setups
- Can be used at the application level with WordPress, Magento, or any PHP or Python-based website
Our bouncer blocks cyberattacks
CrowdSec Security Engine comes with a remediation component, called “bouncer”, to act on identified threats. The bouncer interfaces with firewalls to ban or block nefarious IPs. It will also consume the community blocklist to preventively block IPs that have been shared by CrowdSec users.
- Compatible with most firewalls (Iptables, Nftables), application firewalls (Cloudflare, AWS WAF) or dedicated OS (OPNSense)
- Decoupled from the detection mechanism for flexible setups where detection is done on one machine, while remediation is achieved on other machines
- Customizable. Custom bouncers can be created to execute any script, depending on your use case
Community-fueled blocklist
rowdSec uses the power of the crowd to maintain and distribute IP blocklists to preventively block intrusions. Based on the gathered behavior patterns, the service can assess the reputation of an IP address in real time.
- Our curation mechanism ensures the reliability of the blocklists sent back to users. Combining a trust rank mechanism, behavior, our own honeypot network and a whitelist, the consensus engine ensures blocklists contain only “shoot-on-sight” IP addresses.
- IP threat level is evaluated in stream processing, based on sightings from the CrowdSec network
- This highly dynamic system ensures that blocklists contain no false positives or poisoning attempts, allowing your IPS to focus on really dangerous IPs.
Open source since day 1
Open-sourcing the CrowdSec Security Engine is critical to guarantee full transparency, quality and reliability to our users, while offering the community the opportunity to contribute at the code base.
- Open-sourced under the MIT license, the most permissive in the world
- We welcome contributions from the community whether it is to enhance the code base of the CrowdSec Security Engine or to create new attack detection scenarios, bouncers or ports on new platforms.
- The CrowdSec Hub centralizes all detection scenarios, bouncers or collections developed by the CrowdSec team and the community. Check it out for the latest updates!
How the CrowdSec Security Engine works
The feed can be consumed by your firewall or any existing remediation mechanism.
CrowdSec Security Engine key features
Real-time decision management
Complete real-time decision management within the console with the Polling API.
Auditd
Support
It allows you to detect “Post Exploitation Behaviors”
AWS Cloudtrail Scenarios
Detect and better understand what is happening on your cloud.
CAPI
Allow list
Create allow lists that also apply to the community blocklist.
Detection Engine Improvements
Experience increased efficiency with faster response times for high-volume log processing and a decrease in required processing power.
Feature Flag
Support
Try all new beta features by activating manually features disabled by default.
Kubernetes Audit Acquisition
Monitor and protect your whole K8s cluster, not just the services running on it.
New Blocklist API and Premium Blocklists
Subscribe to at least 2 CrowdSec blocklists in addition to the community fuelled blocklists.
Why use our Security Engine
Reduce intrusions
by 90%
By using CrowdSec Security Engine, users noticed a 90% drop in intrusion attempts on their online services, due to the community blocklist containing a curated list of aggressive IPs.
Eliminate alert fatigue with 0 false positive
By preventively blocking aggressive IPs, and Internet background noise, SOC teams and security analysts can focus on alerts that matter.
Seamless
setup
CrowdSec Security Engine was developed to fit the needs of modern IT setups. Working with all popular server OS, containers, servers and applications, the Security Engine is easy to set up and integrates effortlessly with your CI/CD process.
CrowdSec Security Engine in few figures
CrowdSec has quickly grown to become the largest crowd-powered CTI network.
38M
Rogue IPs in the CTI database
45K
“Shoot-in-sight” IPs in the blocklist
14M
Signals/day received from the community
65K+
Machines contributing to the CTI
CrowdSec Console
Monitor cyber threats on online services
Connected to CrowdSec Security Engine, the Console provides a visual data panorama of threats, alerts, remediation decisions, and suspicious IP activity.
Connecting CrowdSec Security Engine to the Console
Access an instant overview and be alerted of all suspicious acting
- Attach your existing CrowdSec Security Engine installations to the Console with a simple CLI command
- Manage fleets of CrowdSec installations and monitor installed scenarios, bouncers, alerts or software versions
- Manage your machines through naming and tagging
Get a visual overview of intrusion attempts
Explore all suspicious activity and intrusion attempts to understand the threat landscape
- Visualize all alerts on all installations either with a detailed list of all attacks or with charts
- Explore the data with simple or complex filters (inclusion, exclusion through criteria…)
- Click on an IP address to learn about its reputation
Understand suspicious activity on your services
CrowdSec reduces alert fatigue and allows users to focus on important threats and attacks
- Identify which IP is attacking your services and through which attack vector
- Analyze past activity history over time and months to identify trends and patterns
- Create organizations, invite team members and share results for collaborative analysis
Leverage cyber threat intelligence from the CrowdSec community
CrowdSec Console shares data from the CrowdSec community-driven CTI to provide detailed information on each IP’s activity and reputation
- Assess the aggressivity of each IP, based on reports from the CrowdSec community
- Find out more about offending IPs: country of origin, autonomous system, type of attacks, aggressivity level, report dates etc.
