Gcore named a Leader in the GigaOm Radar for AI Infrastructure!Get the report
Under attack? Log in
Sign up for free

Products

Solutions

Pricing

Resources

Partners

Why Gcore

Under attack?
Log in
Contact us
Contact us Sign up for free

Developers

Discover the latest industry trends, get ahead with cutting‑edge insights, and be in the know about the newest Gcore innovations.

BlogDevelopers

What is cloud security? Definition, challenges, and best practices

Cloud security is the discipline of protecting cloud-based infrastructure, applications, and data from internal and external threats, ensuring confidentiality, integrity, and availability of cloud resources. This protection model has become important as organizations increasingly move their operations to cloud environments.Cloud security operates under a shared responsibility model where providers secure the infrastructure while customers secure their deployed applications, data, and access policies. This responsibility distribution varies by service model, with Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) each requiring different levels of customer involvement.The model creates clear boundaries between provider and customer security obligations.Cloud security protects resources and data individually rather than relying on a traditional perimeter defense approach. This protection method uses granular controls like cloud security posture management (CSPM), network segmentation, and encryption to secure specific assets. The approach addresses the distributed nature of cloud computing, where resources exist across multiple locations and services.Organizations face several cloud security challenges, including misconfigurations, account hijacking, data breaches, and insider threats.Cloud security matters because the average cost of a cloud data breach has reached $5 million according to IBM, making effective security controls essential for protecting both financial assets and organizational reputation.What is cloud security?Cloud security is the practice of protecting cloud-based infrastructure, applications, and data from cyber threats through specialized technologies, policies, and controls designed for cloud environments. This protection operates under a shared responsibility model where cloud providers secure the underlying infrastructure while customers protect their applications, data, and access configurations.Cloud security includes identity and access management (IAM), data encryption, continuous monitoring, workload protection, and automated threat detection to address the unique challenges of distributed cloud resources. The approach differs from traditional security by focusing on individual resource protection rather than perimeter defense, as cloud environments require granular controls and real-time visibility across flexible infrastructure.How does cloud security work?Cloud security works by using a multi-layered defense system that protects data, applications, and infrastructure hosted in cloud environments through shared responsibility models, identity controls, and continuous monitoring. Unlike traditional perimeter-based security, cloud security operates on a distributed model where protection is applied at multiple levels across the cloud stack.The foundation of cloud security rests on the shared responsibility model, where cloud providers secure the underlying infrastructure while customers protect their applications, data, and access policies. This division varies by service type - in Infrastructure as a Service (IaaS), customers handle more security responsibilities, including operating systems and network controls. In contrast, Software as a Service (SaaS) shifts most security duties to the provider.Identity and Access Management (IAM) serves as the primary gatekeeper, controlling who can access cloud resources and what actions they can perform.IAM systems use role-based access control (RBAC) and multi-factor authentication (MFA) to verify user identities and enforce least-privilege principles. These controls prevent unauthorized access even if credentials are compromised.Data protection operates through encryption both at rest and in transit, ensuring information remains unreadable to unauthorized parties. Cloud security platforms also employ workload protection agents that monitor running applications for suspicious behavior. At the same time, Security Information and Event Management (SIEM) systems collect and analyze logs from across the cloud environment to detect potential threats.Continuous monitoring addresses the flexible nature of cloud environments, where resources are constantly created, modified, and destroyed.Cloud Security Posture Management (CSPM) tools automatically scan configurations against security best practices, identifying misconfigurations that could expose data.What are the main cloud security challenges?Cloud security challenges refer to the obstacles and risks that organizations face when protecting their cloud-based infrastructure, applications, and data from threats. The main cloud security challenges are listed below.Misconfigurations: According to Zscaler research, improper cloud settings create the most common security vulnerabilities, with 98.6% of organizations having misconfigurations that cause critical risks to data and infrastructure. These include exposed storage buckets, overly permissive access controls, and incorrect network settings.Shared responsibility confusion: Organizations struggle to understand which security tasks belong to the cloud provider versus what their own responsibilities are. This confusion leads to security gaps where critical protections are assumed to be handled by the other party.Identity and access management complexity: Managing user permissions across multiple cloud services and environments becomes difficult as organizations scale. Weak authentication, excessive privileges, and poor access controls create entry points for attackers.Data protection across environments: Securing sensitive data as it moves between on-premises systems, multiple cloud platforms, and edge locations requires consistent encryption and monitoring. Organizations often lack visibility into where their data resides and how it's protected.Compliance and regulatory requirements: Meeting industry standards like GDPR, HIPAA, or SOC 2 becomes more complex in cloud environments where data location and processing methods may change flexibly. Organizations must maintain compliance across multiple jurisdictions and service models.Limited visibility and monitoring: Traditional security tools often can't provide complete visibility into cloud workloads, containers, and serverless functions. This blind spot makes it difficult to detect threats, track user activities, and respond to incidents quickly.Insider threats and privileged access: Cloud environments often grant broad administrative privileges that can be misused by malicious insiders or compromised accounts. The distributed nature of cloud access makes it harder to monitor and control privileged user activities.What are the essential cloud security technologies and tools?Essential cloud security technologies and tools refer to the specialized software, platforms, and systems designed to protect cloud-based infrastructure, applications, and data from cyber threats and operational risks. The essential cloud security technologies and tools are listed below.Identity and access management (IAM): IAM systems control who can access cloud resources and what actions they can perform through role-based permissions and multi-factor authentication. These platforms prevent unauthorized access by requiring users to verify their identity through multiple methods before granting system entry.Cloud security posture management (CSPM): CSPM tools continuously scan cloud environments to identify misconfigurations, compliance violations, and security gaps across multiple cloud platforms. They provide automated remediation suggestions and real-time alerts when security policies are violated or resources are improperly configured.Data encryption services: Encryption technologies protect sensitive information both at rest in storage systems and in transit between cloud services using advanced cryptographic algorithms. These tools mean that even if data is intercepted or accessed without authorization, it remains unreadable without proper decryption keys.Cloud workload protection platforms (CWPP): CWPP solutions monitor and secure applications, containers, and virtual machines running in cloud environments against malware, vulnerabilities, and suspicious activities. They provide real-time threat detection and automated response capabilities specifically designed for flexible cloud workloads.Security information and event management (SIEM): Cloud-based SIEM platforms collect, analyze, and correlate security events from across cloud infrastructure to detect potential threats and compliance violations. These systems use machine learning and behavioral analysis to identify unusual patterns that may indicate security incidents.Cloud access security brokers (CASB): CASB solutions act as intermediaries between users and cloud applications, enforcing security policies and providing visibility into cloud usage across the organization. They monitor data movement, detect risky behaviors, and ensure compliance with regulatory requirements for cloud-based activities.Network security tools: Cloud-native firewalls and network segmentation tools control traffic flow between cloud resources and external networks using intelligent filtering rules. These technologies create secure network boundaries and prevent lateral movement of threats within cloud environments.What are the key benefits of cloud security?The key benefits of cloud security refer to the advantages organizations gain from protecting their cloud-based infrastructure, applications, and data from threats. The key benefits of cloud security are listed below.Cost reduction: Cloud security eliminates the need for expensive on-premises security hardware and reduces staffing requirements. Organizations can access enterprise-grade security tools through subscription models rather than large capital investments.Improved threat detection: Cloud security platforms use machine learning and AI to identify suspicious activities in real-time across distributed environments. These systems can detect anomalies that traditional security tools might miss.Automatic compliance: Cloud security solutions help organizations meet regulatory requirements like GDPR, HIPAA, and SOC 2 through built-in compliance frameworks. Automated reporting and audit trails simplify compliance management and reduce manual oversight.Reduced misconfiguration risks: Cloud security posture management tools automatically scan for misconfigurations and provide remediation guidance.Enhanced data protection: Cloud security provides multiple layers of encryption for data at rest, in transit, and in use. Advanced key management systems ensure that sensitive information remains protected even if other security measures fail.Flexible security coverage: Cloud security solutions automatically scale with business growth without requiring additional infrastructure investments. Organizations can protect new workloads and applications instantly as they use them.Centralized security management: Cloud security platforms provide unified visibility across multiple cloud environments and hybrid infrastructures. Security teams can monitor, manage, and respond to threats from a single dashboard rather than juggling multiple tools.What are the challenges of cloud security?Cloud security challenges refer to the obstacles and risks organizations face when protecting their cloud-based infrastructure, applications, and data from threats. These challenges are listed below.Misconfigurations: Cloud environments are complex, and improper settings create security gaps that attackers can exploit. These errors include exposed storage buckets, overly permissive access controls, and incorrect network settings.Shared responsibility confusion: Organizations often misunderstand which security tasks belong to them versus their cloud provider. This confusion leads to gaps where critical security measures aren't implemented by either party. The division of responsibilities varies between IaaS, PaaS, and SaaS models, adding to the complexity.Identity and access management complexity: As organizations scale, managing user permissions across multiple cloud services and environments becomes difficult. Weak authentication methods and excessive privileges create entry points for unauthorized access. Multi-factor authentication and role-based access controls require careful planning and ongoing maintenance.Data protection across environments: Ensuring data remains encrypted and secure as it moves between on-premises systems and cloud platforms presents ongoing challenges. Organizations must track data location, apply appropriate encryption, and maintain compliance across different jurisdictions. Data residency requirements add another layer of complexity.Visibility and monitoring gaps: Traditional security tools often can't provide complete visibility into cloud environments and workloads. The flexible nature of cloud resources makes it hard to track all assets and their security status. Real-time monitoring becomes critical but technically challenging to use effectively.Compliance and regulatory requirements: Meeting industry standards and regulations in cloud environments requires continuous effort and specialized knowledge. Different regions have varying data protection laws that affect cloud deployments. Organizations must prove compliance while maintaining operational effectiveness.Insider threats and privileged access: Cloud environments often grant broad access to administrators and developers, creating risks from malicious or careless insiders. Monitoring privileged user activities without impacting productivity requires advanced tools and processes. The remote nature of cloud access makes traditional oversight methods less effective.How to implement cloud security best practices?You use cloud security best practices by establishing a complete security framework that covers identity management, data protection, monitoring, and compliance across your cloud environment.First, configure identity and access management (IAM) with role-based access control (RBAC) and multi-factor authentication (MFA). Create specific roles for different job functions and require MFA for all administrative accounts to prevent unauthorized access.Next, encrypt all data both at rest and in transit using industry-standard encryption protocols like AES256.Enable encryption for databases, storage buckets, and communication channels between services to protect sensitive information from interception.Then, use continuous security monitoring with automated threat detection tools. Set up real-time alerts for suspicious activities, failed login attempts, and unusual data access patterns to identify potential security incidents quickly.After that, establish cloud security posture management (CSPM) to scan for misconfigurations automatically. Configure automated remediation for common issues like open security groups, unencrypted storage, and overly permissive access policies.Create network segmentation using virtual private clouds (VPCs) and security groups to isolate different workloads. Limit communication between services to only what's necessary and use zero-trust network principles.Set up regular security audits and compliance monitoring to meet industry standards like SOC 2, HIPAA, or GDPR. Document all security controls and maintain audit trails for regulatory requirements.Finally, develop an incident response plan specifically for cloud environments. Include procedures for isolating compromised resources, preserving forensic evidence, and coordinating with your cloud provider's security team.Start with IAM and encryption as your foundation, then build additional security layers progressively to avoid overwhelming your team while maintaining strong protection.Gcore cloud securityWhen using cloud security measures, the underlying infrastructure becomes just as important as the security tools themselves. Gcore’s cloud security solutions address this need with a global network of 180+ points of presence and 30ms latency, ensuring your security monitoring and threat detection systems perform consistently across all regions. Our edge cloud infrastructure supports real-time security analytics and automated threat response without the performance bottlenecks that can leave your systems vulnerable during critical moments.What sets our approach apart is the combination of security directly into the infrastructure layer, eliminating the complexity of managing separate security vendors while providing enterprise-grade DDoS protection and encrypted data transmission as standard features. This unified approach typically reduces security management overhead by 40-60% compared to multi-vendor solutions, while maintaining the continuous monitoring capabilities.Explore how Gcore's integrated cloud security infrastructure can strengthen your defense plan at gcore.com/cloud.Frequently asked questionsWhat's the difference between cloud security and traditional approaches?Cloud security differs from traditional approaches by protecting distributed resources through shared responsibility models and cloud-native tools, while traditional security relies on perimeter-based defenses around centralized infrastructure. Traditional security assumes a clear network boundary with firewalls and intrusion detection systems protecting internal resources. In contrast, cloud security secures individual workloads, data, and identities across multiple environments without relying on network perimeters.What is cloud security posture management?Cloud security posture management (CSPM) is a set of tools and processes that continuously monitor cloud environments to identify misconfigurations, compliance violations, and security risks across cloud infrastructure. CSPM platforms automatically scan cloud resources, assess security policies, and provide remediation guidance to maintain proper security configurations.How does Zero Trust apply to cloud security?Zero Trust applies to cloud security by treating every user, device, and connection as untrusted and requiring verification before granting access to cloud resources. This approach replaces traditional perimeter-based security with continuous authentication, micro-segmentation, and least-privilege access controls across cloud environments.What compliance standards apply?Cloud security must comply with industry-specific regulations like SOC 2, ISO 27001, GDPR, HIPAA, PCI DSS, and FedRAMP, depending on your business sector and geographic location. Organizations typically need to meet multiple standards simultaneously, with financial services requiring PCI DSS compliance, healthcare needing HIPAA certification, and EU operations mandating GDPR adherence.What happens during a cloud security breach?During a cloud security breach, attackers gain unauthorized access to cloud resources, potentially exposing sensitive data, disrupting services, and causing financial damage averaging $5 million per incident, according to IBM. The breach typically involves exploiting misconfigurations, compromised credentials, or vulnerabilities to access cloud infrastructure, applications, or data stores.

