Gcore named a Leader in the GigaOm Radar for AI Infrastructure!Get the report
Under attack? Log in
Sign up for free

Products

Solutions

Pricing

Resources

Partners

Why Gcore

Under attack?
Log in
Contact us
Contact us Sign up for free
  1. Home
  2. Blog
  3. How we protect clients’ servers anywhere in the world. Everything about GRE tunneling
Security
Expert insights
Developers

How we protect clients’ servers anywhere in the world. Everything about GRE tunneling

  • March 24, 2023
  • 6 min read
How we protect clients’ servers anywhere in the world. Everything about GRE tunneling

How we protect clients’ servers anywhere in the world. Everything about GRE tunneling
We will explain what GRE tunnels are, how they help keep your data safe, and how to configure your routers and hosts to make a GRE tunnel.

For any company that relies heavily on online sales and transactions, the increasing number of cyberattacks targeting e-commerce websites is a growing concern. E-commerce websites are vulnerable to attacks such as distributed denial-of-service (DDoS) and brute-force attacks, which can lead to a loss of valuable business traffic from legitimate customers or your users’ sensitive information being compromised.

Fortunately, you can get another layer of protection remotely whenever your servers are. This is possible due to the generic routing encapsulation (GRE) tunnel. Such a tunnel helps to establish a private connection between your servers or network and a scrubbing center. This allows the protection provider to scan all your incoming traffic for malicious activity and block any potential threats before they can reach your servers. After your incoming traffic has been scanned, all safe traffic is forwarded to your network or servers for processing through the GRE tunnel. Your server’s response is sent through the GRE tunnel to the scrubbing center and the customer.

In this article, we will explain what GRE tunnels are and how they help keep your data safe. We will walk you through how to configure your routers and hosts in your data center to establish a secure and seamless connection to Gcore’s scrubbing center via a GRE tunnel. Specifically, the article will explain how to set up a GRE tunnel interface to communicate over the internet on a Cisco router or a Linux host.

What is a GRE tunnel and how does it work?

A generic routing encapsulation (GRE) tunnel is a network connection that uses the GRE protocol to encapsulate a variety of network layer protocols inside virtual point-to-point links over an Internet Protocol (IP) network. It allows remote sites to be connected to a single network as if they were both directly connected to each other or to the same physical network infrastructure. GRE is often used to extend a private network over the public internet, allowing remote users to securely access resources on the private network.

It might sound like GRE tunnels and VPNs are the same. However, GRE tunnels can transport or forward multicast traffic, which is essential for actions like routing protocol advertisement and for video conferencing applications, while a VPN can only transport unicast traffic. Additionally, traffic over GRE tunnels is unencrypted by default, but VPNs provide different encryption methods via the IPsec protocol suite, and their traffic can be encrypted from end to end. All the same, traffic transmitted across most sites employs encryption standards such as TLS/SSL for all communications.

You can think of a GRE tunnel as a “tunnel” or “subway” that connects two different networks (e.g., your company’s private network and Gcore’s scrubbing center network). Just like how a subway tunnel allows people to travel between different stations, a GRE tunnel allows data to travel between different networks.

The “train” in this analogy is a data packet being sent through the tunnel. These packets are “encapsulated” or wrapped with a GRE header, which tells the network where the packets are coming from and where they’re going, similar to how a subway train has a destination on the front and the back.

Once the packets reach the “destination station,” the GRE header is removed and the original packets are sent to their intended destination. In this way, the data can travel securely and privately over the public internet as if it were on a private network.

Configuring your network hosts for GRE tunneling

Now that you understand what a GRE tunnel is, the next few sections will show you how to set up tunnel interfaces on a Cisco router and on a Linux server within your data center. You’ll also be shown how to configure private IP addresses on these tunnel interfaces and test the connections.

