Over half of all internet traffic is generated by bots, both legitimate and malicious. The objectives of bad bots include account take over, web content scraping, data theft, and launching DDoS attacks with the intent of stealing data or causing service disruptions. Sophisticated, large scale attacks often go undetected by conventional mitigation strategies. At the same time, the internet would grind to a halt without the beneficial bots that power search engines and digital assistants. Leveraging proprietary, semisupervised machine learning capabilities, Limelight’s Bot Manager – Powered by Radware, allows precise bot management detects good bots from bad bots across web and mobile applications and application programming interfaces (APIs), combining behavioral modeling for granular intent analysis, collective bot intelligence and device fingerprinting.


Limelight’s Bot Manager uses multiple methods to decern good bots from bad bots. This ensures maximum availability and security of web infrastructure to sustain revenue generating web traffic, while managing legitimate bot traffic:

Full Coverage of OWASP Automated Threats

Protect from all forms of account takeover, denial of inventory, distributed denial of service (DDoS), card fraud and web scraping

Intent-Based Deep Behavioral Analysis (IDBA)

Identify the intent of bots with the highest precision through proprietary semisupervised machine learning models

Secure All Channels: Web, Mobile Apps, APIs

Defend against bots that target various digital assets – even sophisticated bots designed to hit multiple assets

Limelight Bot Manager provides protection from a wide variety of threats:

  • Account TakeoverCredential stuffing and brute force attacks are used to gain unauthorized access to customer accounts.

  • Web Content and Price Scraping—Use of bots to scrape content and steal price information from websites and illegally reproduce the stolen content on ghost websites.

  • Data Theft—Gaining access to personal data such as credit card numbers and SS numbers.

  • Digital Ad Fraud—Malicious bots create false impressions and generate illegitimate clicks on publishing sites and mobile apps.

  • Skewed Analytics—Automated traffic on web properties skews metrics and misleads decision-making.

  • Application DDoS Attacks—Degrade web applications by exhausting system resources, third-party APIs, inventory databases and other critical resources.

  • Gift Card Fraud—Use of bots to crack gift cards and identify valid coupon numbers and voucher codes.

  • Cart Abandonment and Inventory Exhaustion—Using bots to fill shopping carts with product inventory than abandoning them.

  • Form Spam—Bots that deluge online marketplaces and community forums with spam leads, comments and fake registrations.

API Protection From Malicious Bots

  • API Flow Control—Protect machine-to-machine and Internet of Things

  • Invocation Content—Protect web and mobile APIs

  • API Client SDK—Unique source identification to secure machine-to-machine communication

  • Authentication Flow—Protection for APIs from sources failing to log in


  • Ability to Handle Bot Traffic in Multiple Ways—Actions are customized based on bot signatures/types, e.g., feeding false pricing and product information to competitor’s bots. CAPTCHA is used for suspected bots, leveraging responses in a closed-loop feedback system to minimize false positives.

  • Transparent Reporting and Comprehensive Analytics—Granular classification and reporting of different types of bots, such as search engine crawlers and malicious bots, enable efficient traffic management. Limelight’s Bot Manager can be seamlessly integrated with leading analytics platforms, including Google and Adobe Analytics.

  • Accuracy and Scalability—Intent-based Deep Behavioral Analysis (IDBA) filters highly sophisticated humanlike bots without causing false positives. Website functionality and user experience remain intact. Bot Manager leverages cutting-edge technologies to maintain high scalability during peaks in network traffic.

  • Fully Managed Service—Bot Manager is also available as a security service integrated with the Cloud web application firewall (WAF) for complete 360° application protection.

  • Dedicated API Protection—Ability to control navigation flow and fingerprint M2M communications to avoid invoking APIs that are accessed or targeted by misbehaving bots.

  • Complete Application Security Suite—Includes a WAF, a bot manager, API security and DoS mitigation brought together to provide the most robust application protection