Outnumbering cybercriminals all together

CrowdSec is an open-source and collaborative intrusion detection and remediation cybersecurity stack.
Analyze behaviors, respond to attacks & share signals across the community.

Illustration of the heart not yet protect by CrowdSec

WHY CROWDSEC

Cybercriminals use compromised machines’ IP adresses to stay anonymous. But by teaming together, Sysadmins, Devops & Secops can outnumber them and burn all their precious masks. That is the essence of CrowdSec: a collaborative Cyber Security effort to secure the Internet, our countries, companies, institutions, privacies, personal data.

All together

PRODUCTS

Discover our products

CrowdSec provides a full suite of cybersecurity products for efficient protection of your online services, a SaaS-based dashboard to visualize & act upon threats, and a crowd-based threat intelligence database to preventively block aggressive incoming traffic

HOW TO GET started?

01
Create an account on the Console
02
Install the Agent on your servers
03
Use global CTI to detect cyberattacks
Crowdsec Console
01
CrowdSec Console

CrowdSec Console is your SaaS cockpit to pilot your network's security. It allows SecOps teams to visualize intrusion attempts, get alerts on unusual activities, obtain intelligence on attacking IP addresses and manage the CrowdSec setup.

graphic illustration for the product crowdsec console
02
CrowdSec Agent

An open-source Intrusion Prevention System that provides reactive and preventive protection to your online services. It detects any suspicious IP online activity and immediately remediates it to prevent damage. CrowdSec Agent is also interfaced with the community IP blocklists to preventively block IPs flagged as dangerous by the CrowdSec community.

graphic illustration for the product crowdsec agent
Crowdsec Agent
03
CrowdSec Threat Intelligence

CrowdSec Threat Intelligence is the community-fueled IP real-time reputation database. It helps SOC teams or analysts to better understand incoming traffic and behavior and provides context to focus on important threats & eliminate background noise. With API interfaces for most SIEM solutions, SOCs and firewalls, CrowdSec CTI helps reducing alert fatigue and provides data to preventively block nefarious IPs.

graphic illustration for the product crowdsec threat intelligence

CrowdSec in figures

Alpaga icon

3.2 million

Rogue IPs detected

Yellow Github Icon

5.3 K

Stars on GitHub

Earth icon

160

Countries

People icon

+50k

Installations

Curved blue backgroundCurved blue backgroundCurved blue background

The open-source and participative cyber defence solution

CrowdSec is the first open-source and collaborative cybersecurity solution, designed to run seamlessly on virtual machines, bare-metal servers, containers or to be called directly from your code with our API.

3 alpacas with sunglasses in an icon

Collaborative Security

Our strength comes from our cybersecurity community that is burning cybercriminals’ anonymity. IP adresses are the main resource behind every nefarious or criminal activity. By sharing IP addresses that aggressed you, you help us curate and redistribute a qualified IP blocklist to protect everyone preventively.

Icon to illustrate global protection

Local detection - global protection

CrowdSec acts on two levels.

Locally, on your servers where CrowdSec Agent analyzes activity logs in real time, identifies suspicious behavior, acts upon IPs and shares the data with the community.

Globally, by aggregating, curating and redistributing blocklists to the community, to preventively block all flagged IPs on every CrowdSec user's machine.

Icon representing a rocket to illustrate high performance

High Performance

CrowdSec was created with peak performance in mind. Developed in Go for ultra fast execution and low memory footprint, CrowdSec is able to analyze thousands of lines of logs without impact on user service.


No matter if your servers or attackers are using IPV4 or IPV6 addresses, CrowdSec will do the job. This next-gen HIDS has been designed to not only deal with IPs but also with user sessions and more business-oriented layers.

Dashboard icon

Observability

Dashboards are great steering tools. CrowdSec is instrumented with Metabase & Prometheus to help you make smarter investments of both time & money and better defend yourself.

For more advanced monitoring, CrowdSec comes with an online Saas service to manage fleets of servers, visualise attacks and alerts in real-time and remediate intrusion attempts.

Earth Icon to illustrate cumulating layers of defence

Have an EDR / XDR / NDR? Awesome

Cybersecurity is about cumulating layers of defense. If you already use security tools to monitor intrusions, CrowdSec integrates nicely with stacks already in place through APIs to feed them with intelligence and supercharge their efficiency.