Configuring a GRE tunnel on a Cisco router

First, you’ll set up your Cisco router to establish a connection to Gcore’s scrubbing center via a GRE tunnel over the public internet, as seen in the diagram below:

In the above diagram, both routers have physical public IPs that they can use to directly connect and interact on the internet via their respective ISPs. There’s also a private network behind the routers on both ends and private IPs for the tunnel interfaces (192.168.1.1 for the client router and 192.168.1.2 for the scrubbing center router). Through a public connection over the internet, a private connection is established using the private IPs on the tunnel interface as though the two tunnel interfaces on each device were physically connected directly to the same network.

First, connect to your router, either via a console cable directly or via SSH if you have that configured, and enter the global configuration mode with the following command:

Plaintext
CR1# configure terminal

You can now create a virtual tunnel interface. The tunnel interface can be any number you want. The following example uses 77 and also places you in the interface configuration mode:

Plaintext
CR1(config)# interface tunnel 77

Next, configure the tunnel interface you just created with the private IP address for router CR1:

Plaintext
CR1(config if)# ip address 192.168.1.1 255.255.255.0

Set the tunnel source, or the interface through which the tunnel establishes a connection from your router. In the following example, the source is the public IP of the client router, 3.3.3.1:

Plaintext
CR1(config if)# tunnel source 3.3.3.1

You also need to configure the tunnel destination—in this case, the public IP address of the scrubbing center’s router, through which you connect to that router’s private tunnel interface:

Plaintext
CR1(config if)# tunnel destination 4.4.4.1

As you know, GRE adds extra headers with information to the original packets. This changes the size of the packet by 24 bytes over the standard MTU limit of 1,500 bytes, which may cause packets to drop. You can solve this by reducing the MTU by 24 bytes to 1,476, such that the MTU plus the extra headers will not go over 1,500:

Plaintext
CR1(config if)# ip mtu 1476

Accordingly, you must change the MSS to be 40 bytes lower than the MTU at 1,436:

Plaintext
CR1(config if)# ip tcp adjust-mss 1436

Now, exit to privileged EXEC mode and check the IP configuration on your router:

Plaintext
CR1(config if)# endCR1# show IP interfaces brief

You should have an output similar to the following, showing the tunnel interface with the IP you configured for it:

Plaintext
CR1# show IP interface briefInterface		IP-Address	OK?	Method	Status			ProtocolGigabitEthernet0/0	3.3.3.1		YES	manual	up			upGigabitEthernet0/1	unassigned	YES	NVRAM	down			downGigabitEthernet0/2	unassigned	YES	NVRAM	administratively down	downGigabitEthernet0/3	unassigned	YES	NVRAM	administratively down	downTunnel77		192.168.1.1	YES	manual	up			up

Test the connection to the remote router, SCR1, using the private tunnel IP address 192.168.1.2:

Plaintext
CR1# ping 192.168.1.2

Your output should be similar to the image below, confirming a successful connection:

Finally, save your running config:

Plaintext
CR1# copy running-config startup-config

You have successfully configured your router to establish a connection via a GRE tunnel.

Configuring a GRE tunnel on a Linux server

This section discusses how to set up the tunnel interface and establish a connection over the GRE tunnel to the remote server. This particular setup uses the Ubuntu 20 LTS operating system. Below is a diagram illustrating the configuration for the various aspects of this setup:

Create a new tunnel using the GRE protocol from your server’s public IP address to the remote server’s IP, in this case 13.51.172.192 and 196.43.196.101, respectively:

Plaintext
# ip tunnel add tunnel0 mode gre local 13.51.172.192 remote 196.43.196.101 ttl 255

If you are using an Amazon EC2 instance or similar VPC behind an application firewall or network, then you need to obtain the private IP of the instance because the public IP traffic is just routed to and from the VPC via private IP.

As you can see from the output of the following command, the instance’s private IP is hyphenated in the fully qualified hostname of your VPC:

Plaintext
# hostname -fip-172-31-38-152.eu-north-1.compute.internal

Now you can create the tunnel by replacing the local public IP 13.51.172.192 with the private IP 172.31.38.152 that you just obtained, as seen below. This is not necessary if you are doing this on a physical server.

