Slide deck used at CrowdSec to achieve the SMR (Smart Money Round) fundraising. More details provided on our github page: https://github.com/crowdsecurity/fundraising-decks
2. Why
“Cyber defense collaboration is the space race of
our generation.”
Williams
David
By 2021, the estimated cost of Cyber criminality
is $6 trillion (Cybersecurity ventures)
Hackers attack occur every 39
seconds. (University of Maryland)
In 2018 hackers stole half a billion personal
records (Cybersecurity ventures)
The average cost of a data
breach is $150 M. (Juniper)
3. Cybersecurity: not (only) a problem of means
3
(800 K records, 57 000
users)
($117 million settlement)
(7.5 million accounts stolen) (2.2 bn records)
(117 million of email/pass)
(83 million of accounts) (57 million of accounts) ($162 million cost)
($171 million global cost)
($500 million robbed) ($252 million
cost)
These companies had amongst the largest security budgets on
earth, yet this did not prevent cyber criminals to succeed.
We need another approach
The others
4. Not solved, for a reason
Time between intrusion and detection,
0day and patch, safe and … sorry.
Apps require ports opened to
everyone on the firewall, which just
let everything … pass.
Hackers use stolen servers, free open
source tools and their time. They don’t even
need 1% of your budget to attack you.
Time
Unfiltered
ports
Money
Shadow IT (Cloud / SaaS) & Covid19’s
“Work at home” policy created an uneven
security level across the perimeter. CTOs
have no idea where are their assets and
how they are cared for.
4
Perimeter
5. The next generation solution
5
Real Time
Behavior
assessment
Reputation
assessment
Decoupled
detection &
remediation
Crowd intel
sharing
6. We use this, because it’s free, real time,
fed by community and gives traffic
insights.
Our parents used this.
The Waze of firewalls
6
7. The team
“Best ideas can fail, best teams don’t”
Low fixed cost, IT spendings scale as we grow,
most of computing power used client-side
Open Source allow community
to partake in the effort
No sales, only marketing and
durable communication
An experimented team
6 persons, 5 on unemployment money, few
permanent positions on long term
9. Behavior & Reputation based
security network
Like Waze, more users means better precision
Open Source will help enlarge our crowd
Previous IP reputation systems (partially) failed
because they were not crowd based
10. CrowdSec analyses behavior, not IP:port
10
Legitimate traffic
Bruteforce
Port scan
Web crawlers
Exploits
XSS/SQLi
...
Internet
10.0.0.0/24
12.33.42.155
80/TCP
53/UDP
22/TCP
123.42.56.218
21/TCP
Firewall CrowdSec
11. 11
CrowdSec automates your security
Logs
BAD IP
Community
SIEM Party
Collect data
where you
want...
Ours Yours
Community
Behavior scenarii
detect hack
attempts
React the way
you want, where
you want
Block Captcha
Limit rights
or speed
2FA/MFA
Share your
sightings and get
informed
BAD IP
1 2 3 4
12. 12
Detect & enforce
Logs Logs Logs
Internet
Cloudified, SaaS & Hosted On Premise
Information System
BAD IP
BAD IP
13. One stone, ten birds
13
?
Aggressive traffic is
qualified, discarded
& notified to our
database
14. Security made simple: just click
14
Our Hub: one place to find all you need
One click to
enable a scenario
16. Monetization
”If it’s free, you are the product”
Andrew Lewis
Open Source + Free + useful = Crowd
With thousands of machines reporting the aggressions they face in
real time ...
… our IP reputation database is the most
accurate and real time ever made.
17. 17
1st packet sent by a new IP, is
screened by our API (on or offline)
API replies “Pass” or “Act”
Unknown IPs
make queries
1|
2|
3|
?
?
