Photo by Dan Burton on Unsplash

Photo by Dan Burton on Unsplash

CrowdSec crowd security service

Strength in Numbers

Article from ADMIN 73/2023
By
Threats can be detected and averted at an early stage with crowd security, in which organizations form a community to take concentrated action against cyberattacks by sharing attack data. We explain how this strategy works with the CrowdSec cloud service.

Cyberattacks are constantly on the rise, and ransomware is spreading rapidly. As a result, corporations also need to update their security strategies constantly. And it is better to fight against aggressors together than go it alone, according to CrowdSec [1], an open source cloud service and participative intrusion protection system (IPS) capable of analyzing the behavior of systems and providing a customized response to attacks. The tool acts as a community, sharing attack intelligence and fighting cyber criminals together. In this way, corporations can rely on data from the entire community to protect their servers, and not just on information obtained from their enterprise.

Information can come from syslogs, CloudTrail events, security information and event management (SIEM) systems, and other sources (e.g., from firewalls or the event viewer of Windows servers). Community members can access the details of the analyzed data and build their own intrusion detection systems (IDSs). The process of sending and receiving information can also be fully automated. After the initial setup, the system is autonomous. You can check the cloud service web console to discover whether your servers have been attacked and whether you need to take any action.

The software used in a CrowdSec network runs locally, but it can access community data offline, which means the software agent at the local data center can quickly identify unfriendly IP addresses drawn from community information. If your installation discovers new, unfriendly IP addresses itself, it in turn can upload that data to the cloud. After verification, these new addresses are published in the community.

Agent-Based Flexible Use

Corporations do not need to replace their entire security setup when they start using CrowdSec. Because the functionality resides in the cloud, you don't

...
Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Building a defense against DDoS attacks
    Targeted attacks such as distributed denial of service, with thousands of computers attacking your servers until one of them caves in, cannot be prevented, but they can be effectively mitigated.
    more »
  • MobaXterm: Unix for Windows

    MobaXterm, a portable X server for Windows, bundles built-in Unix/Posix tools into a single portable EXE file, letting you use a Linux command line and tools on the Windows desktop.

    more »
  • Photo by Rayner Simpson on Unsplash
    Intrusion Detection with OSSEC
    The OSSEC free intrusion detection and host-based intrusion prevention system detects and fixes security problems in real time at the operating system level with functions such as log analysis, file integrity checks, Windows registry monitoring, and rootkit detection. It can be deployed virtually anywhere and supports the Linux, Windows, and macOS platforms.
    more »
comments powered by Disqus