Plaintext
# ip tunnel add tunnel0 mode gre local 172.31.38.152 remote 196.43.196.101 ttl 255

Next, you need to add a private subnet to be used on the tunnel, which is 192.168.0.2/30 in this example:

Plaintext
# ip addr add 192.168.0.2/30 dev tunnel0

Once that’s done, you can now bring up the tunnel link using the following command:

Plaintext
# ip link set tunnel0 up

Finally, test if the remote server is reachable over the tunnel by pinging its tunnel IP address, as seen in the output below, which signifies a successful connection via the GRE tunnel:

Plaintext
# ping 192.168.0.1 -c4 PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.64 bytes from 192.168.0.1: icmp_seq=1 ttl=64 time=275 ms64 bytes from 192.168.0.1: icmp_seq=2 ttl=64 time=275 ms64 bytes from 192.168.0.1: icmp_seq=3 ttl=64 time=275 ms64 bytes from 192.168.0.1: icmp_seq=4 ttl=64 time=281 ms--- 192.168.0.1 ping statistics ---4 packets transmitted, 4 received, 0% packet loss, time 3005msrtt min/avg/max/mdev = 274.661/276.239/280.724/ msas

At this point, you must ensure all traffic reaching you via the tunnel has the response routed back via the tunnel by adding some rules to your routing table. Use the commands below:

Plaintext
// Create the routing table# echo '100 GRE' >> /etc/iproute2/rt_tables// Respect the rules for the private subnet via that table# ip rule add from 192.168.0.0/30 table GRE// Set the default route to make sure all traffic goes via the tunnel remote server# ip route add default via 192.168.0.1 table GRE

That’s it! You’ve successfully set up a connection from your server via a GRE tunnel to a scrubbing center.

Conclusion

In this article, you learned what a GRE tunnel is and how it works. We touched on how a GRE tunnel can protect your servers from cyberattacks, such as denial-of-service attacks, by routing the incoming network traffic through Gcore’s scrubbing center. In the end, you’ve walked through how to set up a GRE tunnel connection using either your Cisco router or your Linux server.

We offer powerful DDoS prevention services with multi-Tbps filtering capacity, ensuring web and server resilience across all continents except Antarctica. When a high-volume attack occurs, the is less than 1 ms latency. If you are looking for a solution to protect your servers, use Gcore—with GRE tunneling technology, we will protect your server anywhere in the world.

Written by Rexford A. Nyarko

Open Gcore DDoS security solutions page

null

Gcore Team

Content Team

Table of contents

Try Gcore Security

Gcore all-in-one platform: cloud, AI, CDN, security, and other infrastructure services.

Try for free

Related articles

Gcore successfully stops 6 Tbps DDoS attack

Gcore recently detected and mitigated one of the most powerful distributed denial-of-service (DDoS) attacks of the year, peaking at 6 Tbps and 5.3 billion packets per second (Bpps).This surge, linked to the AISURU botnet, reflects a growing trend of large-scale attacks. It reminds us how crucial effective protection has become for companies that depend on high availability and low latency. 6 Tbps 5.3 BppsThe attack in numbersPeak traffic: 6 TbpsPacket rate: 5.3 BppsMain protocol: UDP, typical of volumetric floods designed to overwhelm bandwidthGeographic concentration: 51% of sources originated in Brazil and 23.7% in the US, together accounting for nearly 75% of all trafficGeographic sources This regional concentration shows how today’s botnets are expanding across areas with high device connectivity and weaker security measures, creating an ideal environment for mass exploitation.How to strengthen your defensesThe 6 Tbps attack is not an isolated incident. It marks an escalation in DDoS activity across industries where performance and availability are critical to customer satisfaction and company revenue. To protect your business from large-scale DDoS attacks, consider the following key strategies:Adopt an adaptive DDoS protection that detects and mitigates attacks automatically.Leverage edge infrastructure to absorb malicious traffic closer to its source.Prepare for high traffic volumes by upgrading your infrastructure or partnering with a reliable DDoS protection provider that has the global capacity and resources to keep your services online during large-scale attacks.Keeping your business safe with GcoreTo stay ahead of these evolving threats, companies need solutions that deliver real-time detection, intelligent mitigation, and global reach. Gcore’s DDoS Protection was built to do precisely that, leveraging AI-driven traffic analysis and worldwide network capacity to block attacks before they impact your users.As attacks grow larger and more complex, staying resilient means being prepared. With the right protection in place, your customers will never know an attack happened in the first place.Learn more about 2025 cyberattack trends

