TrustRadius: an HG Insights company

CrowdSec

Score7.9 out of 10

2 Reviews and Ratings

Get a Demo

What is CrowdSec?

CrowdSec is a CTI tool leveraging crowdsourced data to identify and block malevolent IPs in real time worldwide. It is an open-source & collaborative IPS able to analyze visitor behavior by parsing logs & provide an adapted response to all kinds of attacks. It also enables users to protect each other. Each time an IP is blocked, all community members are informed so they can also block it. That way, they are generating a real-time crowdsourced CTI database.

Categories & Use Cases

Key Features

Learn about the best (and worst!) features CrowdSec has to offer, as determined by TrustRadius' reviewers.
Based on 2 ratings of CrowdSec's features
View all features

Top Performing Features

  • Proxy Server

    A proxy server changes your IP address and masks the origin of your network traffic

    Category average: 8.3

  • Identification Technologies

    Policy-based visibility and control over applications, users and content

    Category average: 8.5

  • Visualization Tools

    Visualization tools present administrators with data on applications traversing the network, who is using them, and the potential security impact.

    Category average: 7.7

Areas for Improvement

  • Content Inspection

    Inspecting permitted application traffic by means of threat prevention, URL filtering and data filtering

    Category average: 8.4

  • Reporting and Logging

    Custom and summary reports, and log files enabling analysis of security incidents, application usage and traffic patterns

    Category average: 7.8

  • Stateful Inspection

    Stateful inspection analyzes packet headers and contents of packets

    Category average: 8.6

Reviews

What users are saying about CrowdSec.
View all reviews

Simply a no-brainer service to run on any public facing servers

Incentivized
AJ TatumView profile
Founder in Marketing at AJ Tatum Digital (1-10 employees employees)

Use Cases and Deployment Scope

CrowdSec was first implemented at the most basic level, directly on a webserver running WordPress sites. This worked great as there were ways to connect CrowdSec to WordPress and capture failed logins, DDoS attacks, malicious users, etc. However, as I quickly realized that the true potential of CrowdSec would be to have it on the servers pointing a central Crowdsec Local API on the router, this way it would protect the entire network from malicious users/IPs, no matter which server or domain they were hoping to target.

Pros

  • Provides great integrations with tools you already use, such as fail2ban, Cloudflare, WordPress, NGINX, Linux Firewalls, etc.
  • Lightweight agents can run on individual servers and report to a main security engine so that if there's an attack on one server and a block is implemented, the entire network can be protected
  • There are a lot of ways to receive alerts and store logs
  • CrowdSec Central API is a nice way to manage everything externally

Cons

  • Getting CrowdSec to run on OPNsense can be a challenge, but that's also a limitation of the OS
  • You can only subscribe to a couple of feeds before paying an unknown amount of money that's part of their "Enterprise" package. So, there could be better transparency.

Return on Investment

  • It flat-out blocks malicious IPs from accessing any PC on my network.
  • It's free-tier makes this a no brainer to implement

Other Software Used

Cloudflare, Cloudflare Workers, WordPress, NGINX, Debian OS, Ubuntu Linux, Docker, Proxmox VE, Azure Functions, Azure Logic Apps, Azure Service Bus, Azure Blob Storage, RabbitMQ, Synology DiskStation, MongoDB, Azure Cosmos DB, MariaDB Platform, PostgreSQL, Portainer