Control icon to illustrate GDPR compliance

GDPR Compliant

Sharing is caring but privacy matters even more. We collect the very strict minimum in order to be GDPR compliant. Hence, we never export your logs . The only data sent for curation are a timestamp, the aggressive IP, and the scenario used in the attack.

Icon representing a magic wand to illustrate the ease of use

Ease of use

CrowdSec is designed and developed by former pentesters, SecOps & DevOps, to be a fire-and-forget, easy-to-deploy, automate, configure and maintain software. This is what CrowdSec is about: bringing security to the largest number.

Additionally, CrowdSec is available on a variety of OS & containers, and integrated with a large number of services (servers, proxies, WAFs , etc.) to ensure you are protected regardless of your IT architecture.

3 alpacas with sunglasses in a medal

Join the crowd

Cybercriminals constantly collaborate together, on a world scale. Each IP they control are anonymity tokens to hide their hacktivities. Our only chance is to stand as a crowd and act in a coordinated way, as they do. When you, Sysadmins, DevOps & SecOps join forces, you outnumber them and can burn their IPs one by one, crippling this precious anonymity.

Illustration of the world map, with little alpacas everywhere, carrying flags
Illustration of an insect robot
Illustration of a crab robot

Leverage CrowdSec across diverse industries

Select
CrowdSec for 

VOIP

VOIP operators are frequently the target of credential thefts, allowing criminals to call additionally taxed telephone number services they own to cash-in money. CrowdSec protects VOIP servers by detecting and blocking credential brute forces attacks.

VOIP
CrowdSec for 

Ecommerce

Ecommerce websites are amongst the most attacked websites. Most commun attemps include page scraping, credit card stuffing, credential stealing or scalping. CrowdSec provides protection against intrusion attempts by detecting all malicious activity and banning nefarious traffic while limiting false positives.

Ecommerce
CrowdSec for 

MSSP

CrowdSec offers Managed Security Service Companies a simple all-in-one tool to monitor intrusion attempts on fleets of servers. Able to detect a large variety of attacks, CrowdSec comes with a dedicated SaaS tool to visualise and remediate all nefarious activity.

MSSP
CrowdSec for 

SOC teams

With 50% of internet traffic generated by bots, Security Operations Center analysts are frequently overwhelmed with alerts and false positives. CrowdSec identifies automated and malicious trafic to feed only highly curated data to analysts, to remove alert fatigue and allowing users to focus on high priority threats.

SOC teams

Discover how companies are using CrowdSec

See all use cases

Lookopen

We had a chat with Dyllan Pascoe, co-founder of Lookopen. Find out how he used CrowdSec and how it helped him secure his clients' IT assets.

Read use case

Siegler Informatique

Yannick Siegler has been one of our earliest adopters and most involved community member. Discover his CrowdSec use cases, both for personal and professional use.

Read use case

EsyOil

esyoil is using CrowdSec to bring multiple data sources together and block IPs even before they do something bad, leveraging log analysis.

Read use case
2 purple alpacas in suits and sunglasses

Open-source since Day 1

At CrowdSec we believe the best way to develop cybersecurity software is to make them open-source. We are all about transparency, code quality and auditability. For us, it is the only way to create confidence in the software and in the code quality.


That is why we chose to make CrowdSec Agent open source from its inception with the most permissive license, MIT. Additionally, in time, we plan to open source other components of the CrowdSec solution.

Where you can use CrowdSec

OS

Linux
Linux
Coming soon
BSD
BSD
Coming soon
Apple
Apple
Coming soon
Windows
Windows
Coming soon
Open WRT
Open WRT
Coming soon

Services

Iptables
Iptables
Coming soon
Nftables
Nftables
Coming soon
Nginx
Nginx
Coming soon
Apache
Apache
Coming soon
Caddy
Caddy
Coming soon
PF
PF
Coming soon

Languages & Frameworks

JS
JS
Coming soon
PHP
PHP
Coming soon
Wordpress
Wordpress
Coming soon
Arduino
Arduino
Coming soon
Python
Python
Coming soon
Symfony
Symfony
Coming soon

Platforms

Cloudflare
Cloudflare
Coming soon
GCP
GCP
Coming soon
AWS
AWS
Coming soon
Docker
Docker
Coming soon
Traefik
Traefik
Coming soon
Envoy
Envoy
Coming soon

DIVE INTO CROWDEC’S UNIVERSE

Get started with
CrowdSec today