Gcore Radar Q1–Q2 2025: three insights into evolving attack trends

Cyberattacks are becoming more frequent, larger in scale, and more sophisticated in execution. For businesses across industries, this means protecting digital resources is more important than ever. Staying ahead of attackers requires not only robust defense solutions but also a clear understanding of how attack patterns are changing.The latest edition of the Gcore Radar report, covering the first half of 2025, highlights important shifts in attack volumes, industry targets, and attacker strategies. Together, these findings show how the DDoS landscape is evolving, and why adaptive defense has never been more important.Here are three key insights from the report, which you can download in full here.#1. DDoS attack volumes continue to riseIn Q1–Q2 2025, the total number of DDoS attacks grew by 21% compared to H2 2024 and 41% year-on-year.The largest single attack peaked at 2.2 Tbps, surpassing the previous record of 2 Tbps in late 2024.The growth is driven by several factors, including the increasing availability of DDoS-for-hire services, the rise of insecure IoT devices feeding into botnets, and heightened geopolitical and economic tensions worldwide. Together, these factors make attacks not only more common but also harder to mitigate.#2. Technology overtakes gaming as the top targetThe distribution of attacks by industry has shifted significantly. Technology now represents 30% of all attacks, overtaking gaming, which dropped from 34% in H2 2024 to 19% in H1 2025. Financial services remain a prime target, accounting for 21% of attacks.This trend reflects attackers’ growing focus on industries with broader downstream impact. Hosting providers, SaaS platforms, and payment systems are attractive targets because a single disruption can affect entire ecosystems of dependent businesses.#3. Attacks are getting smarter and more complexAttackers are increasingly blending high-volume assaults with application-layer exploits aimed at web apps and APIs. These multi-layered tactics target customer-facing systems such as inventory platforms, payment flows, and authentication processes.At the same time, attack durations are shifting. While maximum duration has shortened from five hours to three, mid-range attacks lasting 10–30 minutes have nearly quadrupled. This suggests attackers are testing new strategies designed to bypass automated defenses and maximize disruption.How Gcore helps businesses stay protectedAs attack methods evolve, businesses need equally advanced protection. Gcore DDoS Protection offers over 200 Tbps filtering capacity across 210+ points of presence worldwide, neutralizing threats in real time. Integrated Web Application and API Protection (WAAP) extends defense beyond network perimeters, protecting against sophisticated application-layer and business-logic attacks. To explore the report’s full findings, download the complete Gcore Radar report here.Download Gcore Radar Q1-Q2 2025

