We have in place new security measures that not only defends against DDoS, but also learns from the attacks.
This will reduce a lot of false positive ip bans and keep the good traffic flowing without interruption.
There is vicious internet attack tools on the net that gets used all the time to try to extort money or agenda’s out of companies and we need to team together to help stop the cyber attacks.
Now I originally was only using Config Server Firewall LFD and AI to analyze logs, and was sharing the public block list to everyone that wanted to use it to help cut down on attack traffic, but that just wasn’t reliable when it came to taking action in a timely manner.
Now we have deployed CrowdSec Security to go alongside our setup.
Hackers constantly collaborate together, on a world scale. Each IP they control are anonymity tokens to hide their hacktivities. Our only chance is to stand as a crowd and act in a coordinated way, as they do. When you, Sysadmins, Devops & Secops join forces, you outnumber them and can burn their IPs one by one, crippling this precious anonymity.
CrowdSec is an open-source and collaborative EDR.
Analyze behaviors, respond to attacks & share signals across the community.
- Parse logs
Acquire data from any source (syslog, cloudtrails, SIEM, etc.)
- Set up your own intrusion detection system
Apply behavior scenarios to identify cyberthreats
- Automate your security
Define the type of remediation you want to apply and where
- Leverage the communityâ€™s IP blacklist
Share and benefit from a crowdsourced and curated cyber threat intelligence system
The massively multiplayer firewall
CrowdSec is designed to run seamlessly on virtual machines, bare-metal servers, containers or to be called directly from your code with our API.
Our strength comes from our cybersecurity community which is burning hackersâ€™ anonymity. By sharing the IP addresses that aggressed you, you help us curate and redistribute a qualified IP blacklist to protect everyone.
Written in Golang, CrowdSec is 60x faster than its predecessor (Fail2ban) and can parse massive amounts of logs in no time. Agents can read log files, SIEM events, through a network socket and can be used in high throughput networks. For CPU & RAM-constrained assets, bouncers can just make very light API calls.
Multilayer & IPV6 ready
No matter if your servers or attackers are using IPV4 or IPV6 addresses, CrowdSec will do the job. This next-gen HIDS has been designed to not only deal with IPs but also with user sessions and more business-oriented layers.
Sharing is caring but privacy matters even more. We collect the very strict minimum in order to be GDPR compliant. Hence, weÂ neverÂ export your logs and the only data sent for curation are a timestamp, the aggressive IP, and the scenario used in the attack.