Want to improve the security of your ecommerce website?

Learn how

FOSS Security for your Windows Servers

Windows is making its way towards open-source ecosystems, however the truth is that there is still very little FOSS (free and open-source software) security available for Windows’ servers. Many institutions that use Windows, like hospitals, struggle to get hardware or people to properly function and are often left exposed to cyberattacks like ransomware. At CrowdSec, we saw a need for an EDR-like tool that was cost-effective (even free) and could seamlessly protect where many other tools lacked. Therefore, we added additional functionality to our platform and made a Windows Agent, which was fairly trivial thanks to the versatility of Golang. 

In this article, we will quickly look into the FOSS security that we provide to Windows’ servers, the benefits, and how you can try it out on your system too. 

Install the CrowdSecWindows Agent

What is free and open-source software?

To begin, let’s take a quick look at what FOSS is. 

Simply put, free and open source software (FOSS) is software where the users and programmers can edit, add to, or modify the code source. There are many different types of licenses, ours is under the MIT license, which allows developers to collaborate worldwide on improving the functionality of the software with no copyright restraints. 

For our open-source solution, we allow members of our community and all users to add, edit, and modify our Agent on GitHub.The transparency brought by being open source also guarantees that the software does what it says it does and nothing more.

Why would a company using Windows choose CrowdSec?

It was a quick, easy win to bring FOSS security to Windows and help those in need.

For Internet-facing machines, they receive threats, share attacker’s IP, and benefit from the network effect. Now if the admins of those machines want advanced features, they have the same possibility to go premium as the *NIX ones. 

But most importantly, CrowdSec is a FOSS editor and the agent (IDS) is and will remain free for all to use. 

What can CrowdSec detect and block on a Windows server? 

CrowdSec agents can monitor logs and events for various applications, an example of these are samba shares, remote desktop brute force, port scans, CVE’s like CVE-2022-30190, authentication attempts and an SQL server scenario.

Windows event log facility can provide substantial information for the CrowdSec agent to parse and act upon. This can be further extended with using the popular system monitor tool Sysmon which can enable additional logging facilities to which Crowdsec can monitor even more types of events such as file read and write activity.

How can I test CrowdSec on my Windows server? 

So you are curious about trying our FOSS Windows Agent on your server? We have a tutorial to walk you through the steps to get it running and protect your system right away. You can also check out another tutorial on how to secure your Microsoft Exchange 2019 server with CrowdSec

As CrowdSec is free and open-source software, you have the ability to contribute to it (as we mentioned above). You also share your signals with a large community of real users. When you detect and block a rogue IP, this information is shared across the network and this data is then curated, cross-validated, and checked through a rigorous technique that ensures zero-false positives, a reduced volume of alerts, and is fed to our extremely actionable cyber threat intelligence which can aid you in making more informed decisions and efficient processes against future cyberattacks. 

You may also like

explore how we compute the enhanced crowdsec cti scoring systems
Data Curation

Explore the Enhanced CrowdSec CTI Scoring System and How We Compute It

Explore CrowdSec’s enhanced CTI scoring system, now more explainable and reliable, with improved quantiles for accurate threat analysis and IP data tracking.

Upgrading the CrowdSec Infrastructure to Support IPv6-Only Users
Inside CrowdSec

Upgrading the CrowdSec Infrastructure to Support IPv6-Only Users

Follow our journey as we upgrade the CrowdSec infrastructure to allow our IPv6-only users to set up CrowdSec without any hiccups.

Network Effect x AI: Transforming CTI into Tactical Threat Intelligence
Inside CrowdSec

Network Effect x AI: Transforming CTI into Tactical Threat Intelligence

Delve into IP-based cyber defense and explore how the Network Effect and AI are transforming CTI into crowd-powered Tactical Threat Intelligence.