Skip to main content
TrustRadius
CrowdSec

CrowdSec

Overview

What is CrowdSec?

CrowdSec is a CTI tool leveraging crowdsourced data to identify and block malevolent IPs in real time worldwide. It is an open-source & collaborative IPS able to analyze visitor behavior by parsing logs & provide an adapted response to all…

Read more

Learn from top reviewers

Return to navigation

Product Details

What is CrowdSec?

CrowdSec is a CTI tool leveraging crowdsourced data to identify and block malevolent IPs in real time worldwide. It is an open-source & collaborative IPS able to analyze visitor behavior by parsing logs & provide an adapted response to all kinds of attacks. It also enables users to protect each other. Each time an IP is blocked, all community members are informed so they can also block it. That way, they are generating a real-time crowdsourced CTI database.

CrowdSec is available with a perpetually free Community edition (MIT license), and commercially (custom pricing) on the Enterprise plan with advanced features and support.

CrowdSec Videos

CROWDSEC EXPLAINED in 15 minutes: product presentation by Philippe Humeau, CEO & co-founder
Workshop: CrowdSec for Absolute Beginnners
Webinar: CrowdSec 1.4.2 Overview

CrowdSec Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews From Top Reviewers

Community Insights

TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!

Users have made several recommendations for CrowdSec based on their experiences with the product. Firstly, users highly recommend interacting with the developers for quick support whenever assistance is needed. Secondly, users suggest reaching out to the staff for guidance on implementing CrowdSec, highlighting the importance of their expertise in ensuring a smooth integration. Lastly, users recommend CrowdSec for all network admins and web hosting companies to improve internet security. These recommendations reflect the positive feedback users have provided regarding CrowdSec's features, ease of use, and open-source nature.

(1-1 of 1)

Simply a no-brainer service to run on any public facing servers

Rating: 8 out of 10
September 13, 2023
AT
Vetted Review
Verified User
CrowdSec
1 year of experience
Verified on LinkedIn
CrowdSec was first implemented at the most basic level, directly on a webserver running WordPress sites. This worked great as there were ways to connect CrowdSec to WordPress and capture failed logins, DDoS attacks, malicious users, etc. However, as I quickly realized that the true potential of CrowdSec would be to have it on the servers pointing a central Crowdsec Local API on the router, this way it would protect the entire network from malicious users/IPs, no matter which server or domain they were hoping to target.
  • Provides great integrations with tools you already use, such as fail2ban, Cloudflare, WordPress, NGINX, Linux Firewalls, etc.
  • Lightweight agents can run on individual servers and report to a main security engine so that if there's an attack on one server and a block is implemented, the entire network can be protected
  • There are a lot of ways to receive alerts and store logs
  • CrowdSec Central API is a nice way to manage everything externally
Cons
  • Getting CrowdSec to run on OPNsense can be a challenge, but that's also a limitation of the OS
  • You can only subscribe to a couple of feeds before paying an unknown amount of money that's part of their "Enterprise" package. So, there could be better transparency.
Since I've only used CrowdSec in a homelab/small-medium sized business setup, that's really the only market I can safely recommend it and say it's well suited for, because I don't know how much it would cost to run it in an enterprise environment. I've heard some pricing and how they plan on rolling out a subscription model, but it's still in talks.

Either way, if you have publicly exposed web applications hosted locally or on a virtual private server, then CrowdSec should be part of every virtual machine and/or network. Even with the lmited number of filter you get out of the free subscription, it provides a nice layer of constantly updated data,
Firewall (11)
44.54545454545454%
4.5
Identification Technologies
80%
8.0
Visualization Tools
80%
8.0
Content Inspection
80%
8.0
Policy-based Controls
N/A
N/A
Active Directory and LDAP
N/A
N/A
Firewall Management Console
N/A
N/A
Reporting and Logging
80%
8.0
VPN
N/A
N/A
High Availability
N/A
N/A
Stateful Inspection
80%
8.0
Proxy Server
90%
9.0
  • It flat-out blocks malicious IPs from accessing any PC on my network.
  • It's free-tier makes this a no brainer to implement
Cloudflare, Cloudflare Workers, WordPress, NGINX, Debian OS, Ubuntu Linux, Docker, Proxmox VE, Azure Functions, Azure Logic Apps, Azure Service Bus, Azure Blob Storage, RabbitMQ, Synology DiskStation, MongoDB, Azure Cosmos DB, MariaDB Platform, PostgreSQL, Portainer
Return to navigation