Gcore named a Leader in the GigaOm Radar for AI Infrastructure!Get the report
  1. Home
  2. Blog
  3. How to effectively protect video content

How to effectively protect video content

  • By Gcore
  • 5 min read
How to effectively protect video content

Unique content requires protection.

If the video is poorly protected, then it will be quickly copied or watched without payment. You’ll either never know about it, or you’ll be too late.

The types of video content that need protection the most are:

  • Tutorials and webinars which are downloaded without payment or shared.
  • Corporate videos that should be restricted to viewing by company employees only.
  • Financial and analytical streams which might be published on other resources without attribution.
  • Sports events that must have geo-restrictions to be broadcast on a certain territory only.
  • Unique TV shows and movies which are be downloaded for illegal viewing and distribution.

Unauthorized access can jeopardize trade secrets or revenue-raising strategies. If a streaming service contains confidential or personal customer data, then its protection is always a priority for the business.

We’ll tell you about two effective ways to protect your video content: access control and encryption.

Content access control

The first block of our security options allows you to control access to your broadcasts and videos. With it, you can provide videos only for a fee or by using secret links.

These two options work in a similar way: you can either allow viewing (for example, only within your subnet), or the other way around, by prohibiting some IP addresses from watching broadcasts while allowing everyone else.

The video in this case can be viewed only on your resource or only in a certain country/region. Protected broadcasts or movies can’t be copied and downloaded.

Geo-blocking

Geo-blocking is blocking content by region. This solution will help if you have obtained broadcasting rights for certain countries only.

For example, football matches that can be broadcast only on the territory of China. If a viewer from another country tries to connect, they will be shown a dummy screen “Broadcast not available in your region”. Or, maybe you’re broadcasting the premiere of a film only available in select countries.

Access within a corporate network or blocking by IP address

For corporate events, such as training webinars, the security service may require that video access is only allowed within the office network. For such cases, you can restrict the broadcast to the corporate subnet.

Access from certain devices only

Paid online TV must work with OTT boxes so that only users who have purchased a subscription can watch the broadcasts. With our Streaming Platform, you can choose the types of devices from which viewers can watch.

Blocking by domain

Competitors may copy the player with the broadcast from your website to other pages. You can restrict the placement of the player to your domain only, and then it won’t be possible to embed it into other web resources.

How does it work?

All of the above protection methods work based on nginx configurations.

For blocking by country, we use the nginx geomodule in combination with the Maxmind IP base.

You can enable or disable protection in your personal account, in the settings of the CDN resource associated with streaming.

All these methods guarantee only basic protection against copying and unauthorized access.

For example, blocking by country will filter out most of the connection attempts from restricted countries, but a slightly more advanced viewer might use a VPN or other hacking methods.

Domain protection won’t allow embedding the player into other resources, but pirates can pull direct links to broadcasts from the player, even if it takes more time and effort.

You’ll find the guide for configuring content protection options in the dedicated “Security” section of our knowledge base.

Tokenization and signed URLs

Access to content via one-time links helps to exclude some unauthorized connections to broadcasts and videos.

You can only give content links to those who have purchased a subscription. If the link somehow falls into the wrong hands, then, after a certain time (you control this parameter), it will expire, and it will be quite difficult to find a new key to the link.

If your content is in the public domain and you want to prevent competitors from copying videos, this option will also help. You can generate very short lifespan links and automatically replace them in your application. Thus, it will be possible to play content outside the application for only a few minutes or seconds.

How does it work?

We use the nginx module to generate an MD5 token and add it to the links to a live stream or video after transcoding.

When generating a token, three parameters are included:

  1. Link lifetime.
  2. Original link to the file.
  3. Key.

The output is a unique link (with a unique key in it) that works only for a limited time. After the expiration date, it becomes irrelevant, and when it’s given to third parties, it will no longer be possible to access the content.

You can enable support for generating Secure Token in the settings of the CDN resource associated with streaming in your personal account.

You will need to generate unique links on your side using scripts.

Examples of scripts in several programming languages can be found in the article “Protecting live streams and VOD with token”.

AES-128 content encryption

AES encryption is suitable for any case when you need to provide access only for a certain group of viewers.

These are mainly views by subscription and premiere screenings of films, when fresh content should be leaked to torrents as late as possible and be available only to those who have paid for access.

This protection is more reliable than the methods described above, as it’s rather difficult for an ordinary viewer to intercept and decrypt the keys. For maximum protection, you can combine AES encryption with blocking by country or domain.

How does it work?

We deliver video using an HLS protocol, which means that the video is split into playlists consisting of fragments (chunks). To protect a video from interception in HLS format, there is a standard HLS AES encryption method (encryption using the AES-128 algorithm).

