User testimonial with Lookopen: make your security smarter with CrowdSec
Did you know that every day across the Internet, each IP address is scanned hundreds of times? Or that more than 2,000 attacks are perpetrated, stealing 1.4 million personal records? That’s right, every single day!
Companies, institutions, individuals are more aware of the issue than they used to be and are ready to deal with it. According to Forbes, worldwide spending on cybersecurity is predicted to reach $1 trillion in 2021. But there is no such thing as 100% bulletproof security. As we are already half way through 2021, we can see an increase of more complex attacks able to break the most advanced security and defense systems. We, at CrowdSec, also work to make our product stronger in order to fit today’s needs of increased security.
We were glad to have a chat with Dyllan Pascoe, a dear community member from South Africa and co-founder of Lookopen, who is sharing a bit of insights about what CrowdSec is all about, and how it could help you secure your IT assets.
Hi Dyllan. Can you tell us about yourself and give a brief description of your company?
My name is Dyllan, I was born in South Africa 41 years ago and am based in Cape Town. I am a geek by nature and started to use Open Source software when I was 16.. I always tried to push OSS to corporations I worked for as I believe in the Open Source model and the quality of the software it produces.
In 2014, I founded Lookopen, an IT consulting company specializing in Open Source Solutions. The idea was initially to advise companies on how to move away from desktop style installations to Linux based environments. Our value proposition evolved over time and today we manage Linux servers for our customers and will custom design servers to meet their requirements. On top of that, we secure and maintain servers while also providing support. Today we manage approximately 50 Linux cloud based servers for our customers. A lot of our customers are developers who reached out to us to help them manage the deployment of their software applications to the cloud.
What challenges brought you to use CrowdSec?
To further secure our customers' public facing servers we designed a bastion/jumphost solution to help mitigate botnets targeting publicly exposed SSH ports. We used Fail2ban to manage the identification and blacklisting of malicious requests at the firewall level. This setup was able to limit botnet exposure by forming a direct channel for all SSH connections. Customers’ SSH connections would filter through the bastion hosts first before reaching their server, increasing security substantially while minimizing exposure to botnets.
Regular botnets don’t attack application servers that don’t have an SSH port open on the firewall. However, as defense solutions, they also tend to get smarter. In that case, they found ways to overcome Fail2ban by connecting to an SSH port while maintaining the connection. As a result of this Fail2ban wouldn’t block the botnet because it relies on a mechanism of multiple connection attempts in order to block the botnet. For several months we struggled with the increasing traffic from botnets to our bastion servers because of the increased complexity of their attack approach, and it became clear that we needed to find an alternate solution to mitigate these attacks. This is where CrowdSec came into play.
What do you like about the solution?
In December 2020, the CrowdSec team released their v1.0.x version, introducing a pivotal architectural change: a local REST API. I have to say they nailed it with this addition. It is easy to use, smarter and more modern. It makes life a lot easier. You can talk directly to central API servers, which is key when you manage multi-server infrastructures. Seeing all servers communicate together honestly blew my mind. It is also possible to pull CrowdSec information into dashboards to monitor your data, which is very helpful. Facilitating decision-making across all our machines based on one event on a single server enabled us to save a tremendous amount of time and effort. When a decision is made on one server it propagates that decision amongst all our servers thereby blocking potential malicious attacks on the rest of our servers even before the botnet has a chance to move on, and in a matter of seconds.
Anything you would like to add to wrap things up?
The clean web design, the support channel (where you can directly interact with the team) , the idea behind crowdsourcing, the bouncers, it’s all genius. I had been looking for something like this for a while and now I am like a kid in a candy shop! Every single customer of mine is getting a CrowdSec install. So much care and detail has gone into this project, it's a reminder of what the Open Source community is all about. The crowdsourcing of baddies is no longer an ambition, it's here. Thanks for your hard work guys and bravo!
If you are interested in testing CrowdSec v1.x or would like to get in touch with the team, please find us on Gitter, GitHub or Discourse.