No capacity = no defense: rethinking DDoS resilience at scale

DDoS attacks are growing so massive they are overwhelming the very infrastructure designed to stop them. Earlier this year, a peak attack exceeding 7 Tbps was recorded, while 1–2 Tbps attacks have become everyday occurrences. Such volumes were unimaginable just a few years ago.Yet many businesses still depend on mitigation systems that were not designed to scale alongside this rapid attack growth. While these systems may have smart detection, that advantage is moot if physical infrastructure cannot handle the load. Today, raw capacity is non-negotiable — intelligent filtering alone isn’t enough; you need vast, globally distributed throughput.Lukasz Karwacki, Gcore’s Security Solution Architect specializing in DDoS, explains why modern DDoS protection requires immense capacity, global distribution, and resilient routing. Scroll down to watch him describe why a globally distributed defense model is now the minimum standard for mitigating devastating DDoS attacks.DDoS is a capacity war, not just a traffic spikeThe central challenge in DDoS mitigation today is the total attack volume versus total available throughput.Attacks do not originate from a single location. Global botnets harness compromised devices across Asia, Africa, Europe, and the Americas. When all this traffic converges on a single data center, it creates a structural mismatch: a single site’s limited capacity pitted against the full bandwidth of the internet.Anycast is non-negotiable for global capacityTo counter today’s attack volumes, mitigation capacity must be distributed globally, and that’s where Anycast routing plays a critical role.Anycast routes incoming traffic to the nearest available scrubbing center. If one region is overwhelmed or offline, traffic is automatically redirected elsewhere. This eliminates single points of failure and enables the absorption of massive attacks without compromising service availability.By contrast, static mitigation pipelines create bottlenecks: all traffic funnels through a single point, making it easy for attackers to overwhelm that location. Centralized mitigation means centralized failure. The more distributed your infrastructure, the harder it is to take down — that’s resilient network design.Why always-on cloud defense outperforms on-demand protectionSome DDoS defenses activate only when an attack is detected. These on-demand models may save costs but introduce a brief delay while traffic is rerouted and protections come online.Even a few seconds of delay can allow a high-speed attack to inflict damage.Gcore’s cloud-native DDoS protection is always-on, continuously monitoring, filtering, and balancing traffic across all scrubbing centers. This means no activation lag and no dependency on manual triggers.Capacity is the new baseline for protectionModern DDoS attacks focus less on sophistication and more on sheer scale. Attackers simply overwhelm infrastructure by flooding it with more traffic than it can handle.True DDoS protection begins with capacity planning — not just signatures or rulesets. You need sufficient bandwidth, processing power, and geographic distribution to absorb attacks before they reach your core systems.At Gcore, we’ve built a globally distributed DDoS mitigation network with over 200 Tbps capacity, 40+ protected data centers, and thousands of peering partners. Using Anycast routing and always-on defense, our infrastructure withstands attacks that other systems simply can’t.Many customers turn to Gcore for DDoS protection after other providers fail to keep up with attack capacity.Find out why Fawkes Games turned to Gcore for DDoS protection

