What are effective anti-bot solutions?

While there may be many different approaches, here are some important points for businesses to consider when evaluating robotics solutions.

By now, many security and fraud professionals have recognized the risks bots pose to online applications and business in general. In a previous article, I discussed and summarized some of these risks to help security and fraud teams understand the need to articulate bot threats to executives and boards in their own language. In fact, this type of communication has become increasingly common, leading to a heightened awareness of the robot problem.

As awareness of the bot problem increases, it’s no surprise that more marketing materials are available for business buyers. Whatever risks security and fraud teams worry about, they need a way to cut through the marketing rhetoric in order to properly evaluate bot solutions. How can enterprise buyers objectively evaluate robotics solutions? How do they assess who can actually deliver on their promises, which approaches are effective in their environment, and which vendors can stay ahead of the evolving threat landscape?

While there may be many different approaches here, I have highlighted a few things that I think are important for businesses to consider when evaluating robotics solutions:

• R&D: Many bot management vendors collect telemetry data. However, how different vendors handle this data has a huge impact on the efficacy of their solutions. Continuously analyzing, profiling, and investigating telemetry data is necessary for a bot management solution to be effective. Questions that need to be asked on an ongoing basis include: What does the data tell us? What is proper data collection? How can we reliably and accurately differentiate between human and machine traffic? Successful R&D also includes identifying gaps in telemetry data and understanding what additional telemetry data needs to be collected to make the solution most effective.
• Machine Learning: Machine learning is an important part of detecting and understanding which traffic comes from humans and which traffic comes from bots. Many vendors tout the power of their machine learning capabilities and models. Of course, good models are important, and many top manufacturers do have good models. So, what separates the most effective bot management solutions from the rest? The secret is in the data – the better the data that goes into the model, the more accurate and reliable the model’s predictions will be. Even the most powerful machine learning models cannot accurately differentiate between human and automated traffic without receiving the appropriate data as input.
• Verification: In my years on the operations side, there have been more than a few instances where a vendor has insisted that we turn on their latest and greatest detection rules and/or signatures. Not surprisingly, in many cases this results in a lot of false positives and noise clogging the work queue. In one instance, a large number of false positives even caused the SIEM to crash. The best bot management providers thoroughly test and validate their rules before publishing them. For these vendors, bombarding customers with a flood of false positives after an update would be seen as a huge failure.
• Obfuscation: It is essential to obfuscate the Javascript of your bot management solution to prevent attackers from discovering it. I'm often surprised at how many vendors don't do this, making it easier for attackers to know they're accessing a page using a bot management solution. An attacker could then easily bypass the solution - for example, an attacker could simply modify the page, remove the Javascript that manages the bot solution, and continue their attack as if there was no solution at all. Obfuscation is not a one-and-done process—it is an iterative process. Proper obfuscation that protects against attacker workarounds requires researching attackers, reverse engineering their strategies, techniques, and procedures, and continually releasing new and modified obfuscations.
• Advanced Analysis: Last but not least, incorporating learning into your bot management solution can greatly increase efficiency. Unfortunately, many vendors develop and sell solutions that address a certain level of complexity. However, they do not continue to study attackers' retooling tools, incorporate learnings into their solutions, and improve their products. This results in bot management solutions sometimes being effective for weeks until attackers realize their target has implemented a bot management solution. At that point, attackers often regroup and bot management solutions become completely ineffective if the solution cannot handle the increased level of complexity.

When it comes to bot management solutions, iterative solutions reign supreme. Vendors that research attackers and continually feed that knowledge back into solutions are more effective than those that don't. Likewise, vendors that work hard to collect the best and correct data, review rules, and ensure their solutions are protected from attacker tampering do better than those that don’t. These points and others are important for businesses to keep in mind when evaluating bot management solutions.

The above is the detailed content of What are effective anti-bot solutions?. For more information, please follow other related articles on the PHP Chinese website!