- Understand how this IP is attacking your environment: how, when etc.
Why use the CrowdSec Console
Centralized overview of all your CrowdSec installations
Centralized overview of all your CrowdSec installations
All alerts & attacks on all your servers in one place
Immediate overview of all threats, alerts on all your machines for faster decision-making
Bridge to the CrowdSec Cyber Threat Intelligence
Console offers an interface to access the community-fueled CTI to retrieve detailed intelligence on all attacking IP addresses
CrowdSec Threat Intelligence
The largest community-fueled CTI network on earth
CrowdSec CTI distributes IP reputation intelligence, allowing SOC teams & security analysts to obtain highly curated data on intrusion attempts, origins, and trends.
The most advanced real-world CTI
CrowdSec CTI leverages the tens of thousands of users of CrowdSec to centralize, curate and redistribute data from real-life users and applications.
- Most CTIs use honeypots to collect cyber threat data. CrowdSec CTI focuses on data from real users, all over the world, operating a large variety of services & apps to provide precise data
- Our users are in more than 180 countries and have hundreds of different use cases, giving accurate context to each attack
- CrowdSec CTI operate two databases: Smoke, containing raw data from our users, and Fire, with rigorously filtered data on especially dangerous IPs
Highly accurate and detailed information
CrowdSec users share millions of signals daily, allowing us to gather a large amount of information on each IP address.
- Each IP address shared gives us information on the type of attack, moment and use case, allowing us to assess its aggressivity of each IP address.
- CrowdSec enriches that data with third-party resources to add information such as country of origin, autonomous system etc.
- Reputation data is frequently refreshed to make sure it reflects the lifecycle of an IP address.
Strictly curated data sets
Most CTI solutions are crippled by low data quality. False positives, deprecated data or poisoned bases increase alert fatigue and provide unreliable information to make decisions. CrowdSec CTI is curated to make sure only high-confidence data is shared with the users.
- Each contributing user gets a reputation score based on seniority and contribution. The higher the reputation, the higher the value the curation algorithm will give to the data provided by the user
- CrowdSec operates its own network of honeypots. User data is correlated with data from honeypots to ensure homogeneity.
- The Smoke database exposes non-curated data to enrich SOC teams or analyst data
- The Fire database provides curated data for direct ingestion by firewalls to preventively block aggressive IPs.
Seamless integration with your cybersecurity solution
CrowdSec CTI was designed to seamlessly interface with most cybersecurity solutions.
- Individual queries on IP addresses can be done through a dedicated UI in CrowdSec Console, or directly through an API.
- CrowdSec CTI can stream IP blocklists directly to any firewall or remediation solution. Whether you use Palo Alto or OPNSense, your solution will consume IP data to provide preventive defense.
- Full bulk lists of IP data can also be purchased for data analysts or to train AI models.
How the CrowdSec CTI works
The feed can be consumed by your firewall or any existing remediation mechanism.
Why use the CTI
Real-World data from real users
By providing data coming from real users and real applications (and not honeypots), CrowdSec CTI ensures data is high quality.
Largest global CTI
CrowdSec CTI is the largest threat intelligence source in the world, taking in millions of signals monthly from tens of thousands of users to provide exhaustive data sets.
100% Accurate
Our advanced curation mechanism allows for the elimination of all false positives or poisoning attempts, making sure users receive the most accurate data possible.
CrowdSec CTI in few figures
CrowdSec CTI is a collaborative cyber threat intelligence platform providing real-life and highly curated data on IP reputation, helping cybersecurity experts to better assess threats and fight back more efficiently.
38M
Rogue IPs in the CTI database
45K
“Shoot-in-sight” IPs in the blocklist
14M
Signals/day received from the community
65K+
Machines contributing to the CTI
| 檔案類型 | 檔案名稱 | 下載 | 分享 |
|---|---|---|---|
| 產品資料 | CrowdSec two pager (PDF) |
關於 CrowdSec
產品介紹
資源中心
品牌新訊
Gain real-time & crowdsourced protection against aggressive IPs.
Our mission is simple Make the Internet a safer place for everyone
CrowdSec
CrowdSec generates a real-time crowdsourced CTI (cyber threat intelligence database): when a malicious IP is identified and blocked locally, it is then shared with the community.
Real-time data
Zero-false positives
Actionable Threat Intelligence
Behavior analysis
Contextualized data
How the CrowdSec agent works
Where you can use CrowdSec
OS
Services
Languages & frameworks
Plaftorms
CrowdSec Threat Intelligence
Community-fueled IP reputation database
The most advanced real-world CTI
Only highly accurate and detailed information
Highly curated data sets
Seamless integration with your cybersecurity solution
產品查詢
電話:(852) 2893 8860
電郵:sales@version-2.com.hk
產品查詢
電話:(852) 2893 8860
電郵:sales@version-2.com.hk
