CrowdSec Multi-user firewall

Main articles:

• Open Source
• Firewall
• SaaS - History. Philosophy. Development Drivers

2021

Release of CrowdSec v.1.2 and Optimization of Consensus V2 Reputation System

On October 12, 2021, CrowdSec, the developer of a free crowdsourcing information security system, announced the release of the next version of its platform, CrowdSec  v.1.2. In addition to additional features and plugin support, the company optimized its reputation system for data sources, which it called Consensus  V2. Closed testing of the CrowdSec Console web console is also ongoing.

CrowdSec is a free collaborative dynamic software system safety with open source code or, if you use the definition of the developers themselves, a security system that allows you to provide "digital collective immunity." The system is based on two solutions: the first analyzes logs from available sources to identify potential cyber attacks to protect and user from most known attacks, and the second is responsible for sending information about data detected attacks and exchanging this data with other users. networks Thus, it is formed, database received from independent sources - users - and from "" (hanipot special resources created by the company itself as bait for attackers to collect). information It is using this that allows bases you to ensure the high efficiency of the system when protecting against cyber attacks.

In version 1.2, CrowdSec received support for plugins for sending notifications, which will allow you to quickly inform users and IB specialists about detected attacks and the decisions made by the system about blocking. Native plugin support will appear for applications, and Splunk Elasticsearch. Slack Also, community members will be able to develop plugins themselves using an open source system. In addition to plugins,  in release 1.2 there will be bouncers and, Cloudflare Nginx which will be available for download  in the repository. CrowdSec

Another important element of version 1.2 will be the upgrade of the reputation system to Consensus  V2. The reputation system is used CrowdSec so that attackers cannot "poison" the base and to avoid false positives that can make it difficult for users to work. At the beginning of October 2021, each user, whom the developers call "observers," has its own rating, which is based on several factors. Among them are the frequency of sending suspicious IP addresses and the correspondence of these data to information from other sources, including their own CrowdSec statistics, data from users with a high reputation and "Hanipots" of the company. The information is also compared with data from the Autonomous System (AS). The company is quite strict about the selection of "observers," the data from which is subsequently sent to the community to protect users from cyber attacks. Among the more than 700,000  IP addresses in the CrowdSec database, only 2%, according to the company, fall into the blacklist created by the community to avoid its "contamination" with unverified signals. In iterations of the reputation system, developers plan to gradually increase this percentage.

The company continues closed testing of the CrowdSec web console, which allows you to track data coming from several networks using a single web interface. It also gives IB specialists access to information and statistics about all notifications that are associated with attacks on their server, and the ability to export these logs in the.CSV format. To apply for testing, you must be registered on the project website.

Package Cloud Version CrowdSec v.1.1x Availability

CrowdSec, the developer of a free crowdsourcing information security system, announced on July 21, 2021 the release of an updated release of CrowdSec v.1.1x and the launch of distribution of the solution through the cloud platform Package Cloud.

Using the Package Cloud platform to distribute CrowdSec will significantly expand the range of operating systems supported solutions. Now, in addition Debian Ubuntu to and CrowdSec, it will be available for operating systems such as,, (Red Hat Enterprise Linux CentOS el/7 Amazon Linux , el/8, fc/33, fc/34, Amazon Linux/2 for x86-64 & Arm). At the same time as using the repository, Package Cloud CrowdSec received package support in RPM and Debian formats.

The CrowdSec platform is developed using open source software. It aims to deprive cybercriminals of their main advantage - anonymity. CrowdSec analyzes logs from all available sources and applies heuristic scripts to detect aggressive behavior and protect users and information systems from most known attacks. At the same time, the system exchanges analysis data with other installed instances of CrowdSec.

The system is not tied to any of the existing platforms and protects any resources at risk (bare-metal servers, containers, virtual machines, IoT objects, etc.) by simply adding several lines of code/configuration. Quick installation using the wizard can be performed even by a novice system administrator, DevOps specialist, or SecOps.

Package Cloud is a service designed to distribute packages (a combination of metadata, configurations and software) formed and ready for installation on computers running a number of operating systems * nix.

Installing updates as packages is a difficult procedure that often causes users difficulty. The desire to make it more predictable has led to the selection of Package Cloud as an additional package repository. Until now, when CrowdSec was distributed only through downloading directly from, GitHub we received many fair complaints. In addition, the use of only such a distributions software scheme complicated its testing on platforms other than amd64. We solved this problem by switching to using the AWS Code Build & CodePipeline test environment, "says Thibault Koshlen, technical director of CrowdSec.

The changed distribution scheme is not the only innovation in CrowdSec v.1.1x. The solution itself has also received a range of improvements. So, the data collection process has been redesigned, during which Amazon CloudWatch sources are now used, which allows you to monitor AWS resources and applications in your local environment and cloud. In addition, the CrowdSec can now be used as a syslog server, which allows you to further expand the number of data sources used by the solution.