Cybersecurity: sharing means caring

Did you know that every day across the Internet, each IP address is scanned hundreds of times? Or that more than 2,000 attacks are perpetrated, stealing 1.4 million personal records? That’s right, every single day!

In 2020, our ways of living and working turned completely upside down in a matter of days. We all brought our companies home and our homes in our companies’ systems. Staying connected to our colleagues, friends and family became a critical necessity, which opened the door for hackers to cause disruption and we saw a huge increase of attacks all around the world (+151% in H1’20 according to BusinessWire). As we go into lockdown 2.0 pretty much everywhere around the globe, these numbers are not likely to get any better soon. Today, the impact of cyberattacks can range from a few robbed bank accounts to influencing stock market activity or presidential elections. Stakes are extremely high.

Companies, institutions, individuals are more aware of the issue than they used to be and are ready to deal with it. According to Forbes, worldwide spending on cybersecurity is predicted to reach $1 trillion in 2021. But there is no such thing as 100% bulletproof security. In the past 3 years, major corporations such as Marriott, EasyJet, JP Morgan, Twitter, Facebook or Zoom, regardless of the enormous amounts of money they invested on security, have been breached and lost millions of dollars, user records, or data.

If those tier 1 companies, equipped with high-end tools, vast budgets, secops teams, and all threat intel and appliances you can think of got hacked, maybe it is not just a question of means.

Expensive security doesn’t mean better security. It is safe to say a new approach is needed. But before getting to this, let’s analyze why so many companies are hacked on a daily basis. There are four key factors at play here:

• Time. Attackers pick the when. Time is always against the defender.
• Unfiltered access. Nowadays, more than 80% of the traffic flows through unfiltered ports. Firewalls protecting only robust enough apps are now obsolete. But Mail, DNS, Web, APPs are not filtered and therefore the greatest attack vector.
• Perimeter. Bastions like in the early 2000’s no longer make sense as resources are now scattered across SaaS, clouds, containers, shadow IT setups. With the Covid-19 crisis on top, which generated tons of unsecured and VPNs access, you get a sense of what the real world is: a perimeter approach is not relevant anymore hence castle walls are useless.
• Money. Hackers are using stolen resources like compromised servers, free open source tools, and their own personal time, while companies are investing business time, money, experts, sec ops, appliances, licenses, compliance tests, etc. The game is way too asymmetrical.

Specialization could also be added to the picture. Programmers cannot be thinking like pen testers when they code. They already have to learn a new language every other day and cope with a constant flow of exotic demands. Where would they even find the time? Subsequently, the one building infrastructures, codes, and procedures don’t have hacker mindsets and are not trained to detect what could be insecure in the first place.

In the past 15 years, we all witnessed the rise of the social era leveraging crowd power, embodied by the climax of dozens and dozens of social media platforms, Waze, Airbnb, and many other very successful tech giants. Communications, booking vacations, funding ventures, driving, day-to-day business tasks were taken to a whole new level thanks to a crowd approach. Why not security? If people were willing to take advantage of this new togetherness to bring ideas and projects to unprecedented heights, why wouldn’t they be keen to unite to defend their privacies, companies, and personal data against cyberattacks?

For more than a decade, we had this idea in mind of making efficient security accessible by adding a community aspect to it so people could have each other’s backs. In December 2019, we thought it was the right time to launch CrowdSec.

CrowdSec is (and will always remain) an open-source & free security automation platform, relying both on IP behavior analysis and reputation. It is currently available for Linux, with ports to macOS and Windows on the roadmap, and can be found on GitHub.

The solution is designed to offer a first, efficient, layer of security to the greatest number and aims to become a global shield for digital services against port scans, web scans, credential or credit card stuffing, remote access brute force, and much, much more.

Once CrowdSec identifies a threat, it shares IP addresses behind malevolent behaviors across its community, to allow everyone to block them preventively. Users don’t report accidents, traffic jams, or police cars. They report hacker intrusion attempts of whatever kind, in a privacy-oriented manner, compatible with GDPR rulesets, since logs are never exported. People not using CrowdSec can just query our API to know about an IP reputation.

In just under 2 months, the CrowdSec community grew to be present in more than 50 countries across 6 different continents and already blocked 100,000+ malicious IPs around the globe, creating a global shield that will benefit us all.

Helen Keller once said, “alone we can do so little, together we can do so much.”

What if we could make the Internet safer, together?

Find us on our website and download the tool on GitHub.

Philippe Humeau, CEO @ CrowdSec