When using AES encryption, all video fragments are transmitted to viewers in encrypted form, and viewers receive a key to decrypt the video in a separate request. The customers decide for themselves (based on cookies and other session parameters) which of the viewers should be given the key, and who should be prohibited from viewing.

How to set up AES content encryption

Please contact us to configure AES encryption. We’ll enable AES support on our side and provide instructions for configuring the server for issuing keys.

Each request for viewing is sent to your server, and only you determine, according to your parameters, whether the viewer can see the video or not. If the viewer has access, your server must send a request to our API to obtain keys and give the viewer a key for decryption.

Premium content encryption using DRM technology

This is an option to protect premium content at the highest level.

DRM guarantees one of the highest levels of protection for video content. The use cases are the same: restricting access to paid or exclusive content.

The disadvantage of DRM is that it’s a complex and expensive technology. However, it makes intercepting keys almost impossible. Usually, in the case of DRM, the viewing key is issued to the viewer and decrypted at the level of the operating system of their device. At the same time, copying or modifying content for the viewer using the received key remains impossible.

How does it work?

With AES-128 encryption, key interception is still possible. Keys are requested and transmitted by the browser, which means that, in theory, advanced viewers can decrypt the key and pass it on to a third party who doesn’t have authorization to access the content.

DRM negates this possibility, as the keys for viewing are requested and decrypted not by the browser, but by the operating system.

Which DRM platforms do we support?

Gcore ensures integration with all major platforms through DRM encryption: FairPlay Streaming (Apple), PlayReady (Microsoft) or Widevine (Google) for real-time live streaming and video on demand (VOD).

Our Streaming Platform offers simultaneous use of all official licenses so that viewers can purchase access to content from any device.

Want to protect your video content with advanced technology? Leave a request for a free consultation or try our streaming platform yourself.

