Listen Here

| |

Conversation
Highlights

CrowdSec: Building the ‘Waze of Cybersecurity’ Through Community-Powered Defense

In a recent episode of Category Visionaries, Philippe Humeau, CEO and founder of CrowdSec, shared how his company is revolutionizing cybersecurity through collaborative defense. With over $21 million in funding, CrowdSec is reimagining how organizations protect themselves against cyber threats by harnessing the power of community-driven security.

From Gaming to Cybersecurity: The Genesis of CrowdSec

Humeau’s journey into cybersecurity began unexpectedly in his university years when he met someone who had cracked the games he played as a child. “I met here guys that was cracking games back in the days for Amiga and Atari mini,” Philippe recalls. “He took me down the rabbit hole of security, and it was a forever crush ever since.”

This early fascination with security led Humeau through roles as a penetration tester and defensive security specialist before founding CrowdSec, where he’s now tackling one of cybersecurity’s most persistent challenges: the limitation of fighting alone against increasingly sophisticated threats.

Reimagining Intrusion Prevention for the Modern Era

CrowdSec builds upon the legacy of traditional Intrusion Prevention Systems (IPS) and Intrusion Detection Systems (IDS), but with a crucial twist: collaboration at scale. As Philippe explains, “If your machine is being grasped by, I don’t know, ransomware letter remove, maybe it’s the same case somewhere else and the same IP address is behind both attacks.”

This insight led to CrowdSec’s innovative approach: creating what Humeau describes as “some kind of internet neighborhood watch” where organizations collectively identify and block malicious actors. The system works through two main components:

  1. A behavior engine that monitors and identifies suspicious activities
  2. A collaborative blocking system that shares threat intelligence across the network

The results speak for themselves: “92% of the protection is done by this reputation component by the block list and 8% is left to the behavior engine,” notes Philippe.

Product-Led Growth in an Enterprise-Heavy Market

While many cybersecurity companies rely heavily on enterprise sales, CrowdSec has embraced a product-led growth (PLG) strategy. “It’s absolutely PLG,” Philippe emphasizes. “Our clients are mainly in the first place, our users. We are an open source company, an editor.”

This approach has driven remarkable growth, with Humeau noting they’ve reached “probably 110,000 installation in two years. And we are going toward a million.” The strategy proved compelling enough for early investor Breega to back the company even before it had established a revenue stream, understanding the value of the network effect CrowdSec was building.

The Challenge of Monetizing Open Source Security

One of CrowdSec’s biggest challenges has been balancing open source principles with business sustainability. “Bringing an open source company to the market is not easy already because you’re telling the investors, guys, we are giving something for free. But trust me, we have a plan,” Philippe shares.

The company’s solution has been to focus on the value of their threat intelligence data. With visibility into “16 million threats per day” across “7 million IP addresses we are watching continuously,” CrowdSec has built a valuable data asset that larger organizations are willing to pay for.

Network Effects in Cybersecurity

CrowdSec’s most innovative aspect may be its application of network effects to cybersecurity. As Philippe explains, “A network effect is about getting stronger every time someone is joining and getting more valuable every time someone is interacting constantly.”

This approach challenges the traditional “Captain America approach” to cybersecurity, as Humeau colorfully describes it: “Hollywood makes us think that you can fight alone against an army… But the reality is when you fight alone against an army, you lose, period. No matter how better you’re equipped or whatever, you just lose.”

The Future of Collaborative Security

Looking ahead, CrowdSec aims to build what Humeau calls “an entirely real time list or map of all the addresses using by cybercriminals.” The goal is ambitious but clear: “If one is used and we don’t know about it yet, it will be added to the block list in minutes. And if one is released by the guys and is not used anymore, it will disappear from the block list in minutes and eventually down to seconds if we are enough partaking into this effort.”

This vision represents a fundamental shift in how organizations approach cybersecurity, moving from isolated defense to collaborative protection. With their rapid growth and clear vision, CrowdSec is well-positioned to lead this transformation, proving that in cybersecurity, as in many other fields, the whole can be greater than the sum of its parts.

For organizations interested in joining this collaborative security movement, CrowdSec can be found at crowdsec.net. As Philippe humorously warns, “Be careful just close to the C on your keyboard there’s maybe an X and it’s a totally different website.”

Actionable
Takeaways

Embrace Open-Source for Community-Driven Innovation:

Philippe's approach with CrowdSec, leveraging open-source to foster community collaboration, underlines the power of collective intelligence in enhancing cybersecurity defenses.

Understand Cognitive Biases and Decision-Making:

Inspired by "Thinking, Fast and Slow," Philippe emphasizes the importance of recognizing how instinctive and analytical thinking impacts leadership and problem-solving, advocating for a balanced approach in strategic decision-making.

Target Broad Markets with Specific Needs:

Identifying a wide-ranging yet specific target market, such as large corporations in need of reliable threat signals, demonstrates the importance of understanding and addressing the nuanced requirements of different industry verticals.

