CrowdSec, the Paris-based collaborative and open-source cybersecurity solution, has announced its expansion into the United States with the launch of a new suite of cybersecurity products. Made up of three products (CrowdSec Agent, CrowdSec Console and CrowdSec Threat Intelligence), the introduction of this suite will allow users to detect, block, and share intelligence on cyberattacks, leveraging crowd and community intelligence to mutualize threat detection and remediation of online services, providing an exhaustive cyber defense.
Having recently been awarded a spot on G2’s 2022 Best Security Products list, CrowdSec acts as a “Waze-like” open-source collaborative IPS (intrusion prevention system), in which its users share information to protect each other from threats. There are hundreds of thousands of cyber threats that happen each day, including data breaches, brute force, and distributed denial-of-service (DDoS) attacks. CrowdSec’s philosophy is that giant threats demand an army of responders. Their platform leverages its more than 30,000 users in 120+ countries to identify bad cybersecurity actors and create a database of malicious IPs for all community members to block as well, generating a real-time crowdsourced CTI (cyber threat intelligence database). Using this model, CrowdSec has so far been able to facilitate the blocking of approximately 2 million malicious IP addresses in the past 12 months.
With this new expansion into the U.S., CrowdSec is launching a new solutions stack, comprised of three main products:
- CrowdSec Agent: A malicious activity detection and remediation tool
CrowdSec Agent is the workhorse of the solution. Similar to an IDPS (Intrusion Detection and Prevention Solution), the software runs on users’ servers and combines malicious activity detection and remediation. CrowdSec Agent can parse any service logs (servers, applications, services etc.), detect malicious behavior patterns and pinpoint the IP addresses those activities originate from. Detected IPs are immediately acted upon to block, ban or challenge them. Additionally, those IPs are shared with all other CrowdSec users for automatic remediation on each user’s server. By attempting to attack one user, that IP gets automatically blocklisted at every other CrowdSec user’s service, making it totally useless for the cybercriminal.
- CrowdSec Console: Instant overview of any suspicious activity
CrowdSec Console is a SaaS platform that supercharges CrowdSec Agent with actionable data visualization and user management capabilities. Users can connect their Agents to visually explore threats, alerts, remediation decisions and get an instant overview of any suspicious activity. It also allows users to subscribe to third-party IP blocklists and access premium features such as advanced user management and multitenancy, single sign-on, self threat assessment and dedicated support. The Console also serves as a gateway to query the CrowdSec Threat Intelligence IP database to get more detailed intelligence on suspicious IPs.
- CrowdSec Threat Intelligence: The ultimate cyber threat intelligence database
Fueled by the worldwide community of users, CrowdSec Threat Intelligence provides the most exhaustive, diverse, and precise intelligence on nefarious IP addresses. CrowdSec Threat Intelligence enriches the IP metadata by cross-referencing with external sources and adding additional information to help organizations make precise decisions. Through the API interface, users can see granular information including Autonomous Systems, country of origin, aggressiveness, and the types of attacks in which the IP was involved.
In addition to leveraging its 23,000+ user community to protect from malicious IP addresses, CrowdSec also publishes a quarterly report based on user-shared data, providing insights into the state of cybersecurity, the types of threats that are being reported, where the threats are being deployed and trends to look out for in the future. The Q4 2021 Majority Report shows that from October through December of 2021, CrowdSec users reported a total of 15.9 million cyberattacks, with scanner attacks being the most popular (39%), followed by brute force attacks (34%). When it came to how quickly malevolent IP addresses were handled, cloud providers in China and Russia were less stringent in addressing how their IP addresses were being used.
“CrowdSec’s collaborative approach represents a strategic shift for protecting digital assets. The key focus is that our solution enables users to protect each other, not only blocking attacks, but also sharing IP addresses with the entire user community so that they can also block them. By protecting your assets, you’re protecting your neighbors, the school next door, the local hospital and all others who could be vulnerable to cyberattacks. Today, we are happy to launch our award-winning solution in the United States to make this type of security widely available to all American organizations.” said Philippe Humeau, CEO of CrowdSec.