Get a free consultation

Learn more about Streaming Platform

Related articles

How to Speed Up Dynamic Content Delivery Using a CDN

In today’s websites and applications, there are many sections or even pages that are generated according to user properties and preferences. This means that part of the website content is assembled and delivered dynamically as a response to the user’s request.Originally, CDN providers delivered only static web content by caching it on servers around the world, thereby reducing the delivery time to users. They are not designed for dynamic content acceleration.In this article, we explore what makes dynamic content special and how Gcore CDN can speed up its delivery.What is dynamic content?Generally speaking, dynamic content is the content on web pages that is generated when end users request it. Content generation technologies include ASP, JSP, PHP, Perl, CGI requests, and API calls (POST, PUT, and PATCH requests).What the final page with dynamic content will look like depends on distinct factors such as the behavior and preferences of the users on a site, their geolocation, and so on.By using dynamic content, businesses are able to personalize pages. For example:Online stores adapt their product feeds to their customers. Users with different order histories and profiles are served different recommendation feeds, which makes it possible to offer more relevant products and increase conversions.News outlets offer different versions of their website for different readers. Subscribers who have paid for a subscription see full versions of the website, tailored to their interests. For those without a subscription, only the introductory part of the general news block is displayed, along with a pop-up with an offer to purchase a subscription.Franchises localize their sites depending on geolocation. The site’s interface (language, addresses, hours of operation) automatically changes depending on the region in which the user requesting the page is located.With the proliferation of dynamic content on the modern web, there is a challenge in delivering it.What is the challenge of dynamic content delivery?If a business is focused on the global market, content needs to reach users quickly, no matter how remote they are from the origin server. To optimize the delivery of static content, there is a traditional CDN infrastructure consisting of caching servers located around the world.Dynamic content, however, cannot be cached, because it is generated individually for each user. This makes it difficult to use traditional CDNs for sites that contain both types of content. Static site files will be delivered to users from the nearest caching Edge server, while dynamic content will be proxied from the origin, resulting in increased download time.That said, it is still possible to optimize dynamic content delivery. To do so, choose CDNs that provide state-of-the-art delivery acceleration methods. Gcore’s next-gen Edge network architecture uses everything available to accelerate dynamic content delivery as much as possible, and we will look at each of these technologies in detail in this article.How does Gcore’s next-gen CDN accelerate dynamic content delivery?1. Optimized TCP connectionsFor the origin server to respond to a user request for dynamic content on a site via HTTP, a TCP connection must be established between them. The TCP protocol is characterized by reliability: when transmitting data, it requires the receiving side to acknowledge that the packets were received. If a failure occurs and the packets are not received, the desired data segment is resent. However, this reliability comes at the cost of the data rate, slowing it down.Gcore CDN uses two approaches to optimize the speed of the TCP connection:Increasing the congestion window in TCP slow start. TCP slow start is the default network setting that allows you to determine the maximum capacity of a connection safely. It incrementally increases the congestion window size (the number of packets before confirmation is required) if the connection remains stable. When a TCP connection goes through an Edge network, we can increase the congestion window size because we are confident in the stability of the network. In this case, the number of packets will be higher even at the beginning of the connection, allowing dynamic content loading to happen faster.Establishing persistent HTTP connections. By using the HTTP/2 protocol, our Edge network supports multiplexing, which allows multiple data streams to be transmitted over a single, established TCP connection. This means that we can reuse existing TCP connections for multiple HTTP requests, reducing the amount of time needed for traversal and speeding up delivery.Figure 1. Optimized TCP connections within Gcore Edge Network2. Optimized TLS handshakesHTTPS connections use the TLS cryptographic protocol, which secures data transmission and protects it from unauthorized access. To establish a secure TLS connection, three handshakes must be performed between the client and the server during which they exchange security certificate data and generate a session encryption key.It takes a significant amount of time to establish a secure connection. If the RTT (round-trip time) between the origin server and the client is 150 milliseconds, the total connection time will be 450 ms (3 × 150 ms):Figure 2. Three handshakes are required to establish a TLS connectionWhen the source server is connected to the Gcore CDN, TLS handshakes are performed with the help of intermediaries: Edge servers located as close as possible to the user (client) and the origin server. Edge servers belong to the same trusted network, so there is no need to establish a connection between them each time; once is sufficient.Through this method, the connection will be established in 190 ms (more than twice as fast). This time includes three handshakes between the client and the nearest edge server (3 × 10 ms), one handshake between servers in the Edge network (130 ms), and three handshakes between the nearest Edge server and the source (3 × 10 ms):Figure 3. TLS connection establishing with Gcore Edge Network3. WebSockets supportWebSocket is a bidirectional protocol for transferring data between a client and a server via a persistent connection. It allows for real-time message exchange without the need to break connections and send additional HTTP requests.In a standard approach, the client needs to send regular requests to the server to determine if any new information has been received. This increases the load on the origin server, reducing the request processing speed. It also causes delays in content delivery because the browser sends requests at regular intervals and cannot send a new message to the client immediately.In comparison, WebSocket establishes and supports a persistent connection without producing additional load by re-establishing the connection. When a new message appears, the server sends it to the client immediately.Figure 4. The difference between content delivery without and with WebSocketWebSocket support can be enabled in the Gcore interface in two clicks.4. Intelligent routingDynamic content delivery can be accelerated by optimizing packet routing. In the Gcore CDN, a user’s request is routed to the closest Edge server, then passes within the network to the closest server to the source.Network connectivity is critical to achieving high-speed delivery, and Gcore has over 11,000 peering partners to ensure this. Once inside the network, traffic can then bypass the public internet and circulate through ISP networks.We constantly measure network congestion, check connection quality, and perform RUM monitoring. This allows our system to intelligently calculate the best possible route for each request our Edge network receives and increases the overall delivery speed, regardless of whether you’re using static or dynamic content.5. Content prefetchingPrefetching is a technique to speed up content delivery by proactively loading it to Edge servers before end users even request it. It is traditionally associated with static content delivery. But it also can accelerate dynamic content delivery by preloading static objects used in dynamically generated answers.In this case, when an end user requests something, the web server will generate the content with linked objects already on the Edge servers. This reduces the number of requests to the origin server and improves the overall web application performance.How to enable dynamic content delivery in Gcore’s CDNTo enable dynamic content acceleration, you need to integrate the whole website with our CDN by following these step-by-step instructions. In this case, you also need to use our DNS service (it has a free plan) to connect the domain of your website with our DNS points of presence for better balancing.What’s next?Modern applications will be more customized and tuned to custom parameters. Providing users with the most relevant content could become a significant competitive advantage for online businesses.Going in parallel with a constant need for decreased latency, this tendency is pushing forward serverless computing, an emerging technology that is focused on running an application code right on cloud Edges. In addition to overall simplifying the app deployment process, it will open a wide range of opportunities for content customization.We are developing serverless computing products to provide users with the best possible performance and improve their overall web experience. We will keep you informed about the progress and significant updates.Discover Gcore CDN possibilities that give your business access to a high-capacity network with hundreds of Edge servers worldwide. It can improve your web application performance and will allow you to personalize the user experience.Learn more about Gcore CDN