Adopt a Product-Led Growth Model in Cybersecurity:

CrowdSec's focus on product-led growth, particularly in a field slow to adopt this strategy, underscores the potential for such a model to drive adoption and user engagement, especially when the product directly contributes to its own improvement through user participation.

Prepare for Investor Skepticism with Open Source:

The journey of securing funding for an open-source project like CrowdSec, especially in the cybersecurity space, provides insights into the challenges of convincing investors of the viability and potential profitability of open-source models, emphasizing the importance of demonstrating network effects and the intrinsic value of the data or signals generated.

Recommended Founder
Interviews

Ayal Yogev

CEO and Co-Founder of Anjuna

Ayal Yogev, CEO and Co-Founder of Anjuna: $42 Million to Build The Future of Confidential Computing

Marina Segal

CEO and Co-Founder of Tamnoon

Marina Segal, CEO & Co-Founder of Tamnoon: Over $5 Million Raised to Build the Future of Cloud Security

Tiffany Ricks

CEO and Founder of HacWare

Tiffany Ricks, CEO and Founder of HacWare: $2.6 Million Raised to Build the Future of Security Awareness

Bill Moore

CEO and Founder of XONA

Bill Moore, CEO and Founder of XONA: $30 Million Raised to Build the Future of OT User Access

Paul Lewis

Founder and CEO of Calamu

Paul Lewis, CEO of Calamu: $20 Million Raised to Build the Cyber Storage Category

Austin Gadient

CTO & Co-Founder of Vali Cyber

Austin Gadient, CTO & Co-Founder of Vali Cyber: $15 Million Raised to Build the Future of Linux Security

Michael Assraf

CEO & Co-Founder of Vicarius

Michael Assraf, CEO of Vicarius: $29 Million Raised to Build the Future of Vulnerability Prioritization

Ryan Lasmaili

CEO & Co-Founder of Vaultree

Ryan Lasmaili, CEO of Vaultree: $16 Million Raised to Build the World’s First Fully Functional Data-in-Use Encryption

Peter Prizio Jr

CEO of SnapAttack

Peter Prizio Jr, CEO of SnapAttack: $8 Million Raised to Power the Future of Threat Management

Dan Lorenc

CEO & Founder of Chainguard

Dan Lorenc, CEO & Founder of Chainguard: $250 Million Raised to Power the Future of Software Supply Chain Security

Ian Amit

CEO and Founder of Gomboc

Ian Amit, CEO & Founder of Gomboc: $5 Million Raised to Build the Future of Cloud Security Remediation

Pukar Hamal

CEO and Founder of SecurityPal

Pukar Hamal, CEO and Founder of SecurityPal: $21 Million Raised to Power the Future of Customer Assurance

Umaimah Khan

CEO and Co-Founder of Opal Security

Umaimah Khan, CEO & Co-Founder of Opal Security: $32 Million Raised to Build the Future of Identity Security

Colby Proffitt

VP of Marketing of Shift5

From the Pentagon to B2B: Colby Proffitt’s Journey and ABM Insights

Josh Shaul

CEO of Allure Security

Josh Shaul, CEO of Allure Security: $6 Million Raised to Help Businesses Win the Battle Against Online Scammers

Robert Cowart

CEO & Co-Founder of ElastiFlow

Robert Cowart, CEO & Co-Founder of ElastiFlow: $8 Million Raised to Power the Future of Network Performance and Security Analytics

Sebastian Stranieri

CEO & Founder of VU Security

Sebastian Stranieri, CEO & Founder of VU Security: $24 Million Raised to Build the Future of Digital Identity & Fraud Prevention

Spencer Thompson

CEO and Co-Founder of Prelude

Spencer Thompson, CEO and Co-Founder of Prelude: Over $30 Million Raised to Build the Future of Continuous Security Testing

Danny Lopez

CEO of Glasswall

Danny Lopez CEO of Glasswall: $60+ Million Raised to Make the Content Disarm and Reconstruction (CDR) Category Mainstream

Aurelie Guerrieri

Chief Marketing & Alliances Officer of DataDome

Aurelie Guerrieri, Chief Marketing & Alliances Officer at DataDome: 20 Years in Silicon Valley – Insights on the Evolving Tech Landscape

Arie Zilberstein

CEO and Co-Founder of Gem Security

Arie Zilberstein, CEO and Co-Founder of Gem Security: $34 Million Raised to Power the Future of Cloud Detection and Response

Justin Beals

CEO, Co-Founder of Strike Graph

Justin Beals, CEO of Strike Graph: $12 Million Raised to Build the Future of Automated Security and Compliance

John Milburn

CEO of Clear Skye

John Milburn, CEO of Clear Skye: More Than $20 Million Raised to Build the Future of Identity and Access Governance