Protecting networks at scale with AI security strategies

Network cyberattacks are no longer isolated incidents. They are a constant, relentless assault on network infrastructure, probing for vulnerabilities in routing, session handling, and authentication flows. With AI at their disposal, threat actors can move faster than ever, shifting tactics mid-attack to bypass static defenses.Legacy systems, designed for simpler threats, cannot keep pace. Modern network security demands a new approach, combining real-time visibility, automated response, AI-driven adaptation, and decentralized protection to secure critical infrastructure without sacrificing speed or availability.At Gcore, we believe security must move as fast as your network does. So, in this article, we explore how L3/L4 network security is evolving to meet new network security challenges and how AI strengthens defenses against today’s most advanced threats.Smarter threat detection across complex network layersModern threats blend into legitimate traffic, using encrypted command-and-control, slow drip API abuse, and DNS tunneling to evade detection. Attackers increasingly embed credential stuffing into regular login activity. Without deep flow analysis, these attempts bypass simple rate limits and avoid triggering alerts until major breaches occur.Effective network defense today means inspection at Layer 3 and Layer 4, looking at:Traffic flow metadata (NetFlow, sFlow)SSL/TLS handshake anomaliesDNS request irregularitiesUnexpected session persistence behaviorsGcore Edge Security applies real-time traffic inspection across multiple layers, correlating flows and behaviors across routers, load balancers, proxies, and cloud edges. Even slight anomalies in NetFlow exports or unexpected east-west traffic inside a VPC can trigger early threat alerts.By combining packet metadata analysis, flow telemetry, and historical modeling, Gcore helps organizations detect stealth attacks long before traditional security controls react.Automated response to contain threats at network speedDetection is only half the battle. Once an anomaly is identified, defenders must act within seconds to prevent damage.Real-world example: DNS amplification attackIf a volumetric DNS amplification attack begins saturating a branch office's upstream link, automated systems can:Apply ACL-based rate limits at the nearest edge routerFilter malicious traffic upstream before WAN degradationAlert teams for manual inspection if thresholds escalateSimilarly, if lateral movement is detected inside a cloud deployment, dynamic firewall policies can isolate affected subnets before attackers pivot deeper.Gcore’s network automation frameworks integrate real-time AI decision-making with response workflows, enabling selective throttling, forced reauthentication, or local isolation—without disrupting legitimate users. Automation means threats are contained quickly, minimizing impact without crippling operations.Hardening DDoS mitigation against evolving attack patternsDDoS attacks have moved beyond basic volumetric floods. Today, attackers combine multiple tactics in coordinated strikes. Common attack vectors in modern DDoS include the following:UDP floods targeting bandwidth exhaustionSSL handshake floods overwhelming load balancersHTTP floods simulating legitimate browser sessionsAdaptive multi-vector shifts changing methods mid-attackReal-world case study: ISP under hybrid DDoS attackIn recent years, ISPs and large enterprises have faced hybrid DDoS attacks blending hundreds of gigabits per second of L3/4 UDP flood traffic with targeted SSL handshake floods. Attackers shift vectors dynamically to bypass static defenses and overwhelm infrastructure at multiple layers simultaneously. Static defenses fail in such cases because attackers change vectors every few minutes.Building resilient networks through self-healing capabilitiesEven the best defenses can be breached. When that happens, resilient networks must recover automatically to maintain uptime.If BGP route flapping is detected on a peering session, self-healing networks can:Suppress unstable prefixesReroute traffic through backup transit providersPrevent packet loss and service degradation without manual interventionSimilarly, if a VPN concentrator faces resource exhaustion from targeted attack traffic, automated scaling can:Spin up additional concentratorsRedistribute tunnel sessions dynamicallyMaintain stable access for remote usersGcore’s infrastructure supports self-healing capabilities by combining telemetry analysis, automated failover, and rapid resource scaling across core and edge networks. This resilience prevents localized incidents from escalating into major outages.Securing the edge against decentralized threatsThe network perimeter is now everywhere. Branches, mobile endpoints, IoT devices, and multi-cloud services all represent potential entry points for attackers.Real-world example: IoT malware infection at the branchMalware-infected IoT devices at a branch office can initiate outbound C2 traffic during low-traffic periods. Without local inspection, this activity can go undetected until aggregated telemetry reaches the central SOC, often too late.Modern edge security platforms deploy the following:Real-time traffic inspection at branch and edge routersBehavioral anomaly detection at local points of presenceAutomated enforcement policies blocking malicious flows immediatelyGcore’s edge nodes analyze flows and detect anomalies in near real time, enabling local containment before threats can propagate deeper into cloud or core systems. Decentralized defense shortens attacker dwell time, minimizes potential damage, and offloads pressure from centralized systems.How Gcore is preparing networks for the next generation of threatsThe threat landscape will only grow more complex. Attackers are investing in automation, AI, and adaptive tactics to stay one step ahead. Defending modern networks demands:Full-stack visibility from core to edgeAdaptive defense that adjusts faster than attackersAutomated recovery from disruption or compromiseDecentralized detection and containment at every entry pointGcore Edge Security delivers these capabilities, combining AI-enhanced traffic analysis, real-time mitigation, resilient failover systems, and edge-to-core defense. In a world where minutes of network downtime can cost millions, you can’t afford static defenses. We enable networks to protect critical infrastructure without sacrificing performance, agility, or resilience.Move faster than attackers. Build AI-powered resilience into your network with Gcore.Check out our docs to see how DDoS Protection protects your network