Streaming Platform year in review: Updates and results of 2022

Throughout 2022, we worked hard to make our services convenient and useful for you. Now we’re happy to share the results!Minutes of broadcasting2022 brought our Streaming Platform plenty of new clients to greet. All our efforts rounded up to about 57 million transcoded minutes of different kinds of content, which equals almost 108 years!Check out this short video to better appreciate the results. We calculated how many average football matches, Instagram live streams, YouTube videos, Netflix episodes, and TikTok videos would fit into 57 million minutes.Streaming Platform updatesHere are the top updates our team brought to life to improve your experience on our platform.New simplified control panel and improved UI. Creating Streams has never been simpler! Easy set-up, multiple streams consolidation in one single player, organized video hosting options, improved interface, and restreaming opportunities.New cost-effective pricing—per minute billing and free encoding. We introduced our new pricing plan with free adaptive bitrate encoding that counts the length of the original video only. No gigabytes, extra payment for transcoded qualities, or pre-paid commitments. You’ll only pay for the minutes you use! It makes our prices lower than those of our competitors.Improved video encoding. We now compress video better while ensuring the same level of quality is maintained.Video Calls new features and redesign. You can now create a unique visual presence, improve your brand recognition, and simply cover up your personal area or workspace by adding virtual backgrounds on your video calls—blur, static images, or even animated images using AI/ML in a simple browser. Also, you can now share videos, store files, and browse the entire chat history.Low latency for live streams. Now we offer an option of choosing between normal speed and low latency delay via HLS of up to 4 seconds for live broadcasts.Object recognition using AI/ML for UGC, VOD content.New open-source apps on GitHub. We know our users love copying code, so we keep helping them by adding new demos on GitHub: iOS video scrolling like in TikTok, React Native Video Call Demo App.We sincerely thank you for partnering with us this year. In 2023, we will continue to make the Streaming Platform even more convenient and functional to meet all your business needs and keep your viewers happy!

