Gladius has a pretty young crew. Max Niebylski, CEO and cofounder, started the company in July 2017 at the age of 18. He’s 20 now, but his whole crew is on the younger side. And they’re launching a blockchain-based security software platform today to help companies keep their websites up.
His company claims to have figured out a way to put an end to distributed denial of service (DDoS) attacks, which have plagued websites for decades. In such attacks, hackers marshal lots of computers to send requests at web servers, flooding them and bringing them down.
It seemed like the problem was solved not so long ago, but then, the vector for attacks changed. With the rise of the internet of things (IoT), hackers were able to get their hands on many more compromised machines, and in turn, they were able to marshal those machines in much larger DDoS attacks.
“DDoS has never been solved in a way that makes sense,” said Niebylski, in an interview with VentureBeat. “Current providers are centralized. Botnets are decentralized. The providers try to fight decentralized attacks with centralized resources. With Gladius, we fight distributed attacks with a distributed solution.”
The Washington, D.C. company recently completed a private beta. The Gladius DDoS software platform aggregates unused bandwidth from corporations and individuals, making that bandwidth instantly available to any participating company to defend against inbound DDoS attacks. In tandem with its beta launch, Gladius is partnering with cloud provider Digital Ocean to pressure-test the solution’s ability to scale in response to large-scale DDoS attacks. So long as all of the companies in the network are not overwhelmed, a single company could withstand a much heavier than normal attack, Niebylski said.
“We can match 100 nodes or more to match the bandwidth of the attack,” he said. “Blockchains have been around a couple of years. What’s important are the incentives. Before, it was technically feasible to create a peer-to-peer network. But there were no ways to incentive the nodes to participate. With blockchain, it’s possible to make a payment in under 30 seconds to reward the nodes in real time for their protection.”
Gladius is built on top of the Ethereum blockchain. The company has a peer-to-peer overlay on top of the blockchain. So the transactions are done on Ethereum, while all of the website requests are handled by the peer-to-peer overlay, which can function a lot faster than the Ethereum network, Niebylski said.
“It’s a little like how Uber works,” Niebylski said. “People have cars, but they don’t use them most of the time. Companies have bandwidth but don’t use it. Most datacenters have only 30 percent usage. This is a way to monetize that resource better.”
While many cyberattack threats receive greater publicity, the single greatest cyber threat vector today is the same as that 20 years ago — DDoS attacks. 84 percent of websites face a DDoS attack every single year. And according to a Ponemon Institute study, the average downtime due to a DDoS attack is 54 minutes with an average cost of $22,000 per minute. On average, this form of cybercrime costs each company $1.2 million per attack.
Niebylski and his friends founded Gladius in the summer of 2017, when he was a freshman at the University of Maryland. They believed that the decades-long method of fighting DDoS attacks with centralized solutions was too inefficient and too costly for both service providers and commercial website owners. They used a distributed solution to overcome problems associated with scaling power, space, cooling, bandwidth, and server infrastructure for service providers while reducing costs for website operators.
The company raised $200,000 in October 2017, and then it held an initial coin offering (ICO) in December 2017. That token sale allowed the company to raise $20 million. In March, the company held a closed beta program to test its software with 240 participants. In June, it added another 240 participants to the beta, with the participants spread out across 65 countries. The open beta launched on August 31. Now there are 1,000 participants across 80 countries. The company has a dozen or so full-time people and more contractors.
Niebylski said he started getting into security technology at age 10, when he was running a Minecraft server. He kept running into DDoS attacks and then started researching what was happening. He found out about the botnets and how it might take $5 to attack a website and bring it down for hours. He worked on a startup later and people tried to take his company’s website down, just to be mean. He and his team looked around at the solutions and figured they could do better.
“Most people put it in their minds that these attacks are inevitable,” Niebylski said. “But with the sharing economy and the creation of the blockchain, this is the perfect time to tackle this problem in a meaningful way that is quite different from the way current providers do it.”