Introducing Gcore for Startups: created for builders, by builders

Building a startup is tough. Every decision about your infrastructure can make or break your speed to market and burn rate. Your time, team, and budget are stretched thin. That’s why you need a partner that helps you scale without compromise.At Gcore, we get it. We’ve been there ourselves, and we’ve helped thousands of engineering teams scale global applications under pressure.That’s why we created the Gcore Startups Program: to give early-stage founders the infrastructure, support, and pricing they actually need to launch and grow.At Gcore, we launched the Startups Program because we’ve been in their shoes. We know what it means to build under pressure, with limited resources, and big ambitions. We wanted to offer early-stage founders more than just short-term credits and fine print; our goal is to give them robust, long-term infrastructure they can rely on.Dmitry Maslennikov, Head of Gcore for StartupsWhat you get when you joinThe program is open to startups across industries, whether you’re building in fintech, AI, gaming, media, or something entirely new.Here’s what founders receive:Startup-friendly pricing on Gcore’s cloud and edge servicesCloud credits to help you get started without riskWhite-labeled dashboards to track usage across your team or customersPersonalized onboarding and migration supportGo-to-market resources to accelerate your launchYou also get direct access to all Gcore products, including Everywhere Inference, GPU Cloud, Managed Kubernetes, Object Storage, CDN, and security services. They’re available globally via our single, intuitive Gcore Customer Portal, and ready for your production workloads.When startups join the program, they get access to powerful cloud and edge infrastructure at startup-friendly pricing, personal migration support, white-labeled dashboards for tracking usage, and go-to-market resources. Everything we provide is tailored to the specific startup’s unique needs and designed to help them scale faster and smarter.Dmitry MaslennikovWhy startups are choosing GcoreWe understand that performance and flexibility are key for startups. From high-throughput AI inference to real-time media delivery, our infrastructure was designed to support demanding, distributed applications at scale.But what sets us apart is how we work with founders. We don’t force startups into rigid plans or abstract SLAs. We build with you 24/7, because we know your hustle isn’t a 9–5.One recent success story: an AI startup that migrated from a major hyperscaler told us they cut their inference costs by over 40%…and got actual human support for the first time. What truly sets us apart is our flexibility: we’re not a faceless hyperscaler. We tailor offers, support, and infrastructure to each startup’s stage and needs.Dmitry MaslennikovWe’re excited to support startups working on AI, machine learning, video, gaming, and real-time apps. Gcore for Startups is delivering serious value to founders in industries where performance, cost efficiency, and responsiveness make or break product experience.Ready to scale smarter?Apply today and get hands-on support from engineers who’ve been in your shoes. If you’re an early-stage startup with a working product and funding (pre-seed to Series A), we’ll review your application quickly and tailor infrastructure that matches your stage, stack, and goals.To get started, head on over to our Gcore for Startups page and book a demo.Discover Gcore for Startups

