So yeah, we did not solve cybersecurity yet…

There are several reasons for that :

– The attacker has always had the initiative. The attacker picks his time, picks the vulnerability, picks the best tools.

– The attacker can deliver massive damage with a limited amount of investment.  Targeted companies usually invest millions and millions whereas cyberattackers usually invest some thousand dollars.

– Enterprise networks have increasingly complex perimeters combining cloud, virtualization, containers, on-premise servers, VPNs making the mission of protecting all infrastructure challenging and opening larger surface attacks for criminals. Also, they have to be ready 24/7/365. That’s not cheap.

The standard castle strategy where you only have to define assets at one location and do so with a firewall is not adapted anymore. It was highly successful until the 2010s. So what choices do companies have today?

Many approaches have been tested. Throwing more money at the problem. Did not work…Pushing new concepts such as EDRs (Endpoint Detection & Response)? They are clearly not a silver bullet. Adding more intelligence with AI or machine learning? Well, that didn’t work either.

However, one approach has not been explored before: The power of collaboration, or the hivemind intelligence of the crowd. Cybercriminals are few. The rest of us are an army. The individual defense has been proven flawed. How about a collective defense? How would  cybercriminals be able to succeed with their dodgy schemes if they front an angry mob with forks and torches ready to burn them down? They can not. Nothing can overpower an army. Castles with only one line of defense can be breached. Organized and coordinated armies are invincible.

So how would that work in the context of cybersecurity? CrowdSec facilitates developing   software that helps service users collaborate and share data on attack attempts, to make sure criminals fail. Think of it like a Waze for cybersecurity. And like with Waze, the more users there are, the more efficient and precise the solution becomes. 

CrowdSec runs an agent on servers exposing services or applications on the Internet. By analyzing logs, the agent identifies behavioral patterns used in a variety of attacks: port scans, brute force attempts, scrapping, e-commerce scalping, HTTP attacks, etc. The IPs behind those attacks are identified and banned (other remediation actions are possible such as captcha page insertion, MFA, or any custom action defined by the user). In addition, those IPs are shared with the rest of the users, to make sure the IPs involved in attack attempts at one user, will automatically get banned at every other user’s service. 

With this approach, CrowdSec gives new meaning to the famous “the best defense is the attack” paradigm. The CrowdSec “angry mob” actually burns down the most important resource of cybercriminals: the IP addresses. Without those IP addresses, criminals have fewer resources, less anonymity, fewer options shifting the initiative back to the defense and their attacks become more cumbersome, more expensive, and harder to do.

Today, with 30.000 users in 130 countries, more than 1 million nefarious IPs, and 400.000 signals shared daily by the user community, CrowdSec is the biggest actionable cyber threat intelligence in the world. Moreover, it is open-source and free. 

So why not join the angry mob to protect yourself and protect the community?

The post Cybersecurity: castle strategy versus the angry mob approach appeared first on eWEEK.