September 15, 2025 8 min read
How-tos

Query your cloud with natural language: A developer’s guide to Gcore MCP

What if you could ask your infrastructure questions and get real answers?With Gcore’s open-source implementation of the Model Context Protocol (MCP), now you can. MCP turns generative AI into an agent that understands your infrastructure, responds to your queries, and takes action when you need it to.In this post, we’ll demo how to use MCP to explore and inspect your Gcore environment just by prompting, to list resources, check audit logs, and generate cost reports. We’ll also walk through a fun bonus use case: provisioning infrastructure and exporting it to Terraform.What is MCP and why do devs love it?Originally developed by Anthropic, the Model Context Protocol (MCP) is an open standard that turns language models into agents that interact with structured tools: APIs, CLIs, or internal systems. Gcore’s implementation makes this protocol real for our customers.With MCP, you can:Ask questions about your infrastructureList, inspect, or filter cloud resourcesView cost data, audit logs, or deployment metadataExport configs to TerraformChain multi-step operations via natural languageGcore MCP removes friction from interacting with your infrastructure. Instead of wiring together scripts or context-switching across dashboards and CLIs, you can just…ask.That means:Faster debugging and auditsMore accessible infra visibilityFewer repetitive setup tasksBetter team collaborationBecause it’s open source, backed by the Gcore Python SDK, you can plug it into other APIs, extend tool definitions, or even create internal agents tailored to your stack. Explore the GitHub repo for yourself.What can you do with it?This isn’t just a cute chatbot. Gcore MCP connects your cloud to real-time insights. Here are some practical prompts you can use right away.Infrastructure inspection“List all VMs running in the Frankfurt region”“Which projects have over 80% GPU utilization?”“Show all volumes not attached to any instance”Audit and cost analysis“Get me the API usage for the last 24 hours”“Which users deployed resources in the last 7 days?”“Give a cost breakdown by region for this month”Security and governance“Show me firewall rules with open ports”“List all active API tokens and their scopes”Experimental automation“Create a secure network in Tokyo, export to Terraform, then delete it”We’ll walk through that last one in the full demo below.Full video demoWatch Gcore’s AI Software Engineer, Algis Dumbris, walk through setting up MCP on your machine and show off some use cases. If you prefer reading, we’ve broken down the process step-by-step below.Step-by-step walkthroughThis section maps to the video and shows exactly how to replicate the workflow locally.1. Install MCP locally (0:00–1:28)We use uv to isolate the environment and pull the project directly from GitHub.curl -Ls https://astral.sh/uv/install.sh | sh uvx add gcore-mcp-server https://github.com/G-Core/gcore-mcp-server Requirements:PythonGcore account + API keyTool config file (from the repo)2. Set up your environment (1:28–2:47)Configure two environment variables:GCORE_API_KEY for authGCORE_TOOLS to define what the agent can access (e.g., regions, instances, costs, etc.)Soon, tool selection will be automatic, but today you can define your toolset in YAML or JSON.3. Run a basic query (3:19–4:11)Prompt:“Find the Gcore region closest to Antalya.”The agent maps this to a regions.list call and returns: IstanbulNo need to dig through docs or write an API request.4. Provision, export, and clean up (4:19–5:32)This one’s powerful if you’re experimenting with CI/CD or infrastructure-as-code.Prompt:“Create a secure network in Tokyo. Export to Terraform. Then clean up.”The agent:Provisions the networkExports it to Terraform formatDestroys the resources afterwardYou get usable .tf output with no manual scripting. Perfect for testing, prototyping, or onboarding.Gcore: always building for developersTry it now:Clone the repoInstall UVX + configure your environmentStart prompting your infrastructureOpen issues, contribute tools, or share your use casesThis is early-stage software, and we’re just getting started. Expect more tools, better UX, and deeper integrations soon.Watch how easy it is to deploy an inference instance with Gcore