How we solve issues of RTMP-to-HLS streaming on iOS and Android

Long launch times, video buffering, high delays, broadcast interruptions, and other lags are common issues when developing applications for streaming and live streaming. Anyone who has ever developed such services has come across at least one of them.In previous articles, we talked about how to develop streaming apps for iOS and Android. And today, we will share the problems we encountered in the process and how we solved them.Use of a modern streaming platformAll that is required from the mobile app is to capture video and audio from the camera, form a data stream, and send it to viewers. A streaming platform will be needed for mass content distribution to a wide audience.Streaming via the Gcore platformThe only drawback of a streaming platform is latency. Broadcasting is a rather complex and sophisticated process. A certain amount of latency occurs at each stage.Our developers were able to assemble a stable, functional, and fast solution that requires 5 seconds to launch all processes, while the end-to-end latency when broadcasting in the Low latency mode takes 4 seconds.The table below shows several platforms that solve the latency reduction problem in their own way. We compared several solutions, studied each one, and found the best approach.It takes 5 minutes to start streaming on Gcore Streaming Platform:Create a free account. You will need to specify your email and password.Activate the service by selecting Free Live or any other suitable plan.Create a stream and start broadcasting.All the processes involved in streaming are inextricably linked. Changes to one affect all subsequent ones. Therefore, it would be incorrect to divide them into separate blocks. We will consider what can be optimized and how.Decrease of GOP size and speed up of stream delivery and receptionTo start decoding and processing any video stream, you need an iframe. We conducted tests and selected the optimal 2-second iFrame interval for our apps. However, in some cases, it can be changed to 1 second. By reducing the GOP length, the decoding, and thus the beginning of stream processing, is faster.iOSSet maxKeyFrameIntervalDuration = 2.AndroidSet iFrameIntervalInSeconds = 2.Background streaming to keep it uninterruptedIf you need short pauses during streaming, for example, to switch to another app, you can continue streaming in the background and keep the video intact. In doing so, we do not waste time on initializing all processes and keep minimal end-to-end latency when returning to the air.iOSApple forbids recording video while the app is minimized. Our initial solution was to disable the camera at the appropriate moment and reconnect it when returning to the air. To do this, we subscribed to a system notification informing us of the entry/exit to the background state.It didn’t work. The connection was not lost, but the library did not send the video of the RTMP stream. Therefore, we decided to make changes to the library itself.Each time the system sends a buffer with audio to AVCaptureAudioDataOutputSampleBufferDelegate, it checks whether all devices are disconnected from the session. Only the microphone should remain connected. If everything is correct, timingInfo is created. It contains information about the duration, dts, and pts of a fragment.After that, the pushPauseImageIntoVideoStream method of the AVMixer class is called, which checks the presence of a picture to pause. Next, a CVPixelBuffer with the image data is created via the pixelBufferFromCGImage method, and the CMSampleBuffer itself is created via the createBuffer method, which is sent to AVCaptureVideoDataOutputSampleBufferDelegate.Extension for AVMixer:hasOnlyMicrophone checks if all devices except the microphone are disconnected from the sessionfunc pushPauseImageIntoVideoStream takes data from the audio buffer, creates a video buffer, and sends it to AVCaptureVideoDataOutputSampleBufferDelegateprivate func pixelBufferFromCGImage (image: CGImage) creates and returns CVPixelBuffer from the imagecreateBuffer (pixelBuffer: CVImageBuffer, timingInfo: input CMSampleTimingInfo) creates and returns a CMSampleBuffer from timingInfo and CVPixelBufferAdd the pauseImage property to the AVMixer class:In AVAudioIOUnit, add the functionality to the func captureOutput (_ output: AVCaptureOutput, didOutput sampleBuffer: CMSampleBuffer, from connection: AVCaptureConnection) method:AndroidWith Android, things turned out to be simpler. Looking deeper into the source code of the library that we used, it becomes clear that streaming is actually in a separate stream.Considering the life cycle of the component where our streaming is initialized, we decided to initialize it in the ViewModel—it remains alive throughout the life cycle of the component to which it is bound (Activity, Fragment).ViewModel life cycleNothing will change in the life cycle of ViewModel, even in case of changes in configuration, orientation, background transition, etc.But there is still a small problem. For streaming, we need to create a RtmpCamera2() object, which depends on an OpenGlView object. This is a UI element, which means it is eliminated when the app goes to background and the streaming process is interrupted.The solution was found quickly. The library allows you to easily replace the View option of the RtmpCamera2 object. We can replace it with a Context object from our app. Its life lasts until the app is eliminated by the system or closed by the user.We consider the elimination of the OpenGlView object to be an indicator of the app going to background and the creation of this View to be the signal of a return to foreground. For this purpose, we need to implement the corresponding callback:Next, as we mentioned before, we need to replace the OpenGlView object with Context when going to background and back to foreground. To do this, we define the required methods in ViewModel. We’ll also need to stop streaming when ViewModel is eliminated.If we need to pause our streaming without going to background, we just have to turn off the camera and microphone. In this mode, the bitrate is reduced to 70–80 Kbps, which allows you to save traffic.WebSocket and launch of the player at the right timeUse WebSocket to get the required information about the content being ready for playing and to start streaming instantly:Use of adaptive bitrate and resolutionIf we perform streaming from a mobile device, cellular networks will be used for video transmission. It is the main problem in mobile streaming: the signal level and its quality depend on many factors. Therefore, it is necessary to adapt the bitrate and resolution to the available bandwidth. This will help maintain a stable streaming process regardless of the viewers’ internet connection quality.How adaptive bitrate worksiOSTwo RTMPStreamDelegate methods are used to implement adaptive bitrate:Examples of implementation:The adaptive resolution is adjusted according to the bitrate. We used the following resolution/bitrate ratio as a basis:Resolution1920×10801280×720854×480640×360Video bitrate6 Mbps2 Mbps0.8 Mbps0.4 MbpsIf the bandwidth drops by more than half of the difference between two adjacent resolutions, switch to a lower resolution. To increase the bitrate, switch to a higher resolution.AndroidTo use adaptive bitrate, change the implementation of the ConnectCheckerRtmp interface:SummaryStreaming from mobile devices is not a difficult task. Using open-source code and our Streaming Platform, this can be done quickly and at minimal costs.Of course, you can always face problems during the development process. We hope that our solutions will help you simplify this process and complete your tasks faster.Learn more about developing apps for streaming on iOS and Android in our articles:“How to create a mobile streaming app on Android”“How to create a mobile streaming app on iOS”Repositories with the source code of mobile streaming apps can be found on GitHub: iOS, Android.Seamlessly stream on mobile devices using our Streaming Platform.More about Streaming Platform