IP
API: Monetizing the Network effect
18. Our API can be leveraged anywhere
18
Daemons
Appliances
HTTP
servers
Apps,
codelets, tools
Languages &
frameworks
And let you choose response to enforce
19. But we offer way more to premiums
19
Open Source Component (autoban bad behavior) yes optional optional
Sharing signals with community yes optional optional
Dashboard Local & Online Customizable includes compliance
Extended Consensus including 3rd party blacklists Community Crowdsec Crowdsec
Extended remediations (Captcha / 2FA / MFA / Throttle)
Activity Typology Filtering (AS, bot, threat type/level, …)
Support 1 day best effort 24x5, chat/mail 24x7 phone
Features
Blacklists received
[Phase 2] Artificial Intelligence based filtering
yes
no
Local
Community
Community
Centralized mgmt (Group policies & filtering profiles)
Self monitoring of your IPs & am I under attack
Private consensus (with/between your machine)
Cold log online analyzes / forensic as a service
no
no
Online
Crowdsec
24x7 chat/mail
API Access 200 K queries included
Free Watcher Premium Enterprise API access
(Customizable) (Customizable) (Customizable)
20. The Market
“Sound strategy starts with having the right goal”
Michael Porter
Jeremy King,
(President - Benchmark Executive
Search)
“From our optics, if you define cyber as data
collection, storage, security, analysis, threat
intelligence, operations and dissemination, then
the $1 trillion market forecast from Cybersecurity
Ventures barely scratches the surface”
21. Why now?
21
Size matters
Free
Accuracy comes from
the number. A small, self
financed network cannot
match the efficiency of
large scale distributed
effort, Open source is the
answer here.
Versatility Community
Most of previous
attempts focused on
Email, domains &
geolocation, mainly to
fight spam. API 1st is a
game changer, let the
user decides where,
when, what.
API-First Open Source
Attempts: Symantec, Talos (Cisco), Gossip, Repuscore, IP group REP
Fail2ban paved the way.
In order to get known
beyond just mail admins
and reach a larger crowd,
let the community know
you are free, reputable
and easy to use.
Aka: What previous IP reputation systems missed
?
Aka: Why it doesn’t exist already ?
22. There is no “Waze of Security”
22
HIPS/EDR/Tools
Bot
mitigation
IP Reputation Threat intel CDN/SeCDN
None is crowd based
None is Open source
None is free
Clients Data SRC Competitors Partners Clients
23. IT engineers on
an infrastructure
Sysadmins
on servers
DevOPS in
their
deployment
environment
Developers
through a
Library or
direct API call
Local admins
on LAN server
& workstation
Anyone can set it up
24. 24
Next 6 months: go-to Community
Personas
Techs
SRE
DevOPS Developers CISO
SecOPS/MSSP
Vectors
37%
80% 37%
96% 30%
Millions
70%
25. How to reach 3.5% conversion rate
25
Get known from targets
(with the OS tool, eye candy radar &
content marketing)
Easy conversion
(WW PSP, VAT & taxes handling,
support, mail reminders)
Smart retention
(Constantly offer more
features for the price)
Easy deployment for all
Communication
Ignite the need
Frictionless premium
Always offer more
Onboard easily
(with assisted setup, Hub, premade
configs, support)
Strong premium incentive
(Offer premium trial, show benefits
with smart marketing automation)
26. Open source: a way to become viral
26
Open Source
1| Free (to use, copy, modify)
2| Free of charge
3|
4|Can be embedded No use case limit
5| Must name author
6|
Core
MIT licence. As free as it
can be. Core
contributors abandon
rights
Configurations
stays their authors
properties
Connectors stay
their authors
properties
27. Open Source is a symbiotic Ecosystem
27
Kind & benevolent feedbacks
Viral spreading visibility
Potential coders reinforcement
Community Scenarii
Community Connectors
And mainly SIGNALS
A free, supported product
Expertise (through scenarii)
Marketplace (to monetize yours)
Auditability, means trust
Safe from potential corp issues
Safe from model/licence change
(we) Give (we) Receive
28. Equity story
“Money is usually attracted, not pursued.”
Jim Rohn
Our previous cyber security corp
was sold in 2016 for tens of millions
We created several
Open source products before
Decentralized as of day 1, not
affected by Covid crisis.
Cloud born & based, no dependency on soft or
hardware supply chain nor managed services
29. 29
Smart & Seeders money will be used to:
Build our
community
Strengthen
the SaaS
Preparing the SaaS and start to
monetize is key for A serie.
Adoption rate is our sole KPI during
this phase. We need a community.
Ramp up the signal
collection
The larger the collection network,
the larger the network value & effect
A
We look for ~300 000 € in this Smart Money round
31. Successes that leveraged similar pillars
31
Crowd based
Open source
Freemium SAAS
Nginx, Openstack, Elastic Search
Zappier, Dropbox, Algolia
Waze, Airbnb, Duolingo
32. BORN TO BE The leader
of dynamic firewalling
At a glance
32
We look
for
0.3 M€
● Open Source editor
● Security, Deep Tech
● SaaS, Low Touch
● Collaborative, NG Firewall
● A global security network