Protecting Real-Time Applications Against DDoS Without Using a CDN

May 20, 2021By Subspace Team

TL;DR

Over the past couple of years, we have seen an alarming increase in distributed denial-of-service attacks on real-time applications. Current options, including CDNs, are not built for real-time and do not offer sufficient solutions for preventing DDoS dangers. Subspace is a global platform that routes traffic at the speed of light in real-time, protecting against DDoS attacks without increasing latency.

Estimated read time: 5 minutes


Over the past couple of years, we have seen an alarming increase in Distributed Denial-of-Service (DDoS) attacks on real-time applications. Unfortunately, current options available to developers, including legacy Content Delivery Networks (CDNs), were never intended for real-time applications and do not offer solutions that address DDoS dangers. Subspace’s optimized global network protects against DDoS attacks by eliminating the latency created by traditional routing techniques.

DDoS Dangers in Gaming

The past year brought a staggering increase in DDoS attacks, particularly in real-time gaming and gambling. After losses, glitches, or other user complaints, some users have exacted revenge against app publishers with DDoS attacks. The 2020 Q3 DDoS Threat Report from Nexusguard reveals a 287% increase in DDoS attacks compared to the previous year. Nearly 77% of those attacks targeted gaming and gambling.

Protection against DDoS attacks isn’t usually high on engineers’ and publishers’ priority lists when developing apps. Marketing, finance, and resource pressures encourage engineers to defer security concerns until later. This low priority for DDoS attacks can be especially true for many small studios or newer apps. While developers concentrate on building an initial user base, it is easy to rely on security-by-obscurity to keep the application safe. But it’s vital to ensure built-in security brings the protection real-time app developers need and the performance the users demand.

Why Real-Time Developers Look to CDNs

Minimizing latency is crucial for mitigating DDoS attacks. DDoS attacks attempt to consume resources and increase response time until an application becomes unusable. Starting from a low-latency foundation creates a more resilient baseline. It then takes a more powerful attack to reach the point where users’ experience is impacted.

Many engineers look to Content Delivery Networks (CDNs) as a solution when addressing DDoS vulnerabilities. CDNs traditionally reduce latency in internet traffic. CDNs typically pre-position large data files close to the user and cache frequently requested data. This reduction in the physical distance that the data travels reduces latency and load times for traditional internet content.

In addition, CDNs can provide some capacity to absorb a DDoS attack on a typical static website. While this standard technology is a viable solution for traditional uses, it is ineffective in real-time applications. Using CDNs might mitigate some risk of DDoS attacks, but that comes with an increase in latency, which is detrimental to real-time applications.

Why CDNs Aren’t Enough for Real-Time Applications

CDNs, designed for uptime rather than speed, are inadequate for real-time applications. Traditional internet design ensured that the communications network could continue operating even if war or a massive disaster destroyed large network segments. The internet’s designers willingly accepted an increase in latency to increase reliability. As Bayan Towfiq, CEO of Subspace, says, “The internet wasn’t designed for real-time traffic. That’s limiting its capabilities globally across all industries.”

CDNs deliver static content to passive viewers, not real-time applications. In gaming, for example, gamer participation creates content on the fly, just by the gamer moving through the game environment. The content flows in two directions in real-time and can’t be pre-positioned or cached. As a result, CDNs cannot meet the demands of real-time applications.

Hackers Can Blend in and Exploit CDNs

CDNs and the public internet, in general, must handle all the different types of content that customers might potentially use, including video, images, HTTP, SSL, Javascript, and more. Dealing with all these content types provides a large surface for hackers to manipulate. Hackers exploit the multitude of traffic types, enabling them to blend in and hide in the background. For example, during an HTTP request flood, servers receive a massive influx of HTTP requests, usually from widely varying destinations. The CDN can’t identify malicious traffic because each bot appears to be like any other client requesting data.

To determine if each packet is legitimate or malicious, the typical CDN offers a packet scrubber service. The network routes all traffic through the scrubber and examines each packet. It then forwards legitimate packets to the server. Unfortunately, these scrubbers introduce latency into the system because a CDN’s scrubbing centers are typically not as widely distributed as the CDN’s content clusters. The more types of traffic the scrubber must examine, the higher the latency.

While traditional websites can typically handle that amount of latency, it is the enemy of real-time applications, for which [every millisecond counts]. Increased latency in real-time apps results in lag and jitter. The more latency, the greater the customer dissatisfaction, which often leads to even more DDoS attacks along with user drop-offs and negative press.

The Subspace Solution

You can’t compromise on DDoS protection for real-time applications. Engineers who want to protect their real-time applications from the ever-increasing risk of DDoS attacks need to accomplish two things: minimize the opportunity for malicious actors to perpetrate an attack and, if an attack occurs, reduce the impact on users. Subspace can help in both these areas.

Unlike traditional CDNs that rely on distributing static content, Subspace provides a specialized network infrastructure built from the ground up and optimized for real-time applications and has built-in DDoS protection. In addition, unlike the public internet and CDNs, Subspace handles a specialized set of protocols that support real-time applications. Since it’s designed specifically for select protocols, attackers are easy to identify as outliers.

In-line DDoS protection is built into all of our solutions, including PacketAccelerator, which reduces latency and accelerates packets, GlobalTURN, which allows you to run TURN globally without having to maintain servers around the world, and SIPteleport, a Global SIP Proxy for the lowest latency voice and video calls.

The Subspace network masks IP addresses through a proxy to prevent attackers from targeting specific machines. In addition, the network includes line-rate scrubbing that performs security screening without the need for additional proxy servers. Finally, the network examines each packet and applies algorithms to identify suspicious patterns. Because Subspace provides such dramatic optimizations in routing, the entire proxy process happens while still providing an overall decrease in latency.

If an attack does occur, the Subspace network is ready to respond. The network is ultra-fast and built from the ground up to reduce latency. If the DDoS attack introduces additional traffic volume, the network absorbs the extra load without slowing legitimate traffic. When the network identifies the attack source, it eliminates the malicious packets as close to the traffic source as possible, reducing the number of malicious packets spreading throughout the network. As a real-time publisher, you can’t sacrifice latency for security, and with Subspace, you don’t need to sacrifice.

Want to start building on Subspace today? Sign up here.


Related Articles