6 image optimization use cases for website owners

Having high-quality and well-optimized visual content is essential for any site; in certain business areas—such as online stores or marketplaces—it’s critical for business success.Image Stack by Gcore is a cloud-based image optimization tool that helps website owners and web developers simplify their working routines. It helps cut bandwidth costs and improve user experience by just applying small changes in URL query strings and your website settings.This article unveils how Image Stack makes working with images easier and describes examples of how the tool can help your business.1. Improve user experience with fast-loading images and boost SEOUsers’ tolerance for the long rendering of content on the page is now extremely low. Moreover, many people browse websites from mobile devices with additional loading speed limitations.Reducing the load time of each image enables the site to be faster and more responsive. It will improve the user experience and decrease the frequency of page abandonment. In turn, this will positively impact SEO and increase your website’s positions in search rankings.Image stack includes several features that can reduce load time (the “Content Download” in web browser metrics) for every image on the page:Image compression with WebP and AVIF formatsReducing image size by changing quality settingsResizing and cropping images2. Make your web service’s images responsive for all browsers and devicesCloud-based image optimization saves you from having to manage picture versions manually. All you need is the original image on the host server and to assign the settings once in the Image Stack option.For example, suppose you upload a full-size original image (e.g., JPG) to the origin server and use Image Stack. In that case, the users automatically get the version of the image that best suits their browser. If their browser supports AVIF, they will receive this image in that format. If the browser defaults to WebP, then that’s how the image will arrive. Some legacy browser versions don’t support modern formats; should this occur, the user will receive the original JPG image.You can also set different aspect ratios of one image to best suit mobile and desktop versions of your website. For example, choose the 1:1 option for mobile devices with limited screen size, and apply 3:2 for regular desktops with full-size screens.Thus, your site will be adaptive to different devices and browsers, with one copy of the original image.3. Keep all processing in the cloud and save on hardware investmentsWith Image Stack, you don’t need to use any third-party image editing software, pull additional resources from your web hosting, or enlist additional add-ons to your web server to perform image processing.Everything is processed in the cloud on our infrastructure’s servers. It’s fast and hassle-free for you. Our dedicated computational clusters of edge servers receive the version of the original image and handle it to apply configurations. Then, it sends the processed duplicate to Gcore’s caching servers.The images will then be delivered worldwide with minimal delay, as everything works in unison with our global CDN.4. Free up your team from pre-upload editingIn the recent past, in order to keep the site loading fast, it was necessary to compress images before publishing them. For example, companies would have a rule not to upload blog post covers larger than 200 KB to the site. Before publishing, designers at these companies compressed each image with graphics editors. If you have to do that with a couple of pictures a week, it’s not a problem. But if you have to process hundreds or thousands of images—this can strain your team.With cloud-based image optimization, none of this is required. You can easily upload full-size PNG or JPG images, and our service will pass them on to the web with the right compression settings.If some image requires an individual approach (for example, to change the size or crop a fragment), it can also be done without external editors. Your web admin can simply add several query parameters to the image URL.5. Become more agile with website changesIf you plan design changes or do A/B testing for a better visitor experience, it may affect image proportions or dimensions.For example, say you want to update the design of the product gallery and replace images from the aspect ratio 1:1 to a vertical format 1:2. You can do it by inserting additional code in website HTML/CSS files. But in this case, your end-users will still load the full original image anyway, and their browsers will just hide extra parts (cutting width area) by executing code. This approach is not optimization-friendly and can increase load time.The cloud optimization approach is a strategic alternative to the above method. To change the aspect ratio, you should add one query parameter to the image URL (img.jpg?crop=1:2). And the new version of the original image will be delivered to end-users.This approach lifts restrictions for website design changes and allows you to experiment—even if you have a large photo bank of earlier uploaded and/or non-standardized images.6. Pay less by reducing bandwidth trafficIf the initial images (e.g., photos of goods) were uploaded in high definition in JPG format, the size of each file could be more than 1 MB. Let’s look at one image for example. When downloaded about 100,000 times per month, the volume of paid traffic will be 100 GB.If this image is delivered from the edge servers with Image Stack’s optimization applied, the image size will be 100-200 KB. So, the final volume will be 10–20 GB instead of 100 GB.Dynamic image optimization by Gcore Image Stack lets your business provide better web performance without requiring complicated configurations or hardware investments. The option accomplishes six goals at once and allows you to concentrate on creating high-level content, not managing its optimization or how it’s delivered.

