Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

ABTV

11/7/2017
01:50 PM
Andy Patrizio
Andy Patrizio
Andy Patrizio
50%
50%

Gladius Brings Distributed Defense to DDoS

You can either build dozens of data centers or you can harness millions of volunteer clients to deal with DDoS. Which one would you choose?

Distributed Denial of Service (DDoS) attacks are a constant nuisance, mostly because they are so easy to initiate. There are tools on the dark web that make it easy for anyone with a grudge to cause some real havoc. Hackers can even repurpose legitimate "penetration testing" services in executing this type of attack.

Unfortunately, it's not only a nuisance, but it also comes with costs. For a large enterprise, the average cost from addressing a DDoS attack is $250,000 per hour.

The solution up to now has been to throw bandwidth at the problem -– distribute the traffic load so far and wide, such that there is no single point of vulnerability. For example, the content delivery network (CDN) giant Cloudflare operates 118 data centers around the world to help avoid a single choke point.

A startup called Gladius thinks it has an alternative. Rather than build out (or co-locate in) data centers, it lets individuals share the spare bandwidth they have at their own home connections, thus turning every desktop or laptop computer into a distribution node.

End users simply download and install the Gladius client, which then uses spare compute cycles and bandwidth to help distribute content through a decentralized CDN. Files are then cached on their computers for faster delivery to web clients who are closer to their geographic location than the main server. And when a DDoS attack occurs, traffic can then be distributed to the thousands and thousands of user nodes across the globe.

Gladius has significant similarities to BitTorrent in the way it operates. With BitTorrent, bits and pieces of a file are downloaded from a peer-to-peer network of computers, so that no single server is burdened with traffic.

With Gladius' CDN, files are likewise cached across a decentralized network, so that there is no single point of vulnerability or failure.

The main difference, however, is that Gladius uses the Ethereum blockchain to establish smart contracts every time there is load distribution or file download. Users also get paid for their spare bandwidth through GLA tokens, which are cryptocurrency that can be exchanged for fiat money or exchanged for other cryptocurrencies like Bitcoin or Ether.

Of course, how much you can actually earn from Gladius is unclear, but it would depend on how much of your bandwidth the network actually uses -- I wouldn't plan my retirement on it.

Gladius uses blockchain to administer and allocate the resources of the network and manage payments. Because of this, there is no centralized storage location, making DDoS attacks much harder, if not impossible, to succeed.

There is another security-related reason for such a server-free architecture. Gladius will have no role in storing sensitive data, managing communication channels between customers and pools, or controlling who has access to the platform. In theory, the product is community-owned, not Gladius-owned. It could outlive Gladius, because even if the company goes away, the network will still operate, although the network will likely fade away if the company does as well.

It also means that as Gladius clients come online in areas not normally served by massive data centers, like Africa, the Middle East, parts of Europe, Asia, and South America, those people will be served by content distribution nodes closer to home -- something that the current major services like Cloudflare do not offer.

The company believes it might be able to convince ISPs to not only not stop their customers from using its software but even get master nodes inside of their network because it would have a net effect of lowering the traffic leaving their network, because static content would be cached and served from inside their own network. Less traffic leaving means they actually money that they would otherwise pay their transit provider for.

The success of Gladius depends on ubiquity. It can't be a quiet sensation or a well-kept secret. The more clients out there, the more successful it will be. Would you consider running Gladius on your PCs at work? At home?

Related posts:

— Andy Patrizio has been a technology journalist for more than 20 years and remembers back when Internet access was only available through his college mainframe. He has written for InformationWeek, Byte, Dr. Dobb's Journal, eWeek, Computerworld and Network World.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
9 Tips to Prepare for the Future of Cloud & Network Security
Kelly Sheridan, Staff Editor, Dark Reading,  9/28/2020
Malware Attacks Declined But Became More Evasive in Q2
Jai Vijayan, Contributing Writer,  9/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15216
PUBLISHED: 2020-09-29
In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revisio...
CVE-2020-4607
PUBLISHED: 2020-09-29
IBM Security Secret Server (IBM Security Verify Privilege Vault Remote 1.2 ) could allow a local user to bypass security restrictions due to improper input validation. IBM X-Force ID: 184884.
CVE-2020-24565
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25770
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25771
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...