September 10, 2025 2 min read

Cloud computing: types, deployment models, benefits, and how it works

Cloud computing is a model for enabling on-demand network access to a shared pool of configurable computing resources, such as networks, servers, storage, applications, and services that can be rapidly provisioned and released with minimal management effort or service provider interaction. According to research by Gartner (2024), the global cloud computing market size is projected to reach $1.25 trillion by 2025, reflecting the rapid growth and widespread adoption of these services.The National Institute of Standards and Technology (NIST) defines five core characteristics that distinguish cloud computing from traditional IT infrastructure. These include on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service.Each characteristic addresses specific business needs while enabling organizations to access computing resources without maintaining physical hardware on-premises.Cloud computing services are organized into three main categories that serve different business requirements and technical needs. Infrastructure as a Service (IaaS) provides basic computing resources, Platform as a Service (PaaS) offers development environments and tools, and Software as a Service (SaaS) delivers complete applications over the internet. Major cloud providers typically guarantee 99.9% or higher uptime in service level agreements to ensure reliable access to these services.Organizations can choose from four primary use models based on their security, compliance, and operational requirements. Public cloud services are offered over the internet to anyone, private clouds are proprietary networks serving limited users, hybrid clouds combine public and private cloud features, and community clouds serve specific groups with shared concerns. Each model provides different levels of control, security, and cost structures.Over 90% of enterprises use some form of cloud services as of 2024, according to Forrester Research (2024), making cloud computing knowledge important for modern business operations. This widespread adoption reflects how cloud computing has become a cornerstone of digital change and competitive advantage across industries.What is cloud computing?Cloud computing is a model that delivers computing resources like servers, storage, databases, and software over the internet on demand, allowing users to access and use these resources without owning or managing the physical infrastructure. Instead of buying and maintaining your own servers, you can rent computing power from cloud providers and scale resources up or down based on your needs.Over 90% of enterprises now use some form of cloud services, with providers typically guaranteeing 99.9% or higher uptime in their service agreements.The three main service models offer different levels of control and management. Infrastructure as a Service (IaaS) provides basic computing resources like virtual machines and storage. Platform as a Service (PaaS) adds development tools and runtime environments, and Software as a Service (SaaS) delivers complete applications that are ready to use. Each model handles different aspects of the technology stack, so you only manage what you need while the provider handles the rest.Cloud use models vary by ownership and access control. Public clouds serve multiple customers over the internet, private clouds operate exclusively for one organization, and hybrid clouds combine both approaches for flexibility. This variety lets organizations choose the right balance of cost, control, and security for their specific needs while maintaining the core benefits of cloud computing's flexible, elastic infrastructure.What are the main types of cloud computing services?The main types of cloud computing services refer to the different service models that provide computing resources over the internet with varying levels of management and control. The main types of cloud computing services are listed below.Infrastructure as a service (IaaS): This model provides basic computing infrastructure, including virtual machines, storage, and networking resources over the internet. Users can install and manage their own operating systems, applications, and development frameworks while the provider handles the physical hardware.Platform as a service (PaaS): This service offers a complete development and use environment in the cloud, including operating systems, programming languages, databases, and web servers. Developers can build, test, and use applications without managing the underlying infrastructure complexity.Software as a service (SaaS): This model delivers fully functional software applications over the internet through a web browser or mobile app. Users access the software on a subscription basis without needing to install, maintain, or update the applications locally.Function as a service (FaaS): Also known as serverless computing, this model allows developers to run individual functions or pieces of code in response to events. The cloud provider automatically manages server provisioning, scaling, and maintenance while charging only for actual compute time used.Database as a service (DBaaS): This service provides managed database solutions in the cloud, handling database administration tasks like backups, updates, and scaling. Organizations can access database functionality without maintaining physical database servers or hiring specialized database administrators.Storage as a service (STaaS): This model offers flexible cloud storage solutions for data backup, archiving, and file sharing needs. Users can store and retrieve data from anywhere with internet access while paying only for the storage space they actually use.What are the different cloud deployment models?Cloud use models refer to the different ways organizations can access and manage cloud computing resources based on ownership, location, and access control. The cloud use models are listed below.Public cloud: Services are delivered over the internet and shared among multiple organizations by third-party providers. Anyone can purchase and use these services on a pay-as-you-go basis, making them cost-effective for businesses without large upfront investments.Private cloud: Computing resources are dedicated to a single organization and can be hosted on-premises or by a third party. This model offers greater control, security, and customization options but requires higher costs and more management overhead.Hybrid cloud: Organizations combine public and private cloud environments, allowing data and applications to move between them as needed. This approach provides flexibility to keep sensitive data in private clouds while using public clouds for less critical workloads.Community cloud: Multiple organizations with similar requirements share cloud infrastructure and costs. Government agencies, healthcare organizations, or financial institutions often use this model to meet specific compliance and security standards.Multi-cloud: Organizations use services from multiple cloud providers to avoid vendor lock-in and improve redundancy. This plan allows businesses to choose the best services from different providers while reducing dependency on any single vendor.How does cloud computing work?Cloud computing works by delivering computing resources like servers, storage, databases, and software over the internet on an on-demand basis. Instead of owning physical hardware, users access these resources through web browsers or applications, while cloud providers manage the underlying infrastructure in data centers worldwide.The system operates through a front-end and back-end architecture. The front end includes your device, web browser, and network connection that you use to access cloud services.The back end consists of servers, storage systems, databases, and applications housed in the provider's data centers. When you request a service, the cloud infrastructure automatically allocates the necessary resources from its shared pool.The technology achieves its flexibility through virtualization, which creates multiple virtual instances from single physical servers. Resource pooling allows providers to serve multiple customers from the same infrastructure, while rapid elasticity automatically scales resources up or down based on demand.This elastic scaling can reduce resource costs by up to 30% compared to fixed infrastructure, according to McKinsey (2024), making cloud computing both flexible and cost-effective for businesses of all sizes.What are the key benefits of cloud computing?The key benefits of cloud computing refer to the advantages organizations and individuals gain from using internet-based computing services instead of traditional on-premises infrastructure. The key benefits of cloud computing are listed below.Cost reduction: Organizations eliminate upfront hardware investments and reduce ongoing maintenance expenses by paying only for resources they actually use. Cloud providers handle infrastructure management, reducing IT staffing costs and operational overhead.Flexibility and elasticity: Computing resources can expand or contract automatically based on demand, ensuring best performance during traffic spikes. This flexibility prevents over-provisioning during quiet periods and under-provisioning during peak usage.Improved accessibility: Users can access applications and data from any device with an internet connection, enabling remote work and global collaboration. This mobility supports modern work patterns and increases productivity across distributed teams.Enhanced reliability: Cloud providers maintain multiple data centers with redundant systems and backup infrastructure to ensure continuous service availability.Automatic updates and maintenance: Software updates, security patches, and system maintenance happen automatically without user intervention. This automation reduces downtime and ensures systems stay current with the latest features and security protections.Disaster recovery: Cloud services include built-in backup and recovery capabilities that protect against data loss from hardware failures or natural disasters. Recovery times are typically faster than traditional backup methods since data exists across multiple locations.Environmental effectiveness: Shared cloud infrastructure uses resources more effectively than individual company data centers, reducing overall energy consumption. Large cloud providers can achieve better energy effectiveness through economies of scale and advanced cooling technologies.What are the drawbacks and challenges of cloud computing?The drawbacks and challenges of cloud computing refer to the potential problems and limitations organizations may face when adopting cloud-based services. They are listed below.Security concerns: Organizations lose direct control over their data when it's stored on third-party servers. Data breaches, unauthorized access, and compliance issues become shared responsibilities between the provider and customer. Sensitive information may be vulnerable to cyber attacks targeting cloud infrastructure.Internet dependency: Cloud services require stable internet connections to function properly. Poor connectivity or outages can completely disrupt business operations and prevent access to critical applications. Remote locations with limited bandwidth face particular challenges accessing cloud resources.Vendor lock-in: Switching between cloud providers can be difficult and expensive due to proprietary technologies and data formats. Organizations may become dependent on specific platforms, limiting their flexibility to negotiate pricing or change services. Migration costs and technical complexity often discourage switching providers.Limited customization: Cloud services offer standardized solutions that may not meet specific business requirements. Organizations can't modify underlying infrastructure or install custom software configurations. This restriction can force businesses to adapt their processes to fit the cloud platform's limitations.Ongoing costs: Monthly subscription fees can accumulate to exceed traditional on-premise infrastructure costs over time. Unexpected usage spikes or data transfer charges can lead to budget overruns. Organizations lose the asset value that comes with owning physical hardware.Performance variability: Shared cloud resources can experience slower performance during peak usage periods. Network latency affects applications requiring real-time processing or frequent data transfers. Organizations can't guarantee consistent performance levels for mission-critical applications.Compliance complexity: Meeting regulatory requirements becomes more challenging when data is stored across multiple locations. Organizations must verify that cloud providers meet industry-specific compliance standards. Audit trails and data governance become shared responsibilities that require careful coordination.Gcore Edge CloudWhen building AI applications that require serious computational power, the infrastructure you choose can make or break your project's success. Whether you're training large language models, running complex inference workloads, or tackling high-performance computing challenges, having access to the latest GPU technology without performance bottlenecks becomes critical.Gcore's AI GPU Cloud Infrastructure addresses these demanding requirements with bare metal NVIDIA H200. H100. A100. L40S, and GB200 GPUs, delivering zero virtualization overhead for maximum performance. The platform's ultra-fast InfiniBand networking and multi-GPU cluster support make it particularly well-suited for distributed training and large-scale AI workloads, starting from just €1.25/hour. Multi-instance GPU (MIG) support also allows you to improve resource allocation and costs for smaller inference tasks.Discover how Gcore's bare metal GPU performance can accelerate your AI training and inference workloads at https://gcore.com/gpu-cloud.Frequently asked questionsPeople often have questions about cloud computing basics, costs, and how it fits their specific needs. These answers cover the key service models, use options, and practical considerations that help clarify what cloud computing can do for your organization.What's the difference between cloud computing and traditional hosting?Cloud computing delivers resources over the internet on demand, while traditional hosting provides fixed server resources at dedicated locations. Cloud offers elastic growth and pay-as-you-go pricing, whereas traditional hosting requires upfront capacity planning and fixed costs regardless of actual usage.What is cloud computing security?Cloud computing security protects data, applications, and infrastructure in cloud environments through shared responsibility models between providers and users. Cloud providers secure the underlying infrastructure while users protect their data, applications, and access controls.What is virtualization in cloud computing?Virtualization in cloud computing creates multiple virtual machines (VMs) on a single physical server using hypervisor software that separates computing resources. This technology allows cloud providers to increase hardware effectiveness and offer flexible, isolated environments to multiple users simultaneously.Is cloud computing secure for business data?Yes, cloud computing is secure for business data when proper security measures are in place, with major providers offering encryption, access controls, and compliance certifications that often exceed what most businesses can achieve on-premises. Cloud service providers typically guarantee 99.9% or higher uptime in service level agreements while maintaining enterprise-grade security standards.How much does cloud computing cost compared to on-premises infrastructure?Cloud computing typically costs 20-40% less than on-premises infrastructure due to shared resources, reduced hardware purchases, and lower maintenance expenses, according to IDC (2024). However, costs vary primarily based on usage patterns, with predictable workloads sometimes being cheaper on-premises while variable workloads benefit more from cloud's pay-as-you-go model.How do I choose between IaaS, PaaS, and SaaS?Choose based on your control needs. IaaS gives you full infrastructure control, PaaS handles infrastructure so you focus on development, and SaaS provides ready-to-use applications with no technical management required.