6 image optimization use cases for website owners

Having high-quality and well-optimized visual content is essential for any site; in certain business areas—such as online stores or marketplaces—it’s critical for business success.Image Stack by2 Gcore is a cloud-based image optimization tool that helps website owners and web developers simplify their working routines. It helps cut bandwidth costs and improve user experience by just applying small changes in URL query strings and your website settings.This article unveils how Image Stack makes working with images easier and describes examples of how the tool can help your business.1. Improve user experience with fast-loading images and boost SEOUsers’ tolerance for the long rendering of content on the page is now extremely low. Moreover, many people browse websites from mobile devices with additional loading speed limitations.Reducing the load time of each image enables the site to be faster and more responsive. It will improve the user experience and decrease the frequency of page abandonment. In turn, this will positively impact SEO and increase your website’s positions in search rankings.Image stack includes several features that can reduce load time (the “Content Download” in web browser metrics) for every image on the page:Image compression with WebP and AVIF formatsReducing image size by changing quality settingsResizing and cropping images2. Make your web service’s images responsive for all browsers and devicesCloud-based image optimization saves you from having to manage picture versions manually. All you need is the original image on the host server and to assign the settings once in the Image Stack option.For example, suppose you upload a full-size original image (e.g., JPG) to the origin server and use Image Stack. In that case, the users automatically get the version of the image that best suits their browser. If their browser supports AVIF, they will receive this image in that format. If the browser defaults to WebP, then that’s how the image will arrive. Some legacy browser versions don’t support modern formats; should this occur, the user will receive the original JPG image.You can also set different aspect ratios of one image to best suit mobile and desktop versions of your website. For example, choose the 1:1 option for mobile devices with limited screen size, and apply 3:2 for regular desktops with full-size screens.Thus, your site will be adaptive to different devices and browsers, with one copy of the original image.3. Keep all processing in the cloud and save on hardware investmentsWith Image Stack, you don’t need to use any third-party image editing software, pull additional resources from your web hosting, or enlist additional add-ons to your web server to perform image processing.Everything is processed in the cloud on our infrastructure’s servers. It’s fast and hassle-free for you. Our dedicated computational clusters of edge servers receive the version of the original image and handle it to apply configurations. Then, it sends the processed duplicate to Gcore’s caching servers.The images will then be delivered worldwide with minimal delay, as everything works in unison with our global CDN.4. Free up your team from pre-upload editingIn the recent past, in order to keep the site loading fast, it was necessary to compress images before publishing them. For example, companies would have a rule not to upload blog post covers larger than 200 KB to the site. Before publishing, designers at these companies compressed each image with graphics editors. If you have to do that with a couple of pictures a week, it’s not a problem. But if you have to process hundreds or thousands of images—this can strain your team.With cloud-based image optimization, none of this is required. You can easily upload full-size PNG or JPG images, and our service will pass them on to the web with the right compression settings.If some image requires an individual approach (for example, to change the size or crop a fragment), it can also be done without external editors. Your web admin can simply add several query parameters to the image URL.5. Become more agile with website changesIf you plan design changes or do A/B testing for a better visitor experience, it may affect image proportions or dimensions.For example, say you want to update the design of the product gallery and replace images from the aspect ratio 1:1 to a vertical format 1:2. You can do it by inserting additional code in website HTML/CSS files. But in this case, your end-users will still load the full original image anyway, and their browsers will just hide extra parts (cutting width area) by executing code. This approach is not optimization-friendly and can increase load time.The cloud optimization approach is a strategic alternative to the above method. To change the aspect ratio, you should add one query parameter to the image URL (img.jpg?crop=1:2). And the new version of the original image will be delivered to end-users.This approach lifts restrictions for website design changes and allows you to experiment—even if you have a large photo bank of earlier uploaded and/or non-standardized images.6. Pay less by reducing bandwidth trafficIf the initial images (e.g., photos of goods) were uploaded in high definition in JPG format, the size of each file could be more than 1 MB. Let’s look at one image for example. When downloaded about 100,000 times per month, the volume of paid traffic will be 100 GB.If this image is delivered from the edge servers with Image Stack’s optimization applied, the image size will be 100-200 KB. So, the final volume will be 10–20 GB instead of 100 GB.Dynamic image optimization by Gcore Image Stack lets your business provide better web performance without requiring complicated configurations or hardware investments. The option accomplishes six goals at once and allows you to concentrate on creating high-level content, not managing its optimization or how it’s delivered.

