BSidesNcl 2021 Swarmed Cyber Defence Philippe Humeau

CrowdSec is an open-source security engine able to analyze user behavior & provide an adapted response to most classes of attacks. Every time the agent blocks an attack, the aggressive IP behind it is shared across the network of users to create a Waze-like, global, firewall. For the better part of the last 30 years, the mass scale hack problem was not solved. Even entities with almost unlimited cybersec budgets like large companies & gov get hacked. It seems that stacking products and people doesn’t quite make the cut. Maybe it’s time to propose another path: free, collaborative security. By leveraging a huge interception network, IPs used by malevolent actors can quickly be spotted and blocked, before they even attack you. The software is doing so by extracting unwanted behavior from logs, blocking the attacks, and sharing their metadata with all other users (after curation). It’s a form of Internet Neighborhood watch system that should allow us to establish a Digital Herd Immunity.