Conversation
Highlights

CrowdSec: Building the ‘Waze of Cybersecurity’ Through Community-Powered Defense

In a recent episode of Category Visionaries, Philippe Humeau, CEO and founder of CrowdSec, shared how his company is revolutionizing cybersecurity through collaborative defense. With over $21 million in funding, CrowdSec is reimagining how organizations protect themselves against cyber threats by harnessing the power of community-driven security.

From Gaming to Cybersecurity: The Genesis of CrowdSec

Humeau’s journey into cybersecurity began unexpectedly in his university years when he met someone who had cracked the games he played as a child. “I met here guys that was cracking games back in the days for Amiga and Atari mini,” Philippe recalls. “He took me down the rabbit hole of security, and it was a forever crush ever since.”

This early fascination with security led Humeau through roles as a penetration tester and defensive security specialist before founding CrowdSec, where he’s now tackling one of cybersecurity’s most persistent challenges: the limitation of fighting alone against increasingly sophisticated threats.

Reimagining Intrusion Prevention for the Modern Era

CrowdSec builds upon the legacy of traditional Intrusion Prevention Systems (IPS) and Intrusion Detection Systems (IDS), but with a crucial twist: collaboration at scale. As Philippe explains, “If your machine is being grasped by, I don’t know, ransomware letter remove, maybe it’s the same case somewhere else and the same IP address is behind both attacks.”

This insight led to CrowdSec’s innovative approach: creating what Humeau describes as “some kind of internet neighborhood watch” where organizations collectively identify and block malicious actors. The system works through two main components:

1. A behavior engine that monitors and identifies suspicious activities
2. A collaborative blocking system that shares threat intelligence across the network

The results speak for themselves: “92% of the protection is done by this reputation component by the block list and 8% is left to the behavior engine,” notes Philippe.

Product-Led Growth in an Enterprise-Heavy Market

While many cybersecurity companies rely heavily on enterprise sales, CrowdSec has embraced a product-led growth (PLG) strategy. “It’s absolutely PLG,” Philippe emphasizes. “Our clients are mainly in the first place, our users. We are an open source company, an editor.”

This approach has driven remarkable growth, with Humeau noting they’ve reached “probably 110,000 installation in two years. And we are going toward a million.” The strategy proved compelling enough for early investor Breega to back the company even before it had established a revenue stream, understanding the value of the network effect CrowdSec was building.

The Challenge of Monetizing Open Source Security

One of CrowdSec’s biggest challenges has been balancing open source principles with business sustainability. “Bringing an open source company to the market is not easy already because you’re telling the investors, guys, we are giving something for free. But trust me, we have a plan,” Philippe shares.

The company’s solution has been to focus on the value of their threat intelligence data. With visibility into “16 million threats per day” across “7 million IP addresses we are watching continuously,” CrowdSec has built a valuable data asset that larger organizations are willing to pay for.

Network Effects in Cybersecurity

CrowdSec’s most innovative aspect may be its application of network effects to cybersecurity. As Philippe explains, “A network effect is about getting stronger every time someone is joining and getting more valuable every time someone is interacting constantly.”

This approach challenges the traditional “Captain America approach” to cybersecurity, as Humeau colorfully describes it: “Hollywood makes us think that you can fight alone against an army… But the reality is when you fight alone against an army, you lose, period. No matter how better you’re equipped or whatever, you just lose.”

The Future of Collaborative Security

Looking ahead, CrowdSec aims to build what Humeau calls “an entirely real time list or map of all the addresses using by cybercriminals.” The goal is ambitious but clear: “If one is used and we don’t know about it yet, it will be added to the block list in minutes. And if one is released by the guys and is not used anymore, it will disappear from the block list in minutes and eventually down to seconds if we are enough partaking into this effort.”

This vision represents a fundamental shift in how organizations approach cybersecurity, moving from isolated defense to collaborative protection. With their rapid growth and clear vision, CrowdSec is well-positioned to lead this transformation, proving that in cybersecurity, as in many other fields, the whole can be greater than the sum of its parts.

For organizations interested in joining this collaborative security movement, CrowdSec can be found at crowdsec.net. As Philippe humorously warns, “Be careful just close to the C on your keyboard there’s maybe an X and it’s a totally different website.”