September 9, 2025 8 min read
How-tos

How to protect login pages with Gcore WAAP

Exposed login pages are a common vulnerability across web applications. Attackers often use automated tools to guess credentials in brute-force or credential-stuffing attacks, probe for login behavior to exploit session or authentication logic, or overload your infrastructure with fake requests.Without specific rules for login-related traffic, your application might miss these threats or apply overly broad protections that disrupt real users. Fortunately, Gcore WAAP makes it easy to defend these sensitive endpoints without touching your application code.In this guide, we’ll show you how to use WAAP’s custom rule engine to identify login traffic and apply protections like CAPTCHA to reduce risk, block automated abuse, and maintain a smooth experience for legitimate users. We’ve also included a complete video walkthrough from Gcore’s Security Presales Engineer, Michal Zalewski.Video walkthroughHere’s Gcore’s Michal Zalewski giving a full walkthrough of the steps in this article.Step 1: Access your WAAP configurationGo to portal.gcore.com and log in.Navigate to WAAP in the sidebar. If you’re not yet a WAAP user, it costs just $26/month.Select the resource that hosts your login form; for example, gcore.zalewski.cloud.Step 2: Create a custom ruleIn the main panel of your selected resource, go to WAAP Rules.Click Add Custom Rule in the upper-right corner.Step 3: Define the login page URLIdentify the login endpoint you want to protect:Use tools like Burp Suite or the "Inspect" feature in your browser to verify the login page URL.In Burp Suite, use the Proxy tab, or in the browser, check the Network tab to inspect a login request.Look for the path (e.g., /login.php) and HTTP method (POST).In the custom rule setup:Enter the URL (e.g., /login.php).Tag the request using a predefined tag. Select Login Page.Step 4: Name and save the ruleProvide a name for the rule, such as “Login Page URL”, and save it.Step 5: Add a CAPTCHA challenge ruleTo protect the login page from automated abuse:Create a new custom rule.Name it something like “Login Page Challenge”.Under Conditions, select the previously created Login Page tag.Set the Action to CAPTCHA.Save the rule.Step 6: Test the protectionReturn to your browser and turn off any proxy tools.Refresh the login page.You should now be challenged with a CAPTCHA each time the login page loads.Once the CAPTCHA is completed successfully, users can log in as usual.Monitor, adapt, and alertAfter deployment:Track rate limit trigger frequencyMonitor WAAP logs for anomaly detectionRotate exemptions or thresholds based on live behaviorFor analytics, refer to the WAAP analytics documentation.Bonus tips for hardened protectionCombine with bot protection: Enable WAAP’s bot mitigation to identify headless browsers and automation tools like Puppeteer or Selenium. See our bot protection docs for setup instructions.Customize 429 responses: Replace default error pages with branded messages or a fallback action. Consider including a support link or CAPTCHA challenge. Check out our response pages documentation for more details.Use geo or ASN exceptions: Whitelist trusted locations or block known bot-heavy ASNs if your audience is localized.Automate it: optional API and Terraform supportTeams with IaC pipelines or security automation workflows might want to automate login page protection with rate limiting. This keeps your WAAP config version-controlled and repeatable.You can use the WAAP API or Terraform to:Create or update rulesRotate session keys or thresholdsExport logs for auditingExplore the WAAP API documentation and WAAP Terraform provider documentation for more details.Stop abuse before it starts with GcoreLogin pages are high-value targets, but they don’t have to be high risk. With Gcore WAAP, setting up robust defenses takes just a few minutes. By tagging login traffic and applying challenge rules like CAPTCHA, you can reduce automated attack risk without sacrificing user experience.As your application grows, revisit your WAAP rules regularly to adapt to new threats, add behavior-based detection, and fine-tune your protective layers. For more advanced configurations, check out our documentation or reach out to Gcore support.Get WAAP today for just $26/month

September 4, 2025 3 min read
How-tos

3 use cases for geo-aware routing with Gcore DNS

If your audience is global but you’re serving everyone the same content from the same place, you're likely sacrificing performance and resilience. Gcore DNS (which includes a free-forever plan and enterprise-grade option) offers a straightforward way to change that with geo-aware routing, a feature that lets you return different DNS responses based on where users are coming from.This article breaks down how Gcore's geo-routing works, how to set it up using the GeoDNS preset in dynamic response mode, where it shines, and when you might be better off with a different option. We’ll walk through three hands-on use cases with real config examples, highlight TTL trade-offs, and call out what developers need to know about edge cases like resolver mismatch and caching delays.What is geo-aware DNS routing?Gcore DNS lets you return different IP addresses based on the user’s geographic location. This is configured using dynamic response rules with the GeoDNS preset, which lets you match on continent, country, region, ASN, or IP/CIDR. When a user makes a DNS request, Gcore uses the resolver’s location to decide which record to return.You can control traffic to achieve outcomes like:Directing European users to an EU-based CDN endpointSending users in regions with known service degradation to a fallback instanceBehind the scenes, this is done by setting up metadata pickers and specifying fallback behavior.For step-by-step guidance, see the official docs: Configure geo-balancing with Dynamic response.How to configure GeoDNS in Gcore DNSTo use geo-aware routing in Gcore DNS, you'll configure a dynamic response record set with the GeoDNS preset. This lets you return different IPs based on region, country, ASN, or IP/CIDR metadata.Basic stepsGo to DNS → Zones in the Gcore Customer Portal. (If you don’t have an account, you can sign up free and use Gcore DNS in just a few clicks.)Create or edit a record set (e.g., for app.example.com).Switch to Advanced mode.Enable Dynamic response.Choose the GeoDNS preset.Add responses per region or country.Define a fallback record for unmatched queries.For detailed step-by-step instructions, check out our docs.Once you’ve set this up, your config should look like the examples shown in the use cases below.Common use casesEach use case below includes a real-world scenario and a breakdown of how to configure it in Gcore DNS. These examples assume you're working in the DNS advanced mode zone editor with dynamic response enabled and the GeoDNS preset selected.The term “DNS setup” refers to the configuration you’d enter for a specific hostname in the Gcore DNS UI under advanced mode.1. Content localizationScenario: You're running example.com and want to serve language-optimized infrastructure for European and Asian users. This use case is often used to reduce TTFB, apply region-specific UX, or comply with local UX norms. If you're also localizing content (e.g., currency, language), make sure your app handles that via subdomains or headers in addition to routing.Objective:EU users → eu.example.comAsia users → asia.example.comAll others → global.example.comDNS setup:Host: www.example.comType: A TTL: 120 Dynamic response: Enabled Preset: GeoDNS Europe → 185.22.33.44 # EU-based web server Asia → 103.55.66.77 # Asia-based web server Fallback → 198.18.0.1 # Global web server2. Regional CDN failoverScenario: You’re using two CDN clusters: one in North America, one in Europe. If one cluster is unavailable, you want traffic rerouted regionally without impacting users elsewhere. To make this work reliably, you must enable DNS Healthchecks for each origin so that Gcore DNS can automatically detect outages and filter out unhealthy IPs from responses.Objective:North America → na.cdn.example.comEurope → eu.cdn.example.comEach region has its own fallbackDNS setup:Host: cdn.example.comType: A TTL: 60 Dynamic response: Enabled Preset: GeoDNS North America → 203.0.113.10 # NA CDN IP Backup (NA region only) → 185.22.33.44 # EU CDN as backup for NA Health check → Enabled for 203.0.113.10 with HTTP/TCP probe settingsEurope → 185.22.33.44 # EU CDN IP Backup (EU region only) → 203.0.113.10 # NA CDN as backup for EU Health check → Enabled for 185.22.33.44Note: Multi-level fallback by region isn’t supported inside one rule set—you need to separate them to keep routing decisions clean.3. Traffic steering for complianceScenario: You need to keep EU user data inside the EU for GDPR compliance while routing the rest of the world to lower-cost infrastructure elsewhere. This approach is useful for fintech, healthcare, or regulated SaaS workloads where regulatory compliance is a challenge.Objective:EU users → EU-only backendAll other users → Global backendDNS setup:Host: transactions.example.com Type: A TTL: 300 Dynamic response: Enabled Preset: GeoDNS Europe → 185.10.10.10 # EU regional API node Fallback → 198.51.100.42 # Global API nodeEdge casesGeoDNS works well, but it’s worth keeping in mind a few edge cases and limitations when you get set up.Resolver location ≠ user locationBy default, Gcore uses ECS (EDNS Client Subnet) for precise client subnet geo-balancing. If ECS isn’t present, resolver IP is used, which may skew location (e.g., public resolvers, mobile carriers). ECS usage can be disabled in the ManagedDNS UI if needed.Caching slows failoverEven if your upstream fails, users may have cached the original IP for minutes. Fallback + TTL tuning are key.No sub-regional precisionYou can route by continent, country, or ASN—but not city. City-level precision isn’t currently supported.Gcore delivers simple solutions to big problemsGeo-aware routing is one of those features that quietly solves big problems, especially when your app or CDN runs globally. With Gcore DNS, you don’t need complex infrastructure to start optimizing traffic flow.Geo-aware routing with Gcore DNS is a lightweight way to optimize performance, localize content, or handle regional failover. If you need greater precision, consider pairing GeoDNS with in-app geolocation logic or CDN edge logic. But for many routing use cases, DNS is the simplest and fastest way to go.Get free-forever Gcore DNS with just a few clicks

