Cybercriminals use compromised machines’ IP adresses to stay anonymous. But by teaming together, Sysadmins, Devops & Secops can outnumber them and burn all their precious masks. That is the essence of CrowdSec: a collaborative Cyber Security effort to secure the Internet, our countries, companies, institutions, privacies, personal data.
Discover our products
CrowdSec offers a crowd-based cybersecurity suite, designed to protect your online services, a dashboard to visualize & act upon threats and a TIP (Threat Intel Platform) to block IP known to carry aggressions
HOW TO GET started?
The Console is a cockpit to monitor your server's security. SecOps can visualize intrusion attempts, get alerts on unusual activities, and obtain intelligence on IP addresses.
The IDS leverages both IP behavior & reputation to shield your exposed services. Any aggressive IP is then blocked by the IPS, to stop it from interacting with your machines. Those open-source tools are constantly fed by an IP blocklist generated by our community of tens of thousands of servers
CrowdSec Threat Intelligence Platform is a curated & real-time database, generated by our community sightings of offending IPs. It helps SOC teams to focus on significant events by contextualizing threats and removing Internet background noise. With API interfaces for most SIEM solutions, SOCs & firewalls, it reduces alert fatigue and helps preventively blocks nefarious IPs
Rogue IPs under scrutiny
Stars on GitHub
The open-source and participative cyber defence solution
CrowdSec runs on Unix & Windows VMs, containers or bare-metal servers. It can even be interfaced with your existing code through our API.
Our strength comes from our cybersecurity community that is burning cybercriminals’ anonymity. IP adresses are the main resource behind every nefarious or criminal activity. By sharing IP addresses that aggressed you, you help us curate and redistribute a qualified IP blocklist to protect everyone preventively.
CrowdSec acts on two levels.
Locally, on your servers where CrowdSec Agent analyzes activity logs in real time, identifies suspicious behavior, acts upon IPs and shares the data with the community.
Globally, by aggregating, curating and redistributing blocklists to the community, to preventively block all flagged IPs on every CrowdSec user's machine.
CrowdSec was created with peak performance in mind. Developed in Go for ultra fast execution and low memory footprint, CrowdSec is able to analyze thousands of lines of logs without impact on user service.
No matter if your servers or attackers are using IPV4 or IPV6 addresses, CrowdSec will do the job. This next-gen HIDS has been designed to not only deal with IPs but also with user sessions and more business-oriented layers.
Dashboards are great steering tools. CrowdSec is instrumented with Metabase & Prometheus to help you make smarter investments of both time & money and better defend yourself.
For more advanced monitoring, CrowdSec comes with an online Saas service to manage fleets of servers, visualise attacks and alerts in real-time and remediate intrusion attempts.
Cybersecurity is about cumulating layers of defense. If you already use security tools to monitor intrusions, CrowdSec integrates nicely with stacks already in place through APIs to feed them with intelligence and supercharge their efficiency.
Sharing is caring but privacy matters even more. We collect the very strict minimum in order to be GDPR compliant. Hence, we never export your logs . The only data sent for curation are a timestamp, the aggressive IP, and the scenario used in the attack.
CrowdSec is designed and developed by former pentesters, SecOps & DevOps, to be a fire-and-forget, easy-to-deploy, automate, configure and maintain software. This is what CrowdSec is about: bringing security to the largest number.
Additionally, CrowdSec is available on a variety of OS & containers, and integrated with a large number of services (servers, proxies, WAFs , etc.) to ensure you are protected regardless of your IT architecture.
Cybercriminals constantly collaborate together, on a world scale. Each IP they control are anonymity tokens to hide their hacktivities. Our only chance is to stand as a crowd and act in a coordinated way, as they do. When you, Sysadmins, DevOps & SecOps join forces, you outnumber them and can burn their IPs one by one, crippling this precious anonymity.
VOIP operators are frequently the target of credential thefts, allowing criminals to call additionally taxed telephone number services they own to cash-in money. CrowdSec protects VOIP servers by detecting and blocking credential brute forces attacks.
Ecommerce websites are amongst the most attacked websites. Most commun attemps include page scraping, credit card stuffing, credential stealing or scalping. CrowdSec provides protection against intrusion attempts by detecting all malicious activity and banning nefarious traffic while limiting false positives.
CrowdSec offers Managed Security Service Companies a simple all-in-one tool to monitor intrusion attempts on fleets of servers. Able to detect a large variety of attacks, CrowdSec comes with a dedicated SaaS tool to visualise and remediate all nefarious activity.
With 50% of internet traffic generated by bots, Security Operations Center analysts are frequently overwhelmed with alerts and false positives. CrowdSec identifies automated and malicious trafic to feed only highly curated data to analysts, to remove alert fatigue and allowing users to focus on high priority threats.
At CrowdSec we believe the best way to develop cybersecurity software is to make them open-source. We are all about transparency, code quality and auditability. For us, it is the only way to create confidence in the software and in the code quality.
That is why we chose to make CrowdSec Agent open source from its inception with the most permissive license, MIT. Additionally, in time, we plan to open source other components of the CrowdSec solution.
Where you can use CrowdSec
Languages & Frameworks