Protecting networks at scale with AI security strategies

Network cyberattacks are no longer isolated incidents. They are a constant, relentless assault on network infrastructure, probing for vulnerabilities in routing, session handling, and authentication flows. With AI at their disposal, threat actors can move faster than ever, shifting tactics mid-attack to bypass static defenses.Legacy systems, designed for simpler threats, cannot keep pace. Modern network security demands a new approach, combining real-time visibility, automated response, AI-driven adaptation, and decentralized protection to secure critical infrastructure without sacrificing speed or availability.At Gcore, we believe security must move as fast as your network does. So, in this article, we explore how L3/L4 network security is evolving to meet new network security challenges and how AI strengthens defenses against today’s most advanced threats.Smarter threat detection across complex network layersModern threats blend into legitimate traffic, using encrypted command-and-control, slow drip API abuse, and DNS tunneling to evade detection. Attackers increasingly embed credential stuffing into regular login activity. Without deep flow analysis, these attempts bypass simple rate limits and avoid triggering alerts until major breaches occur.Effective network defense today means inspection at Layer 3 and Layer 4, looking at:Traffic flow metadata (NetFlow, sFlow)SSL/TLS handshake anomaliesDNS request irregularitiesUnexpected session persistence behaviorsGcore Edge Security applies real-time traffic inspection across multiple layers, correlating flows and behaviors across routers, load balancers, proxies, and cloud edges. Even slight anomalies in NetFlow exports or unexpected east-west traffic inside a VPC can trigger early threat alerts.By combining packet metadata analysis, flow telemetry, and historical modeling, Gcore helps organizations detect stealth attacks long before traditional security controls react.Automated response to contain threats at network speedDetection is only half the battle. Once an anomaly is identified, defenders must act within seconds to prevent damage.Real-world example: DNS amplification attackIf a volumetric DNS amplification attack begins saturating a branch office's upstream link, automated systems can:Apply ACL-based rate limits at the nearest edge routerFilter malicious traffic upstream before WAN degradationAlert teams for manual inspection if thresholds escalateSimilarly, if lateral movement is detected inside a cloud deployment, dynamic firewall policies can isolate affected subnets before attackers pivot deeper.Gcore’s network automation frameworks integrate real-time AI decision-making with response workflows, enabling selective throttling, forced reauthentication, or local isolation—without disrupting legitimate users. Automation means threats are contained quickly, minimizing impact without crippling operations.Hardening DDoS mitigation against evolving attack patternsDDoS attacks have moved beyond basic volumetric floods. Today, attackers combine multiple tactics in coordinated strikes. Common attack vectors in modern DDoS include the following:UDP floods targeting bandwidth exhaustionSSL handshake floods overwhelming load balancersHTTP floods simulating legitimate browser sessionsAdaptive multi-vector shifts changing methods mid-attackReal-world case study: ISP under hybrid DDoS attackIn recent years, ISPs and large enterprises have faced hybrid DDoS attacks blending hundreds of gigabits per second of L3/4 UDP flood traffic with targeted SSL handshake floods. Attackers shift vectors dynamically to bypass static defenses and overwhelm infrastructure at multiple layers simultaneously. Static defenses fail in such cases because attackers change vectors every few minutes.Building resilient networks through self-healing capabilitiesEven the best defenses can be breached. When that happens, resilient networks must recover automatically to maintain uptime.If BGP route flapping is detected on a peering session, self-healing networks can:Suppress unstable prefixesReroute traffic through backup transit providersPrevent packet loss and service degradation without manual interventionSimilarly, if a VPN concentrator faces resource exhaustion from targeted attack traffic, automated scaling can:Spin up additional concentratorsRedistribute tunnel sessions dynamicallyMaintain stable access for remote usersGcore’s infrastructure supports self-healing capabilities by combining telemetry analysis, automated failover, and rapid resource scaling across core and edge networks. This resilience prevents localized incidents from escalating into major outages.Securing the edge against decentralized threatsThe network perimeter is now everywhere. Branches, mobile endpoints, IoT devices, and multi-cloud services all represent potential entry points for attackers.Real-world example: IoT malware infection at the branchMalware-infected IoT devices at a branch office can initiate outbound C2 traffic during low-traffic periods. Without local inspection, this activity can go undetected until aggregated telemetry reaches the central SOC, often too late.Modern edge security platforms deploy the following:Real-time traffic inspection at branch and edge routersBehavioral anomaly detection at local points of presenceAutomated enforcement policies blocking malicious flows immediatelyGcore’s edge nodes analyze flows and detect anomalies in near real time, enabling local containment before threats can propagate deeper into cloud or core systems. Decentralized defense shortens attacker dwell time, minimizes potential damage, and offloads pressure from centralized systems.How Gcore is preparing networks for the next generation of threatsThe threat landscape will only grow more complex. Attackers are investing in automation, AI, and adaptive tactics to stay one step ahead. Defending modern networks demands:Full-stack visibility from core to edgeAdaptive defense that adjusts faster than attackersAutomated recovery from disruption or compromiseDecentralized detection and containment at every entry pointGcore Edge Security delivers these capabilities, combining AI-enhanced traffic analysis, real-time mitigation, resilient failover systems, and edge-to-core defense. In a world where minutes of network downtime can cost millions, you can’t afford static defenses. We enable networks to protect critical infrastructure without sacrificing performance, agility, or resilience.Move faster than attackers. Build AI-powered resilience into your network with Gcore.Check out our docs to see how DDoS Protection protects your network

Subscribe to our newsletter

Get the latest industry trends, exclusive insights, and Gcore updates delivered straight to your inbox.