August 20, 2025 4 min read
3 underestimated security risks of AI workloads and how to overcome them
How-tos

3 underestimated security risks of AI workloads and how to overcome them

Artificial intelligence workloads introduce a fundamentally different security landscape for engineering and security teams. Unlike traditional applications, AI systems must protect not just endpoints and networks, but also training data pipelines, feature stores, model repositories, and inference APIs. Each phase of the AI life cycle presents distinct attack vectors that adversaries can exploit to corrupt model behavior, extract proprietary logic, or manipulate downstream outputs.In this article, we uncover three security vulnerabilities of AI workloads and explain how developers and MLOps teams can overcome them. We also look at how investing in your AI security can save time and money, explore the challenges that lie ahead for AI security, and offer a simplified way to protect your AI workloads with Gcore.Risk #1: data poisoningData poisoning is a targeted attack on the integrity of AI systems, where malicious actors subtly inject corrupted or manipulated data into training pipelines. The result is a model that behaves unpredictably, generates biased or false outputs, or embeds hidden logic that can be triggered post-deployment. This can undermine business-critical applications—from fraud detection and medical diagnostics to content moderation and autonomous decision-making.For developers, the stakes are high: poisoned models are hard to detect once deployed, and even small perturbations in training data can have system-wide consequences. Luckily, you can take a few steps to mitigate against data poisoning and then implement zero-trust AI to further protect your workloads.Mitigation and hardeningRestrict dataset access using IAM, RBAC, or identity-aware proxies.Store all datasets in versioned, signed, and hashed formats.Validate datasets with automated schema checks, label distribution scans, and statistical outlier detection before training.Track data provenance with metadata logs and checksums.Block training runs if datasets fail predefined data quality gates.Integrate data validation scripts into CI/CD pipelines pre-training.Enforce zero-trust access policies for data ingestion services.Solution integration: zero-trust AIImplement continuous authentication and authorization for each component interacting with data (e.g., preprocessing scripts, training jobs).Enable real-time threat detection during training using runtime security tools.Automate incident response triggers for unexpected file access or data source changes.Risk #2: adversarial attacksAdversarial attacks manipulate model inputs in subtle ways that trick AI systems into making incorrect or dangerous decisions. These perturbations—often imperceptible to humans—can cause models to misclassify images, misinterpret speech, or misread sensor data. In high-stakes environments like facial recognition, autonomous vehicles, or fraud detection, these failures can result in security breaches, legal liabilities, or physical harm.For developers, the threat is real: even state-of-the-art models can be easily fooled without adversarial hardening. The good news? You can make your models more robust by combining defensive training techniques, input sanitization, and secure API practices. While encrypted inference doesn’t directly block adversarial manipulation, it ensures that sensitive inference data stays protected even if attackers attempt to probe the system.Mitigation and hardeningUse adversarial training frameworks like CleverHans or IBM ART to expose models to perturbed inputs during training.Apply input sanitization layers (e.g., JPEG re-encoding, blurring, or noise filters) before data reaches the model.Implement rate limiting and authentication on inference APIs to block automated adversarial probing.Use model ensembles or randomized smoothing to improve resilience to small input perturbations.Log and analyze input-output patterns to detect high-variance or abnormal responses.Test models regularly against known attack vectors using robustness evaluation tools.Solution integration: encrypted inferenceWhile encryption doesn't prevent adversarial inputs, it does mean that input data and model responses remain confidential and protected from observation or tampering during inference.Run inference in trusted environments like Intel SGX or AWS Nitro Enclaves to protect model and data integrity.Use homomorphic encryption or SMPC to process encrypted data without exposing sensitive input.Ensure that all intermediate and output data is encrypted at rest and in transit.Deploy access policies that restrict inference to verified users and approved applications.Risk #3: model leakage of intellectual assetsModel leakage—or model extraction—happens when an attacker interacts with a deployed model in ways that allow them to reverse-engineer its structure, logic, or parameters. Once leaked, a model can be cloned, monetized, or used to bypass the very defenses it was meant to enforce. For businesses, this means losing competitive IP, compromising user privacy, or enabling downstream attacks.For developers and MLOps teams, the challenge is securing deployed models in a way that balances performance and privacy. If you're exposing inference APIs, you’re exposing potential entry points—but with the right controls and architecture, you can drastically reduce the risk of model theft.Mitigation and hardeningEnforce rate limits and usage quotas on all inference endpoints.Monitor for suspicious or repeated queries that indicate model extraction attempts.Implement model watermarking or fingerprinting to trace unauthorized model use.Obfuscate models before deployment using quantization, pruning, or graph rewriting.Disable or tightly control any model export functionality in your platform.Sign and verify inference requests and responses to ensure authenticity.Integrate security checks into CI/CD pipelines to detect risky configurations—such as public model endpoints, export-enabled containers, or missing inference authentication—before they reach production.Solution integration: native security integrationIntegrate model validation, packaging, and signing into CI/CD pipelines.Serve models from encrypted containers or TEEs, with minimal runtime exposure.Use container and image scanning tools to catch misconfigurations before deployment.Centralize monitoring and protection with tools like Gcore WAAP for real-time anomaly detection and automated response.How investing in AI security can save your business moneyFrom a financial point of view, the use of AI and machine learning in cybersecurity can lead to massive cost savings. Organizations that utilize AI and automation in cybersecurity have saved an average of $2.22 million per data breach compared to organizations that do not have these protections in place. This is because the necessity for manual oversight is reduced, lowering the total cost of ownership, and averting costly security breaches. The initial investment in advanced security technologies yields returns through decreased downtime, fewer false positives, and an enhanced overall security posture.Challenges aheadWhile securing the AI lifecycle is essential, it’s still difficult to balance robust security with a positive user experience. Rigid scrutiny can add additional latency or false positives that can stop operations, but AI-powered security can avoid such incidents.Another concern organizations must contend with is how to maintain current AI models. With threats changing so rapidly, today's newest model could easily become outdated by tomorrow’s. Solutions must have an ongoing learning ability so that security detection parameters can be revised.Operational maturity is also a concern, especially for companies that operate in multiple geographies. Well-thought-out strategies and sound governance processes must accompany the integration of complex AI/ML tools with existing infrastructure, but automation still offers the most benefits by reducing the overhead on security teams and helping ensure consistent deployment of security policies.Get ahead of AI security with GcoreAI workloads introduce new and often overlooked security risks that can compromise data integrity, model behavior, and intellectual property. By implementing practices like zero-trust architecture, encrypted inference, and native security integration, developers can build more resilient and trustworthy AI systems. As threats evolve, staying ahead means embedding security at every phase of the AI lifecycle.Gcore helps teams apply these principles at scale, offering native support for zero-trust AI, encrypted inference, and intelligent API protection. As an experienced AI and security solutions provider, our DDoS Protection and AI-enabled WAAP solutions integrate natively with Everywhere Inference and GPU Cloud across 210+ global points of presence. That means low latency, high performance, and proven, robust security, no matter where your customers are located.Talk with our AI security experts and secure your workloads today

July 31, 2025 5 min read
Flexible DDoS mitigation with BGP Flowspec cover image
How-tos

