Prevent Automated Attacks on Websites, Mobile Apps and APIs

Nikhil Karan Taneja, Managing Director-India, SAARC & Middle East, Radware

Over half of all internet traffic is generated by bots - some legitimate, some malicious. Competitors and adversaries alike often deploy “bad” bots that leverage different methods to achieve nefarious objectives. This includes account takeover, scraping data, denying available inventory and launching denial-of-service attacks with the intent of stealing data or causing service disruptions. Sophisticated, large-scale attacks often go undetected by conventional mitigation systems and strategies.

Types of attack by ‘Bad Bots’

Account Takeover - Millions of compromised credentials are available on hacker dump sites, black markets and hacktivist forums. Attackers use automated bots and brute-force attacks to use these credentials, and programmatically attempt to login to target websites and applications. Such loss of customer’s sensitive information impacts brand reputation, in addition to the huge bot traffic slowing down the website or application performance.

Gift Card Fraud - Accepting stolen-credit-cards lead to chargebacks and penalties. Excessive chargebacks result in termination of merchant’s account. Businesses struggle to prevent carding attacks because such attacks go unnoticed by conventional application security measures.

Application DDoS - The application layer in an enterprise infrastructure stack directly impacts the user experience. Layer 7 Distributed Denial of Service (DDoS) attacks pose a business continuity threat, strain web applications, and create service performance degradation. Layer 7 attacks also cause downtime in the event of distributed and coordinated DDoS attacks.

Competitive Espionage - Bots are being used to compile competitive intelligence of time-sensitive content like "Product Prices" on the e-commerce portals. This stolen competitive intelligence is being used to out-price the products and impact the competitiveness of the business.

Content Scraping - For online business, Content is the king. Uniqueness of content, differentiates the business from the competition. Bots are capable of killing the uniqueness of the content by scraping and making it available on other sites. This impacts the competitiveness of the business

Digital Ad Fraud - Bots perform invalid activity on the publisher's website. Automated traffic causes dummy impressions and adversely impacts CTR (click-through rate). Bots undermine publisher’s efforts to help advertisers run successful ad campaigns. Existing security measures are ineffective to filter human-like bots.

Skewed Analytics - Web crawlers, aggregators, and malicious bots cause noisy data. Non-human visitors impact conversion rates and other revenue metrics such as the look-to-book ratio. Automated traffic skews user engagement and retention metrics. The presence of bots also creates unexpected changes in your conversion funnel.

Form Spam - Spammers are trawling the web on the lookout for forms in order to spam them. Form spams bring down the productivity of teams as it is cumbersome to differentiate the real enquiry from the spam enquiries. For specific businesses that capture lead information through forms, spam leads become a huge challenge to manage.

The core challenge for any bot management solution, is to detect every visitor’s intent to help differentiate between human and malicious non-human traffic. As more bad bot developers incorporate artificial intelligence (AI) to make human-like bots that can sneak past security systems, any effective counter measures must also leverage AI and machine learning (ML) techniques to accurately detect the most advanced bad bots.

Left unaddressed, bad bots cause serious problems thereby harming the success or even the continuance of an organisation. Automation abuse is happening 24x7 round the year, and it is critical to be alert and protected as the Bots are there for a purpose!

The best approach, therefore, is to block bad traffic before it ever reaches the public cloud, so you don’t get charged for cloud infrastructure services. Check your terms to see if you’re covered against such attacks and consider how you can protect yourself.

Radware’s Attack Mitigation Solution

Radware’s Bot Manager integrates with Radware’s Attack Mitigation Solution (AMS) to offer the industry’s most advanced protection from sophisticated, automated attacks. Radware’s solution provides complete network and application security protection via a fully integrated system that synchronizes premise- and cloud-based solutions to protect organizations from a variety of threats, such as web application attacks, denial of service, malicious bots and advanced malware. Radware’s AMS features proven, patent-protected machine learning capabilities, advanced automation and real-time intelligence sharing for maximum security at minimum false positives and latency.

The Radware Bot Manager Intent-based Deep Behavior Analysis (IDBA) performs behavioral analysis at a higher level of abstraction of ‘intent’ unlike the commonly used shallow ‘interaction’- based behavior analysis. IDBA consists of three stages: intent encoding, intent analysis, and adaptive learning. Capturing intent enables IDBA to provide significantly higher levels of accuracy while detecting bots with advanced human-like interaction capabilities

Staying one step ahead, the Radware’s Attack Mitigation Technology also performs Unique device fingerprinting for each device, Dynamic Turing tests to uncover bot identity, IP tracking tests, User behavior analysis and Machine learning for efficient bot detection.

The technology is constantly refined by the data science team. Ensuring zero complacency towards bots impacting your business, Radware’s bot detection algorithm is tailored by our experts to suit your business and industry specific needs.

Forrester’s evaluation of the emerging bot management market, identified Radware Bot Manager (previously ShieldSquare) as one of the top three most comprehensive BOT management solution.

Key Features of Radware Bot Manager

* Ability to Handle Bot Traffic in Multiple Ways
* Transparent Reporting and Comprehensive Analytics
* Easy Integration
* No DNS Redirection
* Accuracy and Scalability