Syspeace Service for Linux – Syspeace detection and protection in more places in a mixed environment

For over a decade, Syspeace has provided detection of and protection against brute force attacks and similar threats. Syspeace has detected login attempts on Windows Server, blocked the IP addresses the attacks originate from and assembled a Global Blocklist, distributed to every Syspeace user, from the recent worst offenders.

Recently, Syspeace has been upgraded to Syspeace v4 with a raft of new features delivered over the past year, including shared blocking, shared IP lists, more powerful rules and conditions and remote management directly or through Syspeace Relay. With the most recent release, Syspeace Service is now also available for Linux.

Linux-powered servers are nothing new and Microsoft itself relies on Linux to power their infrastructure and cloud offerings. Many Windows-heavy environments nonetheless include Linux servers and they can now be protected with Syspeace too. To begin with, Syspeace Service for Linux picks up login attempts from the OpenSSH `sshd` server and integrates the Web detector, through which other services and applications on the same server can report additional login attempt observations. We intend to expand the reach of Syspeace Service for Linux over time.

With Syspeace Service for Linux, the following features already exist, fully supported, just as on Windows Server:

  • Rule-based blocking where enough login attempts in a time window, subject to filter conditions, cause a block of a set duration.
  • Mapping IP addresses to countries with the help of a geographical database and use country information in rule filter conditions.
  • Maintain lists of IP addresses to be blocked (blocklists) or to never be blocked (safelists).
  • Receive updated information about the most egregious attackers to have been blocked by Syspeace worldwide with Global Blocklist.
  • Assign a service to a Syspeace account and optionally to separate license groups within the account, for multi-client, Managed, MSP or granular deployments.
  • Share blocks within an account or license group and stop wide-reaching attacks in their tracks.
  • Share IP lists within an account or license group, including opting in or out, and simplify management across all Syspeace services.
  • Storage of previous login attempts for months, allowing use of Syspeace Console’s Access Log to view login attempt history or Access Report to find patterns and understand traffic.
  • See an IP address’s history with both login attempts and blocks with IP activity in Syspeace Console.
  • Responsive blocking with rule changes causing retroactive changes in the affected blocks.
  • Forgive blocks to let through legitimate users caught by a false positive.

Syspeace Service was designed to be cross platform from the start and our goal with Syspeace Service for Linux is feature parity: future features that do not depend explicitly on Windows features will come to Linux too.

In short, if you use Syspeace today on Windows Server and have Linux servers, Syspeace Service for Linux is the perfect complement and will look and feel very familiar.