Flexible DDoS mitigation with BGP Flowspec

For customers who understand their own network traffic patterns, rigid DDoS protection can be more of a limitation than a safeguard. That’s why Gcore supports BGP Flowspec: a flexible, standards-based method for defining granular filters that block or rate-limit malicious traffic in real time…before it reaches your infrastructure.In this article, we’ll walk through:What Flowspec is and how it worksThe specific filters and actions Gcore supportsCommon use cases, with example rule definitionsHow to activate and monitor Flowspec in your environmentWhat is the BGP Flowspec?BGP Flowspec (RFC 8955) extends Border Gateway Protocol to distribute traffic filtering rules alongside routing updates. Instead of static ACLs or reactive blackholing, Flowspec enables near-instantaneous propagation of mitigation rules across networks.BGP tells routers how to reach IP prefixes across the internet. With Flowspec, those same BGP announcements can now carry rules, not just routes. Each rule describes a pattern of traffic (e.g., TCP SYN packets >1000 bytes from a specific subnet) and what action to take (drop, rate-limit, mark, or redirect).What are the benefits of the BGP Flowspec?Most traditional DDoS protection services react to threats after they start, whether by blackholing traffic to a target IP, redirecting flows to a scrubbing center, or applying rigid, static filters. These approaches can block legitimate traffic, introduce latency, or be too slow to respond to fast-evolving attacks.Flowspec offers a more flexible alternative.Proactive mitigation: Instead of waiting for attacks, you can define known-bad traffic patterns ahead of time and block them instantly. Flowspec lets experienced operators prevent incidents before they start.Granular filtering: You’re not limited to blocking by IP or port. With Flowspec, you can match on packet size, TCP flags, ICMP codes, and more, enabling fine-tuned control that traditional ACLs or RTBH don’t support.Edge offloading: Filtering happens directly on Gcore’s routers, offloading your infrastructure and avoiding scrubbing latency.Real-time updates: Changes to rules are distributed across the network via BGP and take effect immediately, faster than manual intervention or standard blackholing.You still have the option to block traffic during an active attack, but with Flowspec, you gain the flexibility to protect services with minimal disruption and greater precision than conventional tools allow.Which parts of the Flowspec does Gcore implement?Gcore supports twelve filter types and four actions of the Flowspec.Supported filter typesGcore supports all 12 standard Flowspec match components.Filter FieldDescriptionDestination prefixTarget subnet (usually your service or app)Source prefixSource of traffic (e.g., attacker IP range)IP protocolTCP, UDP, ICMP, etc.Port / Source portMatch specific client or server portsDestination portMatch destination-side service portsICMP type/codeFilter echo requests, errors, etc.TCP flagsFilter packets by SYN, ACK, RST, FIN, combinationsPacket lengthFilter based on payload sizeDSCPQuality of service code pointFragmentMatch on packet fragmentation characteristicsSupported actionsGcore DDoS Protection supports the following Flowspec actions, which can be triggered when traffic matches a specific filter:ActionDescriptionTraffic-rate (0x8006)Throttle/rate limit traffic by byte-per-second rateredirectRedirect traffic to alternate location (e.g., scrubbing)traffic-markingApply DSCP marks for downstream classificationno-action (drop)Drop packets (rate-limit 0)Rule orderingRFC 5575 defines the implicit order of Flowspec rules. The crucial point is that more specific announcements take preference, not the order in which the rules are propagated.Gcore also respects Flowspec rule ordering per RFC 5575. More specific filters override broader ones. Future support for Flowspec v2 (with explicit ordering) is under consideration, pending vendor adoption.Blackholing and extended blackholing (eBH)Remote-triggered blackhole (RTBH) is a standardized protection method that the client manages via BGP by analyzing traffic, identifying the direction of the attack (i.e., the destination IP address). This method protects against volumetric attacks.Customers using Gcore IP Transit can trigger immediate blackholing for attacked prefixes via BGP, using the well-known blackhole community tag 65000:666. All traffic to that destination IP is dropped at Gcore’s edge.The list of supported BGP communities is available here.BGP extended blackholeExtended blackhole (eBH) allows for more granular blackholing that does not affect legitimate traffic. For customers unable to implement Flowspec directly, Gcore supports eBH. You announce target prefixes with pre-agreed BGP communities, and Gcore translates them into Flowspec mitigations.To configure this option, contact our NOC at noc@gcore.lu.Monitoring and limitationsGcore can support several logging transports, including mail and Slack.If the number of Flowspec prefixes exceeds the configured limit, Gcore DDoS Protection stops accepting new announcements, but BGP sessions and existing prefixes will stay active. Gcore will receive a notification that you reached the limit.How to activateActivation takes just two steps:Define rules on your edge router using Flowspec NLRI formatAnnounce rules via BGP to Gcore’s intermediate control planeThen, Gcore validates and propagates the filters to border routers. Filters are installed on edge devices and take effect immediately.If attack patterns are unknown, you’ll first need to detect anomalies using your existing monitoring stack, then define the appropriate Flowspec rules.Need help activating Flowspec? Get in touch via our 24/7 support channels and our experts will be glad to assist.Set up GRE and benefit from Flowspec today

July 24, 2025 3 min read
How-tos

Securing AI from the ground up: defense across the lifecycle

As more AI workloads shift to the edge for lower latency and localized processing, the attack surface expands. Defending a data center is old news. Now, you’re securing distributed training pipelines, mobile inference APIs, and storage environments that may operate independently of centralized infrastructure, especially in edge or federated learning contexts. Every stage introduces unique risks. Each one needs its own defenses.Let’s walk through the key security challenges across each phase of the AI lifecycle, and the hardening strategies that actually work.PhaseTop threatsHardening stepsTrainingData poisoning, leaksValidation, dataset integrity tracking, RBAC, adversarial trainingDevelopmentModel extraction, inversionRate limits, obfuscation, watermarking, penetration testingInferenceAdversarial inputs, spoofed accessInput filtering, endpoint auth, encryption, TEEsStorage and deploymentModel theft, tamperingEncrypted containers, signed builds, MFA, anomaly monitoringTraining: your model is only as good as its dataThe training phase sets the foundation. If the data going in is poisoned, biased, or tampered with, the model will learn all the wrong lessons and carry those flaws into production.Why it mattersData poisoning is subtle. You won’t see a red flag during training logs or a catastrophic failure at launch. These attacks don’t break training, they bend it.A poisoned model may appear functional, but behaves unpredictably, embeds logic triggers, or amplifies harmful bias. The impact is serious later in the AI workflow: compromised outputs, unexpected behavior, or regulatory non-compliance…not due to drift, but due to training-time manipulation.How to protect itValidate datasets with schema checks, label audits, and outlier detection.Version, sign, and hash all training data to verify integrity and trace changes.Apply RBAC and identity-aware proxies (like OPA or SPIFFE) to limit who can alter or inject data.Use adversarial training to improve model robustness against manipulated inputs.Development and testing: guard the logicOnce you’ve got a trained model, the next challenge is protecting the logic itself: what it knows and how it works. The goal here is to make attacks economically unfeasible.Why it mattersModels encode proprietary logic. When exposed via poorly secured APIs or unprotected inference endpoints, they’re vulnerable to:Model inversion: Extracting training dataExtraction: Reconstructing logicMembership inference: Revealing whether a datapoint was in trainingHow to protect itApply rate limits, logging, and anomaly detection to monitor usage patterns.Disable model export by default. Only enable with approval and logging.Use quantization, pruning, or graph obfuscation to reduce extractability.Explore output fingerprinting or watermarking to trace unauthorized use in high-value inference scenarios.Run white-box and black-box adversarial evaluations during testing.Integrate these security checks into your CI/CD pipeline as part of your MLOps workflow.Inference: real-time, real riskInference doesn’t get a free pass because it’s fast. Security needs to be just as real-time as the insights your AI delivers.Why it mattersAdversarial attacks exploit the way models generalize. A single pixel change or word swap can flip the classification.When inference powers fraud detection or autonomous systems, a small change can have a big impact.How to protect itSanitize input using JPEG compression, denoising, or frequency filtering.Train on adversarial examples to improve robustness.Enforce authentication and access control for all inference APIs—no open ports.Encrypt inference traffic with TLS. For added privacy, use trusted execution environments (TEEs).For highly sensitive cases, consider homomorphic encryption or SMPC—strong but compute-intensive solutions.Check out our free white paper on inference optimization.Storage and deployment: don’t let your model leakOnce your model’s trained and tested, you’ve still got to deploy and store it securely—often across multiple locations.Why it mattersUnsecured storage is a goldmine for attackers. With access to the model binary, they can reverse-engineer, clone, or rehost your IP.How to protect itStore models on encrypted volumes or within enclaves.Sign and verify builds before deployment.Enforce MFA, RBAC, and immutable logging on deployment pipelines.Monitor for anomalous access patterns—rate, volume, or source-based.Edge strategy: security that moves with your AIAs AI moves to the edge, centralized security breaks down. You need protection that operates as close to the data as your inference does.That’s why we at Gcore integrate protection into AI workflows from start to finish:WAAP and DDoS mitigation at edge nodes—not just centralized DCs.Encrypted transport (TLS 1.3) and in-node processing reduce exposure.Inline detection of API abuse and L7 attacks with auto-mitigation.180+ global PoPs to maintain consistency across regions.AI security is lifecycle securityNo single firewall, model tweak, or security plugin can secure AI workloads in isolation. You need defense in depth: layered, lifecycle-wide protections that work at the data layer, the API surface, and the edge.Ready to secure your AI stack from data to edge inference?Talk to our AI security experts

