Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


// // //
01:50 PM
Andy Patrizio
Andy Patrizio
Andy Patrizio

Gladius Brings Distributed Defense to DDoS

You can either build dozens of data centers or you can harness millions of volunteer clients to deal with DDoS. Which one would you choose?

Distributed Denial of Service (DDoS) attacks are a constant nuisance, mostly because they are so easy to initiate. There are tools on the dark web that make it easy for anyone with a grudge to cause some real havoc. Hackers can even repurpose legitimate "penetration testing" services in executing this type of attack.

Unfortunately, it's not only a nuisance, but it also comes with costs. For a large enterprise, the average cost from addressing a DDoS attack is $250,000 per hour.

The solution up to now has been to throw bandwidth at the problem -– distribute the traffic load so far and wide, such that there is no single point of vulnerability. For example, the content delivery network (CDN) giant Cloudflare operates 118 data centers around the world to help avoid a single choke point.

A startup called Gladius thinks it has an alternative. Rather than build out (or co-locate in) data centers, it lets individuals share the spare bandwidth they have at their own home connections, thus turning every desktop or laptop computer into a distribution node.

End users simply download and install the Gladius client, which then uses spare compute cycles and bandwidth to help distribute content through a decentralized CDN. Files are then cached on their computers for faster delivery to web clients who are closer to their geographic location than the main server. And when a DDoS attack occurs, traffic can then be distributed to the thousands and thousands of user nodes across the globe.

Gladius has significant similarities to BitTorrent in the way it operates. With BitTorrent, bits and pieces of a file are downloaded from a peer-to-peer network of computers, so that no single server is burdened with traffic.

With Gladius' CDN, files are likewise cached across a decentralized network, so that there is no single point of vulnerability or failure.

The main difference, however, is that Gladius uses the Ethereum blockchain to establish smart contracts every time there is load distribution or file download. Users also get paid for their spare bandwidth through GLA tokens, which are cryptocurrency that can be exchanged for fiat money or exchanged for other cryptocurrencies like Bitcoin or Ether.

Of course, how much you can actually earn from Gladius is unclear, but it would depend on how much of your bandwidth the network actually uses -- I wouldn't plan my retirement on it.

Gladius uses blockchain to administer and allocate the resources of the network and manage payments. Because of this, there is no centralized storage location, making DDoS attacks much harder, if not impossible, to succeed.

There is another security-related reason for such a server-free architecture. Gladius will have no role in storing sensitive data, managing communication channels between customers and pools, or controlling who has access to the platform. In theory, the product is community-owned, not Gladius-owned. It could outlive Gladius, because even if the company goes away, the network will still operate, although the network will likely fade away if the company does as well.

It also means that as Gladius clients come online in areas not normally served by massive data centers, like Africa, the Middle East, parts of Europe, Asia, and South America, those people will be served by content distribution nodes closer to home -- something that the current major services like Cloudflare do not offer.

The company believes it might be able to convince ISPs to not only not stop their customers from using its software but even get master nodes inside of their network because it would have a net effect of lowering the traffic leaving their network, because static content would be cached and served from inside their own network. Less traffic leaving means they actually money that they would otherwise pay their transit provider for.

The success of Gladius depends on ubiquity. It can't be a quiet sensation or a well-kept secret. The more clients out there, the more successful it will be. Would you consider running Gladius on your PCs at work? At home?

Related posts:

— Andy Patrizio has been a technology journalist for more than 20 years and remembers back when Internet access was only available through his college mainframe. He has written for InformationWeek, Byte, Dr. Dobb's Journal, eWeek, Computerworld and Network World.

Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Improving Enterprise Cybersecurity With XDR
Enterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2022-06-27
NAVER Whale browser mobile app before allows the attacker to bypass its browser unlock function via incognito mode.
PUBLISHED: 2022-06-27
Open redirect vulnerability in web2py versions prior to 2.22.5 allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.
PUBLISHED: 2022-06-27
Authentication bypass vulnerability in the setup screen of L2Blocker(on-premise) Ver4.8.5 and earlier and L2Blocker(Cloud) Ver4.8.5 and earlier allows an adjacent attacker to perform an unauthorized login and obtain the stored information or cause a malfunction of the device by using alternative pat...
PUBLISHED: 2022-06-26
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
PUBLISHED: 2022-06-26
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.