David Etue

CEO of Nisos

David Etue, CEO of Nisos: $33 Million Raised to Build the Future of Managed Intelligence

Mollie Breen

CEO and Co-Founder of Perygee

Mollie Breen, CEO and Co-Founder of Perygee: $6.4 Million Raised to Build the Future of IT/OT Security

Jason Martin

Co-Founder and Co-CEO of Permiso Security

Jason Martin, Co-Founder and Co-CEO of Permiso Security: $10 Million Raised to Build the Future of Cloud Security

Dave Mor

CEO and Co-Founder of OneLayer

Dave Mor, CEO and Co-Founder of OneLayer: $15 Million Raised to Protect Private Cellular Networks

Ryan Schonfeld

Founder & CEO of Hivewatch

Ryan Schonfeld, CEO of Hivewatch: $25 Million Raised to Build the OS of Physical Security

Stephen de Vries

CEO and Co-Founder of IriusRisk

Stephen de Vries, CEO and Co-Founder of IriusRisk: $40 Million Raised to Build the Future of Threat Modeling

Rodrigo Leme

Marketing Director of Right-Hand Cybersecurity

Rodrigo Leme, Marketing Director at Right-Hand Cybersecurity: Standing Out in a Crowded Market – Niche Targeting and Customer-Centric Approach

Arjun Bhatnagar

CEO & Co-Founder of Cloaked

Arjun Bhatnagar, CEO of Cloaked: $25 Million Raised to Build the Future of Data Privacy

Scott McCrady

CEO of SolCyber

Scott McCrady, CEO of SolCyber: $20 Million Raised to Build the Future of Managed Security

Eric Olden

CEO and Founder of Strata Identity

Eric Olden, CEO and Founder of Strata Identity: $42 Million Raised to Build the Identity Orchestration Category

Stijn Vande Casteele

Founder of Sweepatic

Stijn Vande Casteele, Founder of Sweepatic: $4.4 Million Raised to Build the Future of External Attack Surface Management

Ori Eisen

CEO & Founder of Trusona

Ori Eisen, CEO & Founder of Trusona: $38 Million Raised to Power the Future of Account Takeover Prevention

Itzik Alvas

CEO & Co-Founder of Entro Security

Itzik Alvas, CEO & Co-Founder of Entro Security: $24 Million Raised to Build the Future of Non-Human Identity Management

Nadav Arbel

CEO & Co-Founder of Cyrebro

Nadav Arbel, CEO & Co-Founder of Cyrebro: $51 Million Raised to Build the Future of ML-Backed MDR

Matteo Bogana

CEO and Co-Founder of Cleafy

Matteo Bogana, CEO & Co-Founder of Cleafy: $12 Million Raised to Build the Future of Online Fraud Prevention

Mykolas Rambus

CEO & Co-Founder of Hush

Mykolas Rambus, CEO & Co-Founder of Hush: $7.5 Million Raised to Build the Future of Data Privacy

Jean Le Bouthillier

CEO of Qohash

Jean Le Bouthillier, CEO of Qohash: $20 Million Raised to Build the Future of Data Security

Christian Almenar

CEO & Co-Founder of Monad

Christian Almenar, CEO of Monad: $19 Million Raised to Solve the Cybersecurity Big Data Problem

Sivan Tehila

Founder and CEO of Onyxia

Sivan Tehila, Founder and CEO of Onyxia: $5 Million Raised to Build the Future of Cybersecurity Performance Management

Russell Spitler

CEO & Co-Founder of Nudge Security

Russell Spitler, CEO & Co-Founder of Nudge Security: $17 Million Raised to Build the Future of SaaS Security

Neil Serebryany

CEO and Co-Founder of CalypsoAI

Neil Serebryany, CEO & Co-Founder of CalypsoAI: $38 Million Raised to Power the Future of AI Security

Ani Chaudhuri

CEO & Co-Founder of Dasera

Ani Chaudhuri, CEO & Co-Founder of Dasera: $21 Million Raised to Build the Future of Data Security

Paul Valente

CEO and Co-Founder of VISO Trust

Paul Valente, CEO and Co-Founder of VISO Trust: $17 Million Raised to Build the Future of Third-Party Cyber Risk Management

David Brumley

CEO of ForAllSecure

David Brumley, CEO of ForAllSecure: $38 Million Raised to Build the Future of Security Testing

Kyle Hanslovan

CEO & Co-Founder of Huntress

Kyle Hanslovan, CEO of Huntress: $160 Million Raised to Build the Future of Managed Security

Edward Wu

CEO and Founder of Dropzone AI

Edward Wu, CEO & Founder of Dropzone AI: $20 Million Raised to Build the Future of AI SOC Analysts

Tom Jermoluk

CEO of Beyond Identity

Tom “TJ” Jermoluk, CEO of Beyond Identity: $200 Million Raised to Build the Future of Multi-Factor Authentication