July 14, 2025 3 min read
Fundamentals

3 ways to safeguard your website against DDoS attacks—and why it matters

DDoS (distributed denial-of-service) attacks are a type of cyberattack in which a hacker overwhelms a server with an excessive number of requests, causing the server to stop functioning correctly and denying access to legitimate users. The volume of these types of attacks is increasing, with a 56% year-on-year rise recorded in late 2024, driven by factors including the growing availability of AI-powered tools, poorly secured IoT devices, and geopolitical tensions worldwide.Fortunately, there are effective ways to defend against DDoS attacks. Because these threats can target different layers of your network, a single tool isn’t enough, and a multi-layered approach is necessary. Businesses need to protect both the website itself and the infrastructure behind it. This article explores the three key security solutions that work together to protect your website—and the costly consequences of failing to prepare.The consequences of not protecting your website against DDoS attacksIf your website isn’t sufficiently protected, DDoS attacks can have severe and far-reaching impacts on your website, business, and reputation. They not only disrupt the user experience but can spiral into complex, costly recovery efforts. Safeguarding your website against DDoS attacks is essential to preventing the following serious outcomes:Downtime: DDoS attacks can exhaust server resources (CPU, RAM, throughput), taking websites offline and making them unavailable to end users.Loss of business/customers: Frustrated users will leave, and many won’t return after failed checkouts or broken sessions.Financial losses: By obstructing online sales, DDoS attacks can cause businesses to suffer substantial loss of revenue.Reputational damage: Websites or businesses that suffer repeated unmitigated DDoS attacks may cause customers to lose trust in them.Loss of SEO rankings: A website could lose its hard-won SEO ranking if it experiences extended downtime due to DDoS attacks.Disaster recovery costs: DDoS disaster recovery costs can escalate quickly, encompassing hardware replacement, software upgrades, and the need to hire external specialists.Solution #1: Implement dedicated DDoS protection to safeguard your infrastructureAdvanced DDoS protection measures are customized solutions designed to protect your servers and infrastructure against DDoS attacks. DDoS protection helps defend against malicious traffic designed to crash servers and interrupt service.Solutions like Gcore DDoS Protection continuously monitor incoming traffic for suspicious patterns, allowing them to automatically detect and mitigate attacks in real time. If your resources are attacked, the system filters out harmful traffic before it reaches your servers. This means that real users can access your website without interruption, even during an attack.For example, a financial services provider could be targeted by cybercriminals attempting to disrupt services with a large-scale volumetric DDoS attack. With dedicated DDoS protection, the provider can automatically detect and filter out malicious traffic before it impacts users. Customers can continue to log in, check balances, and complete transactions, while the system adapts to the evolving nature of the attack in the background, maintaining uninterrupted service.The protection scales with your business needs, automatically adapting to higher traffic loads or more complex attacks. Up-to-date reports and round-the-clock technical support allow you to keep track of your website status at all times.Solution #2: Enable WAAP to protect your websiteGcore WAAP (web application and API protection) is a comprehensive solution that monitors, detects, and mitigates cyber threats, including DDoS layer 7 attacks. WAAP uses AI-driven algorithms to monitor, detect, and mitigate threats in real time, offering an additional layer of defense against sophisticated attackers. Once set up, the system provides powerful tools to create custom rules and set specific triggers. For example, you can specify the conditions under which certain requests should be blocked, such as sudden spikes in API calls or specific malicious patterns common in DDoS attacks.For instance, an e-commerce platform during a major sale like Black Friday could be targeted by bots attempting to flood the site with fake login or checkout requests. WAAP can differentiate between genuine users and malicious bots by analyzing traffic patterns, rate of requests, and attack behaviors. It blocks malicious requests so that real customers can continue to complete transactions without disruption.Solution #3: Connect to a CDN to strengthen defenses furtherA trustworthy content delivery network (CDN) is another valuable addition to your security stack. A CDN is a globally distributed server network that ensures efficient content delivery. CDNs spread traffic across multiple global edge servers, reducing the load on the origin server. During a DDoS attack, a CDN with DDoS protection can protect servers and end users. It filters traffic at the edge, blocking threats before they ever reach your infrastructure. Caching servers within the CDN network then deliver the requested content to legitimate users, preventing network congestion and denial of service to end users.For instance, a gaming company launching a highly anticipated multiplayer title could face a massive surge in traffic as players around the world attempt to download and access the game simultaneously. This critical moment also makes the platform a prime target for DDoS attacks aimed at disrupting the launch. A CDN with integrated DDoS protection can absorb and filter out malicious traffic at the edge before it reaches the core infrastructure. Legitimate players continue to enjoy fast downloads and seamless gameplay, while the origin servers remain stable and protected from overload or downtime.In addition, Super Transit intelligently routes your traffic via Gcore’s 180+ point-of-presence global network, proactively detecting, mitigating, and filtering DDoS attacks. Even mid-attack, users experience seamless access with no interruptions. They also benefit from an enhanced end-user experience, thanks to shorter routes between users and servers that reduce latency.Taking the next steps to protect your websiteDDoS attacks pose significant threats to websites, but a proactive approach is the best way to keep your site online, secure, and resilient. Regardless of your industry or location, it’s crucial to take action to safeguard your website and maintain its uninterrupted availability.Enabling Gcore DDoS protection is a simple and proven way to boost your digital infrastructure’s resiliency against different types of DDoS attacks. Gcore DDoS protection also integrates with other security solutions, including Gcore WAAP, which protects your website and CDNs. These tools work seamlessly together to provide advanced website protection, offering improved security and performance in one intuitive platform.If you’re ready to try Gcore Edge Security, fill in the form below and one of our security experts will be in touch for a personalized consultation.

July 8, 2025 4 min read
How-tos

Tuning Gcore CDN rules for dynamic application data caching

Caching services like a CDN service can be a solid addition to your web stack. They lower response latency and improve user experience while also helping protect your origin servers through security features like access control lists (ACLs) and traffic filtering. However, if you’re running a highly dynamic web service, a misconfigured CDN might lead to the delivery of stale or, in the worst case, wrong data.If you’re hosting a dynamic web service and want to speed it up, this guide is for you. It explains the common issues dynamic services have with CDNs and how to solve them with Gcore CDN.How does dynamic data differ from static data?There are two main differences between static and dynamic data:Change frequency: Dynamic data changes more often than static data. Some websites stay the same for weeks or months; others change multiple times daily.Personalized responses: Static systems deliver the same response for a given URL path. Dynamic systems, by contrast, can generate different responses for each user, based on parameters like authentication, location, session data, or user preferences.Now, you might ask: Aren’t static websites simply HTML pages while dynamic ones are generated on-the-fly by application servers?It depends.A website consisting only of HTML pages might still be dynamic if the pages are changed frequently, and an application server that generates HTML responses can serve the same HTML forever and always provide everyone with the same content for a URL. The CDN network doesn’t know how you create the HTML. It only sees the finished product and decides how long it should cache it. You need to decide on a case-by-case basis.How do cache rules affect dynamic data?When using a CDN, you have to define rules that govern the caching of your data. If you consider this data dynamic, either because it changes frequently or because you deliver user-specific responses, those rules can drastically impact the user experience, ranging from the delivery of stale data to completely wrong data.Cache expirationFirst, consider cache expiration time. With Gcore CDN, you have two options:Let your origin server control it. This is ideal for dynamic systems using application servers because it gives you precise control without needing to adjust Gcore settings.Let Gcore CDN control it. This works well for static HTTP servers delivering HTML pages that change often. If you can’t modify the server’s cache configuration, using Gcore’s settings is easier.No matter which method you choose, understand what your users consider “stale” and set the expiration time accordingly.Query string handlingNext, decide how Gcore CDN should handle URL query parameters. Ignoring them can improve performance—but for dynamic systems that use query strings for server-side sorting, filtering, or pagination, this can break functionality.For example, a headless CMS might use: https://example.com/api/posts?sort=asc&start=99If the CDN ignores the query string, it will always deliver the cached response, even if new parameters are requested. So, make sure to disable the Ignore query string parameters setting when necessary.Cookie bypassingCookies are often used for session handling. While ignoring cookies can boost performance, doing so risks breaking applications that rely on them.For example: https://example.com/api/users/profileIf this endpoint relies on a session cookie, caching without considering the cookie will serve the same user profile to everyone. Be sure to disable “Ignore cookies” if your server uses them for authentication or personalization.Cache key customizationIf you need more detailed control over the caching, you can modify the cache key generation. This key defines the mapping of a request to a cache entry and allows you to manage the granularity of your caching.The Gcore Customer Portal offers basic customization functionality, and the support team can help with advanced rules. For example, adding the request method (e.g., GET, HEAD, POST, etc.) to your cache key ensures a single URL has a dedicated cache entry for each method instead of using one for all.GraphQL considerationsMost GraphQL implementations only use POST requests and include the GraphQL query in the request body. This means every GraphQL request will use the same URL and the same method, regardless of the query. Gcore CDN doesn’t check the request body when caching, so every query will result in the same cache key and override each other.To make sure the CDN doesn’t break your API, turn off caching for all your GraphQL endpoints.Path-based CDN rules for hybrid contentIf your application serves both static and dynamic content across different paths, Gcore CDN rules offer a powerful way to manage caching more granularly.Using the CDN rules engine, you can create specific rules for individual file paths or extensions. This allows you to apply dynamic-appropriate settings—like disabling caching or respecting cookies—only to dynamic endpoints (e.g., /api/**), while using more aggressive caching for static assets (e.g., /assets/**, /images/**, or /js/**).This path-level control delivers performance gains from CDN caching without compromising the correctness of dynamic content delivery.SummaryUsing a CDN is an easy way to improve your site’s performance, and even dynamic applications can benefit from CDN caching when configured correctly. Check that:Expiration times reflect real-world freshness needsQuery strings and cookies aren’t ignored if they affect the responseCache keys are customized where neededGraphQL endpoints are excluded from cachingCDN rules are used to apply different settings for dynamic and static pathsWith the right setup, you can safely speed up even the most complex applications.Explore our step-by-step guide to setting rules for particular files in Gcore CDN.Discover Gcore CDN

