CrowdSec

CrowdSec is a French startup that owns an open source software for identifying and sharing malicious IP addresses. It was founded in 2019 by Philippe Humeau, Laurent Soubrevilla and Thibault Koechlin.

CrowdSec works by looking for aggressive IP address behavior by reading service, container or server logs. These logs can be local (Linux / BSD / Windows) or come from a SIEM (ELK) or directly from a cloud service (Cloudtrail, pubsub, etc.).

When an IP address is identified by the security engine as actively attempting to penetrate or corrupt the protected system, it is blocked by a remediation component that may be part of the CrowdSec solution or may already exist (firewall, proxy, etc. .). Several remedial choices are offered, ranging from banning the IP to sending a Captcha or even Http notification, depending on the context and needs.

The system is participatory because if an IP address exhibiting aggressive behavior is spotted by a member of the user network, its report is confronted with the entire network for approval. If a sufficient number of trusted participants report the same behavior from this IP, it is then included in a block list distributed to all participants. The IP is then removed from this list when network participants stop reporting it for a sufficient period of time.The block list provides protection against attacks aimed at exploiting massive vulnerabilities on the Internet, while the security engine aims to protect against targeted attacks.

The security engine that analyzes logs and responds to threats is open source and distributed under the MIT license. Software is free to use and the company is remunerated on the sale of signals to customers not participating in the detection network as well as by providing additional services oriented towards large accounts.

In October 2021, during its first participation in the Assises de la Sécurité, CrowdSec presented its open source security suite. This suite includes an MIT-licensed Intrusion Detection System (IDS), as well as a free Intrusion Prevention System (IPS) that helps manage attacks based on each company's specific business needs. In addition, the suite also includes Collective Threat Intelligence (CTI) to protect all users.By 2021, CrowdSec has crawled over 130,000 IP addresses. and is used in over 90 countries

In February 2022, Crowdsec launched its tool on OPNsense, an open source firewall and routing software based on FreeBSD.

In October 2020, Crowdsec carried out its first fundraising of 1.5 million euros, carried out with business angels and organized by Reflexion Capital.In May 2021, the startup CrowdSec raised 4 million euros in seed from Breega to develop its platform.In October 2022, Crowdsec raised 14 million euros in Serie A from Supernova Invest (Lead), Breega (follow-on) & Louis Christophe Laurent (BA)