CrowdSec : A crowd approach to infrastructure defense
Key | Action |
---|---|
K or space | Play / Pause |
M | Mute / Unmute |
C | Select next subtitles |
A | Select next audio track |
V | Show slide in full page or toggle automatic source change |
left arrow | Seek 5s backward |
right arrow | Seek 5s forward |
shift + left arrow or J | Seek 10s backward |
shift + right arrow or L | Seek 10s forward |
control + left arrow | Seek 60s backward |
control + right arrow | Seek 60s forward |
shift + down arrow | Decrease volume |
shift + up arrow | Increase volume |
shift + comma | Decrease playback rate |
shift + dot or shift + semicolon | Increase playback rate |
end | Seek to end |
beginning | Seek to beginning |
Share this media
HLS video stream
You can use an external player to play this stream (like VLC).
HLS video streamInformation on this media
Links:
Number of views:
43 (this month: 1)Creation date:
June 30, 2020Speakers:
Thibault Koechlin, Philippe HumeauLicense:
CC BY-SA v4Description
The CrowdSec project aims at providing a crowdsourced approach to common infrastructure defense problems, by distributing free & open-source softwares allowing to protect yourself and share information about malevolent actors.
These software components, of which CrowdWatch is the main piece (release date : 15th of may) work by processing logs (or more generally information stream such as cloudtrail or kafka) and enriching them, in order to apply behavior based scenarios (heuristics) that will identify attacks patterns and even sort targeted attacks from opportunistic ones.
One of the core concepts of crowdwatch is to decorelate the detection of an attack and its reaction, to be suitable for modern architectures.
While CrowdWatch is in charge of the detection, the reaction is performed by “blockers” that aim to be deployable at any level of the applicative / infrastructure stack :
- as a nftables/iptables daemon “a la fail2ban”
- as a nginx plugin
- as a wordpress plugin
- etc.
We hope that this approach, combined with a declarative configuration and a stateless behaviour, will make it an ideal candidate to enhance security of modern stacks (containers, k8s, serverless and more generally automatically deployed infrastructures).
Furthermore, we intend to create and share the most accurate database of malevolent actors as possible, under the form of a real time IP reputation system, accessible through API. Whenever an attack is locally blocked/detected by crowdwatch, the “meta” information of the attack is shared amongst participants (source ip, date and triggered scenario) for redistribution to network members.
We are committed to building a strong community, with all that it implies :
- a public hub to find, share and amend parsers, scenarios and blockers
- permissive open-source licence to stay business friendly
- and overall a strong commitment to transparency and community-first mentality, by tooling and behaviour
Speakers
Thibault Koechlin (crowdsec), Philippe Humeau (crowdsec)
Other media in the channel "2020"
17 viewsConclusion talkJuly 2nd, 2020
191 views, 3 this monthPique curiosity, not diabetic fingersJuly 2nd, 2020
37 views, 1 this monthWars of the machines: build your own Seek and Destroy RobotJuly 2nd, 2020
51 views, 1 this monthTackling security issues in virtualizationJuly 2nd, 2020
28 views, 2 this monthEnarx - secured, attested execution on any cloudJuly 2nd, 2020
54 views, 1 this monthRemote Forensic Investigations For The WinJuly 2nd, 2020