Hello everyone
I hope you are all well. I am looking for advice on how to include crowdsec into our current security structure. We are a medium sized company with a complex information technology system that includes onsite servers; cloud services; and a variety of apps that require high levels of security.
Currently; our security platform includes components such as to protect our networks circumference; we use both hardware and cloud-based barriers. We have an attack identification and protection system in place, yet it is relatively outdated; therefore, we are considering updating. Our endpoints are protected by antivirus and antivirus software solutions from a top supplier. We use a security event and information management system to collect and analyse log information from various sources. Securing our online applications is a top responsibility, and we have a Firewall in place to do this.
- What are the best ways to connect crowdsec with our current firewall; IDS and IPS, and Monitoring solutions? Are there any special arrangements and components we should be aware of in order to maintain a smooth connection?
- How effectively does crowdsec grow in a medium size company with both on-site and cloud installation? Are there any possible performance effects that we should be aware of, and how can we minimise them as well?
- How does crowdsec handle information from log files, and what are the best ways to manage the information in logs inside the crowdsec structure? Can it support our current Security solution, and would it require substantial changes to our log managing techniques?
- One of the main characteristics that created us to crowdsec was its collaborative threat intelligence model. How effective is this in behaviour, and what actions can we take to optimise the benefits of cooperative security artificial intelligence
- As a new user, what resources and help networks would you suggest for learning crowdsec? Are there any essential material, guides, and other community assets that will help us achieve the most out of this tool?
Also I explored some topics related to this https://discourse.crowdsec.net/t/k8s-pod-recreate-causes-security-engine-to-get-recreated-looker but I did not get the sufficient solution of my query so i would really want to get some help from a more experienced person.
Thank you in advance for your help