July 3, 2025 3 min read
Fundamentals

How AI is reshaping the future of interactive streaming

Interactive streaming is entering a new era. Artificial intelligence is changing how live content is created, delivered, and experienced. Advances in real-time avatars, voice synthesis, deepfake rendering, and ultra-low-latency delivery are giving rise to new formats and expectations.Viewers don’t want to be passive audiences anymore. They want to interact, influence, and participate. For platforms that want to lead, the stakes are growing: innovate now, or fall behind.At Gcore, we support this shift with global streaming infrastructure built to handle responsive, AI-driven content at scale. This article explores how real-time interactivity is evolving and how you can prepare for what’s next.A new era for live contentStreaming used to mean watching someone else perform. Today, it’s becoming a conversation between the creator and the viewer. AI tools are making live content more reactive and personalized. A cooking show host can take ingredient requests from the audience and generate live recipes. A language tutor can assess student pronunciation and adjust the lesson plan on the spot. These aren’t speculative use cases—they’re already being piloted.Traditional cameras and presenters are no longer required. Some creators now use entirely digital hosts, powered by motion capture and generative AI. They can stream with multiple personas, switch backgrounds on command, or pause for mid-session translations. This evolution is not about replacing humans but creating new ways to engage that scale across time zones, languages, and platforms.Creating virtual influencersVirtual influencers are digital characters designed to build audiences, promote products, and hold conversations with followers. Unlike human influencers, they don’t get tired, change jobs, or need extensive re-shoots when messaging changes. They’re fully programmable, and the most successful ones are backed by teams of writers, animators, and brand strategists.For example, a skincare company might launch a virtual influencer with a consistent tone, recognizable look, and 24/7 availability. This persona could host product tutorials in the morning, respond to DMs during the day, and livestream reactions to customer feedback at night—all in the local language of the audience.These characters are not limited to influencer marketing. A virtual celebrity might appear as a guest at a live product launch or provide commentary during a sports event. The point is consistency, scalability, and control. Gcore’s global delivery network ensures these digital personas perform without delay, wherever the audience is located.Real-time avatars and AI-generated personasReal-time avatars use motion capture and emotion detection to mimic human behavior with digital models. A fitness instructor can appear as a stylized avatar while tracking their own real movements. A virtual talk show host can gesture, smile, or pause in response to viewer comments. These avatars do more than just look the part—they respond dynamically.AI-generated personas build on this foundation with language generation and decision-making. For instance, an edtech company could deploy a digital tutor that asks learners comprehension questions and adapts its tone based on their engagement level. In entertainment, a music artist might perform live as a virtual character that reflects audience mood through color shifts, dance patterns, or facial expression.These experiences require ultra-low latency. If the avatar lags, the illusion collapses. Gcore’s infrastructure supports the real-time input-output loop needed to make digital characters feel present and responsive.Deepfake technology for creative storytellingDeepfakes are often associated with misinformation, but the same tools can be used to build engaging, high-integrity content. The technology enables face-swapping, voice cloning, and character animation, all of which are powerful in live formats.A museum might use deepfake avatars of historical figures for interactive educational sessions. Visitors could ask questions, and Abraham Lincoln or Golda Meir might respond with historically grounded answers in real time. A brand could create a fictional spokesperson who evolves over time, appearing in product demos, ads, and livestreams. Deepfake technology also allows multilingual content without re-recording—the speaker’s lip movements and tone are modified to match each language.These applications raise legitimate ethical questions. Gcore’s streaming infrastructure includes controls to ensure the source and integrity of AI-generated content are traceable and secure. We provide the technical foundation that enables deepfake use cases without compromising trust.Synthetic voices and personalized audioAudio is often overlooked in discussions about AI streaming, but it’s just as important as video. Synthetic voices today can express subtle emotions and match speaking styles. They can whisper, shout, pause for dramatic effect, and even mimic regional accents.Let’s consider a news platform that offers interactive daily briefings. Viewers choose their preferred language, delivery style (casual, serious, humorous), and even the voice profile. The AI generates a personalized broadcast on the fly. In gaming, synthetic characters can offer encouragement, warn about strategy mistakes, or narrate progress—all without human voice actors.Gcore’s streaming infrastructure ensures that synthetic voice outputs are tightly synchronized with video, so users don’t experience out-of-sync dialogue or lag during back-and-forth exchanges.Increasing interactivity through feedback and participationInteractivity in streaming now goes far beyond comments or emoji reactions. It includes live polls that influence story outcomes, branching narratives based on audience behavior, and user-generated content layered into the broadcast.For example, a live talent show might allow viewers to suggest challenges mid-broadcast. An online classroom could let students vote on the next topic. A product launch might include a real-time Q&A where the host pulls questions from chat and answers them in the moment.All of these use cases rely on real-time data processing, behavior tracking, and adaptive rendering. Gcore’s platform handles the underlying complexity so that creators can focus on building experiences, not infrastructure.Why low latency is criticalInteractive content only works if it feels immediate. A delay of even a second can break immersion, especially when users are trying to influence the outcome or receive a response. Low latency is essential for real-time gaming, sports, interviews, and educational formats.A live trivia game with hundreds of participants won’t retain users if there’s a lag between the question appearing and the timer starting. A remote surgery training session won’t work if the avatar’s responses trail behind the mentor’s instructions. In each of these cases, timing is everything.Gcore Video Streaming minimizes buffering, supports high-resolution streams, and synchronizes data flows to keep participants engaged. Our infrastructure is built to support high-throughput, globally distributed audiences with the responsiveness that interactive formats demand.Preparing for what’s nextAI-generated content is no longer a novelty. It’s becoming a standard feature of modern streaming strategies. Whether you’re building a platform that features virtual influencers, immersive avatars, or interactive educational streams, the foundation matters. That foundation is infrastructure.If you’re planning the next generation of live content, we’re ready to help you bring it to life. At Gcore, we provide the performance, scale, and security to launch these experiences with confidence. Our streaming solutions are designed to support real-time content generation, audience interaction, and global delivery without compromise.Want to see interactive streaming in action? Learn how fan.at used Gcore Video Streaming to deliver ultra-low-latency streams and boost fan engagement with real-time features.Read the case study

June 24, 2025 4 min read
Fundamentals

What are captions and subtitles, and how do they work?

Subtitles and captions are essential to consuming video content today. But how do they work behind the scenes?Creating subtitles and captions involves a five-step process to ensure that your video’s spoken and auditory content is accurately and effectively conveyed. The five steps are transcription, correction, synchronization/spotting, translation, and simulation/display on screen.The whole process is usually managed using specialized subtitle or caption creator software.In this blog, we explain the five steps in more detail, what the end user sees, and how to choose the right caption/subtitle service for your needs.Step 1: TranscriptionSpoken content is transformed into a text-based format. Formats are different ways to implement the textual elements, depending on technical needs.Transcription creates the raw materials that will be refined in stages 2–4.Step 2: CorrectionCorrection enhances readability by improving the textual flow. Punctuation, grammar, and sentence structure are adjusted so that the user’s reading experience is seamless and doesn’t detract from the content.Step 3: Synchronization/spottingNext, the text and audio are aligned precisely. Each caption or subtitle’s timing is adjusted so it appears and disappears at the correct moment.Step 4: TranslationTranslation is required for content intended for consumption in multiple languages. During this stage, it’s important to consider format requirements and character limitations. For example, a caption that fits on two lines in English might require three in Spanish, and so in Spanish, one caption becomes two. As a result, additional synchronization might be necessary.Step 5: Simulation/display on screenFinally, the captions or subtitles need to be integrated onto the end user’s screen. Formatting issues might arise at this stage, requiring tweaks for an optimal user experience.How does the end user see subtitles and captions?After the technical process of creating captions and subtitles, the next step is understanding how these elements appear to the end user. The type of captions you choose can greatly impact the user experience, especially when considering accessibility, engagement, and clarity. Below, we break down the different options available and how they serve different viewing scenarios.Open captions: These are always visible to viewers and are a fixed part of the video. They’re popular, for example, for video installations in museums and employee training videos—cases where maximum accessibility is the key consideration when it comes to captions and/or subtitles.Closed captions: Viewers can turn these on or off based on preference. For instance, an online course might offer this feature, allowing learners to choose how to consume the content. Students could opt temporarily to turn on closed captions to note the spelling of a new term introduced during the course.Real-time captions: These are great for live events like webinars, where the text appears almost simultaneously as the words are spoken. They keep the audience engaged in real time without missing out on crucial points. For example, ambient noise like chatter in a sports bar might obscure commentary on a live TV basketball game. Real-time captions allow viewers to benefit from near-live commentary regardless of the bar’s noise levels or if the TV’s sound is muted.Burned-in subtitles: These are etched onto the video and cannot be turned off. A promotional video targeting a multilingual audience might use this feature so that everyone understands the message, regardless of their language preference.What to look for in captioning and subtitling servicesTo deliver high-quality captions and subtitles, it's important to choose a provider that offers key features for accuracy, efficiency, and audience engagement.Original language transcription: Accurate documentation of every spoken word in your video for unrivaled accuracy.Tailored translation: Localized content that integrates translations with cultural relevance, increasing resonance with diverse audiences.Alignment synchronization: Time-annotated subtitles, matching words perfectly to the on-screen action.Automatic SRT file generation: A simplified subtitling and captioning process through effortless file creation for a better user experience.Transform your videos with cutting-edge captions and subtitles from GcoreNo matter your video content needs, it’s essential to be aware of the best type of captions and subtitles for your audience’s needs. Choosing the right format ensures a smoother viewing experience, better accessibility, and stronger engagement across every platform.Gcore Video Streaming offers subtitles and closed captions to enhance users’ experience. Each feature within the subtitling and captioning toolkit is crafted to expand your video content’s reach and impact, catering to a multitude of use cases. Embedding captions is quick and easy, and AI-automated speech recognition also saves you time and money.Try Gcore's automated subtitle and caption solution for free

June 16, 2025 3 min read

Subscribe to our newsletter

Get the latest industry trends, exclusive insights, and Gcore updates delivered straight to your inbox.

Subscribe