
The Latest Radware News
Product and Solution Information, Press Releases, Announcements
A Healthy Bot Management Strategy | |
Posted: Wed Oct 02, 2019 09:42:30 AM | |
On the surface, bot detection seems simple: You want to accurately detect bad bots with a low rate of false positives (to avoid blocking legitimate human users and good bots) and a low rate of false negatives (to ensure that you’re detecting ALL bad bots). Go below the surface though, and the challenges of detection become much more complex. There’s a good reason why analyst firm Forrester has cited attack detection as one of the major selection considerations for bot management solutions. The quality of detection determines the quality of the solution. And as attacking bots become ever more sophisticated, detection becomes ever more challenging. First, Detection To illustrate these points, consider the example of a bot attack aimed at cracking passwords. A bot management solution could apply several methodologies to detect the attack by:
A more sophisticated detection will correlate activity over time across IPs, device fingerprints, mobile device attributes and sensors, as well as other attributes, to provide comprehensive analysis for accurate attack source detection. Then, Mitigation Here’s an overview of the basic functionality you need to mitigate — or manage — bots:
To correlate across those multiple attack attempts, you need a device fingerprint to gather IP-agnostic information. Even if the same attack source uses a dictionary of the 1,000 most common passwords and keeps switching IP addresses, you need the ability to identify the behavior and the context over multiple sessions. To do so requires you to embed device fingerprint JavaScript into the secured application or into the application responses. In other words, there is a need to modify the response if JavaScript is not embedded into the application. Finally, while device fingerprinting is effective in a web environment, a mobile device that may not execute JavaScript requires a different approach. In that case, you need a collection of mobile device sensor data for source identification. By integrating the application with a mobile software development kit (SDK), you can enable access to mobile device sensor data. |