The CrowdSec project aims at providing a crowdsourced approach to common infrastructure defense problems, by distributing free & open-source software allowing to protect yourself and share information about malevolent actors. These software components, of which Crowdsec is the main piece, work by processing logs and enriching them, to apply behaviour-based scenarios (heuristics) that will identify attacks pattern. One of the core concepts of Crowdsec is to separate the detection of an attack and its reaction, to be suitable for modern architectures. While Crowdsec is in charge of the detection, the reaction is performed by "bouncers" that aim to be deployable at any level of the applicative / infrastructure stack.
The CrowdSec project aims at providing a crowdsourced approach to common infrastructure defence problems, by distributing free & open-source software allowing you to protect yourself and share information about malevolent actors. These software components, of which Crowdsec is the main piece, work by processing logs (or more generally information stream) and enriching them, to apply behaviour-based scenarios (heuristics) that will identify attacks pattern.
One of the core concepts of Crowdsec is to decorrelate the detection of an attack and its reaction, to be suitable for modern architectures. While Crowdsec is in charge of the detection, the reaction is performed by "bouncers" that aim to be deployable at any level of the applicative / infrastructure stack : - as a nftables/iptables daemon "a la fail2ban" - as a nginx plugin - as a wordpress plugin - a kubernetes ingress controller - etc.
We hope that this approach, combined with a declarative configuration and a stateless behaviour, will make it an ideal candidate to enhance the security of modern stacks (containers, k8s, serverless and more generally automatically deployed infrastructures). We are committed to building a strong community, with all that it implies : - a public hub to find, share and amend parsers, scenarios and bouncers. - permissive open-source licence to stay business-friendly
and overall a strong commitment to transparency and community-first mentality, by tooling and behaviour
Speakers: Thibault Koechlin