Over half of all internet traffic is generated by bots, both legitimate and malicious. The objectives of bad bots include account take over, web content scraping, data theft, and launching DDoS attacks with the intent of stealing data or causing service disruptions. Sophisticated, large scale attacks often go undetected by conventional mitigation strategies. At the same time, the internet would grind to a halt without the beneﬁcial bots that power search engines and digital assistants.
Bots are ubiquitous. Today’s hackers use bots to launch pre-attack scans, post comment spam, exploit vulnerabilities, and execute code injection attacks, denial of service attacks, and password guessing (Credential Stuffing) hacks against your web facing properties. These bots commit fraud by repetitively making and canceling purchases, holding and/or consuming inventory, scraping sites, stealing information, and a host of other unwanted activities. Malicious bots also cause application outages that impact your customers’ experience, resulting in commercial losses.
To effectively control the damages caused by the bot epidemic, organizations are faced with the challenge of staying ahead of threat actors and their malicious bots. Conversely, legitimate bot traffic is a necessary part of the Internet. Organizations want to detect and allow good bot traffic, while managing the amount, the time-of-day, and the traffic priority. Having the ability to eliminate malicious bot traffic while managing legitimate bot traffic is critical to maintaining uptime.
Limelight’s Bot Manager uses proprietary semi-supervised machine learning capabilities for precise bot management across all channels, combining behavioral modeling for intent analysis, collective bot intelligence and device ﬁngerprinting. This ensures maximum availability and security of web infrastructure to sustain revenue generating web traffic, while managing legitimate bot traffic. Limelight Bot Manager provides protection from a wide variety of threats:
Credential stuffing and brute force attacks are used to gain unauthorized access to customer accounts.
Use of bots to scrape content and steal price information from websites and illegally reproduce the stolen content on ghost websites.
Gaining access to personal data such as credit card numbers and SS numbers.
Malicious bots create false impressions and generate illegitimate clicks on publishing sites and mobile apps.
Automated traffic on web properties skews metrics and misleads decision-making.
With the intent of stealing data or causing service disruptions.
Use of bots to crack gift cards and identify valid coupon numbers and voucher codes.
Using bots to ﬁll shopping carts with product inventory than abandoning them.
Bots that deluge online marketplaces and community forums with spam leads, comments and fake registrations.
Because bots are automated scripts, bot protection starts by determining whether a connection request is coming from a human or machine. A series of challenges is presented to separate good bots from potentially malicious bots.
Captures visitor device parameters to create a unique ﬁngerprint, then classiﬁes every visitor as human, good bot, or bad bot based on ﬁngerprint tracking.
Identiﬁes normal usage patterns and behaviors for each web application based on legitimate user/ visitor behavior analysis, and checks for anomalies in mouse movement and keystrokes.
Headless browsers have many malicious uses – scraping web sites for data, perform DDoS attacks, increase ad impressions, credential stuffing, etc.
Detecting and blocking these human-like bots requires behavioral analysis using correlation of activity over time across IP addresses, device ﬁngerprints, mobile device attributes, and intent signatures.
Control access based on IP addresses.
Actions are customized based on bot signatures/types, e.g., feeding false pricing and product information to competitor’s bots. CAPTCHA is used for suspected bots, leveraging responses in a closed- loop feedback system to minimize false positives.
Granular classiﬁcation and reporting of different types of bots, such as search engine crawlers and malicious bots, enable efficient traffic management. Limelight’s Bot Manager can be seamlessly integrated with leading analytics platforms, including Google and Adobe Analytics.
Using an API-based approach to protect web assets, the solution doesn’t require DNS redirection, thus allowing complete control over web applications, mobile apps and APIs.
Intent-based Deep Behavioral Analysis (IDBA) ﬁlters highly sophisticated humanlike bots without causing false positives. Website functionality and user experience remain intact. Bot Manager leverages cutting-edge technologies to maintain high scalability during peaks in network traffic.
Defend against bots that target various digital assets, even sophisticated bots designed to attack multiple assets.
Protect from all forms of account takeover, denial of inventory, DDoS card fraud and web scraping.
Detect and block highly sophisticated human-like bots in realtime using APIs or out-of-path mode, all with no impact to the technology stack.