Outpacing cloud‑native threats: How to secure distributed workloads at scale

The cloud never stops. Neither do the threats.Every shift toward containers, microservices, and hybrid clouds creates new opportunities for innovation…and for attackers. Legacy security, built for static systems, crumbles under the speed, scale, and complexity of modern cloud-native environments.To survive, organizations need a new approach: one that’s dynamic, AI-driven, automated, and rooted in zero trust.In this article, we break down the hidden risks of cloud-native architectures and show how intelligent, automated security can outpace threats, protect distributed workloads, and power secure growth at scale.The challenges of cloud-native environmentsCloud-native architectures are designed for maximum flexibility and speed. Applications run in containers that can scale in seconds. Microservices split large applications into smaller, independent parts. Hybrid and multi-cloud deployments stretch workloads across public clouds, private clouds, and on-premises infrastructure.But this agility comes at a cost. It expands the attack surface dramatically, and traditional perimeter-based security can’t keep up.Containers share host resources, which means if one container is breached, attackers may gain access to others on the same system. Microservices rely heavily on APIs to communicate, and every exposed API is a potential attack vector. Hybrid cloud environments create inconsistent security controls across platforms, making gaps easier for attackers to exploit.Legacy security tools, built for unchanging, centralized environments, lack the real-time visibility, scalability, and automated response needed to secure today’s dynamic systems. Organizations must rethink cloud security from the ground up, prioritizing speed, automation, and continuous monitoring.Solution #1: AI-powered threat detection forsmarter defensesModern threats evolve faster than any manual security process can track. Rule-based defenses simply can’t adapt fast enough.The solution? AI-driven threat detection.Instead of relying on static rules, AI models monitor massive volumes of data in real time, spotting subtle anomalies that signal an attack before real damage is done. For example, an AI-based platform can detect an unauthorized process in a container trying to access confidential data, flag it as suspicious, and isolate the threat within milliseconds before attackers can move laterally or exfiltrate information.This proactive approach learns, adapts, and neutralizes new attack vectors before they become widespread. By continuously monitoring system behavior and automatically responding to abnormal activity, AI closes the gap between detection and action, critical in cloud-native, regulated environments where even milliseconds matter.Solution #2: Zero trust as the new security baseline“Trust but verify” no longer cuts it. In a cloud-native world, the new rule is “trust nothing, verify everything”.Zero-trust security assumes that threats exist both inside and outside the network perimeter. Every request—whether from a user, device, or application—must be authenticated, authorized, and validated.In distributed architectures, zero trust isolates workloads, meaning even if attackers breach one component, they can’t easily pivot across systems. Strict identity and access management controls limit the blast radius, minimizing potential damage.Combined with AI-driven monitoring, zero trust provides deep, continuous verification, blocking insider threats, compromised credentials, and advanced persistent threats before they escalate.Solution #3: Automated security policies for scalingprotectionManual security management is impossible in dynamic environments where thousands of containers and microservices are spun up and down in real time.Automation is the way forward. AI-powered security policies can continuously analyze system behavior, detect deviations, and adjust defenses automatically, without human intervention.This eliminates the lag between detection and response, shrinks the attack window, and drastically reduces the risk of human error. It also ensures consistent security enforcement across all environments: public cloud, private cloud, and on-premises.For example, if a system detects an unusual spike in API calls, an automated security policy can immediately apply rate limiting or restrict access, shutting down the threat without impacting overall performance.Automation doesn’t just respond faster. It maintains resilience and operational continuity even in the face of complex, distributed threats.Unifying security across cloud environmentsSecuring distributed workloads isn’t just about having smarter tools, it’s about making them work together. Different cloud platforms, technologies, and management protocols create fragmentation, opening cracks that attackers can exploit. Security gaps between systems are as dangerous as the threats themselves.Modern cloud-native security demands a unified approach. Organizations need centralized platforms that pull real-time data from every endpoint, regardless of platform or location, and present it through a single management dashboard. This gives IT and security teams full, end-to-end visibility over threats, system health, and compliance posture. It also allows security policies to be deployed, updated, and enforced consistently across every environment, without relying on multiple, siloed tools.Unification strengthens security, simplifies operations, and dramatically reduces overhead, critical for scaling securely at cloud-native speeds. That’s why at Gcore, our integrated suite of products includes security for cloud, network, and AI workloads, all managed in a single, intuitive interface.Why choose Gcore for cloud-native security?Securing cloud-native workloads requires more than legacy firewalls and patchwork solutions. It demands dynamic, intelligent protection that moves as fast as your business does.Gcore Edge Security delivers robust, AI-driven web application and API protection built for the cloud-native era. By combining real-time AI threat detection, zero-trust enforcement, automated responses, and compliance-first design, Gcore security solutions protect distributed applications without slowing down development cycles.Discover why WAAP is essential for cloud security in 2025

Subscribe to our newsletter

Get the latest industry trends, exclusive insights, and Gcore updates delivered straight to your inbox.

Subscribe