CrowdSec : A crowd approach to infrastructure defense
| Action | Key |
|---|---|
| Play / Pause | K or space |
| Mute / Unmute | M |
| Toggle fullscreen mode | F |
| Select next subtitles | C |
| Select next audio track | A |
| Show slide in full page or toggle automatic source change | V |
| Seek 5s backward | left arrow |
| Seek 5s forward | right arrow |
| Seek 10s backward | shift + left arrow or J |
| Seek 10s forward | shift + right arrow or L |
| Seek 60s backward | control + left arrow |
| Seek 60s forward | control + right arrow |
| Decrease volume | shift + down arrow |
| Increase volume | shift + up arrow |
| Decrease playback rate | < |
| Increase playback rate | > |
| Seek to end | end |
| Seek to beginning | beginning |
Share this media
HLS video stream
You can use an external player to play this stream (like VLC).
HLS video streamWhen subscribed to notifications, an email will be sent to you for all added annotations.
Your user account has no email address.
Information on this media
The CrowdSec project aims at providing a crowdsourced approach to common infrastructure defense problems, by distributing free & open-source softwares allowing to protect yourself and share information about malevolent actors.
These software components, of which CrowdWatch is the main piece (release date : 15th of may) work by processing logs (or more generally information stream such as cloudtrail or kafka) and enriching them, in order to apply behavior based scenarios (heuristics) that will identify attacks patterns and even sort targeted attacks from opportunistic ones.
One of the core concepts of crowdwatch is to decorelate the detection of an attack and its reaction, to be suitable for modern architectures.
While CrowdWatch is in charge of the detection, the reaction is performed by “blockers” that aim to be deployable at any level of the applicative / infrastructure stack :
- as a nftables/iptables daemon “a la fail2ban”
- as a nginx plugin
- as a wordpress plugin
- etc.
We hope that this approach, combined with a declarative configuration and a stateless behaviour, will make it an ideal candidate to enhance security of modern stacks (containers, k8s, serverless and more generally automatically deployed infrastructures).
Furthermore, we intend to create and share the most accurate database of malevolent actors as possible, under the form of a real time IP reputation system, accessible through API. Whenever an attack is locally blocked/detected by crowdwatch, the “meta” information of the attack is shared amongst participants (source ip, date and triggered scenario) for redistribution to network members.
We are committed to building a strong community, with all that it implies :
- a public hub to find, share and amend parsers, scenarios and blockers
- permissive open-source licence to stay business friendly
- and overall a strong commitment to transparency and community-first mentality, by tooling and behaviour
Speakers
Thibault Koechlin (crowdsec), Philippe Humeau (crowdsec)
Other media in the channel "2020"
17 viewsConclusion talkJuly 2nd, 2020
204 views, 14 this year, 5 this monthPique curiosity, not diabetic fingersJuly 2nd, 2020
37 viewsWars of the machines: build your own Seek and Destroy RobotJuly 2nd, 2020
51 viewsTackling security issues in virtualizationJuly 2nd, 2020
30 views, 4 this year, 1 this monthEnarx - secured, attested execution on any cloudJuly 2nd, 2020
55 views, 1 this yearRemote Forensic Investigations For The WinJuly 2nd, 2020