Bot Defense
Description
Bot Defense protects your Internet Applications from automated attacks by identifying and mitigating malicious bots. Also, it protects your website and your back, with our DDoS protection that automatically detects and mitigates DDoS attacks.
Bots are automated software programs that are designed to perform relatively simple, repetitive things over the internet.
A key characteristic is that the bot can perform this task at a much faster speed than a human ever could, and it can do so 24/7 with no need for breaks or rest.
There are both good and bad bots. A good bot is typically owned by a legitimate, well-known company (i.e. Google or Facebook), it won’t hide its identity as a bot, and it will follow the rules and policies of your website’s robots.txt file. A bad bot, on the other hand, might try to disguise itself as a human, leading to all sorts of problems. The product offers two levels of security against Bot et DDoS attacks:
The standard profile, with a learning phase will define the detection thresholds.
The strict profile doesn't need a learning phase and with more restrictive thresholds, will block a large number of attempts. It will also limit a large number of attempts from sensitive countries.
You can also choose between 2 modes for each profile: transparent or blocking. Activating your profile in transparent mode will give you an overview of requests deemed illegitimate. However, this will have no impact on your traffic, as the logs are displayed for information only. It will enable you to make an initial analysis of the logs and spot any false positives (allow 24 hours for this analysis). You can then adjust your Bot Defense by adding legitimate IPs to the whitelist before switching to blocking mode.
We recommend that you select the transparent mode when activating Bot Defense (when no attack is in progress), to avoid any unwanted blocking.
Bot Defense Service
Today’s bad bots are extremely sophisticated, and a visit from these bots is now very hard to distinguish from real humans.
These bad bots are not only behaving like a legitimate human visitor would, but can also use fingerprints/signatures that are typical of human users like a legitimate IP address, a consistent browser header and OS data, and other seemingly legitimate information.
Based on how good a bad bot is at copying human behaviors, we can differentiate these bad bots into four different groups:
Simple bots: these bots access the site using automated scripts (not pretending to use a browser), and typically will only access the website from a single IP address (that is ISP-assigned). As a result, these bots are very easy to detect with today’s anti-bot solutions.
Moderate-level bots: these bots typically make use of headless browsers (virtual software that simulates browsers) to make them look like legitimate visitors using real browsers.
Sophisticated bots: can imitate simple human behaviors like nonlinear mouse movements, random clicks, and so on. They also use headless browsers and/or browser automation software to fool the bot management solution.
Advanced bots: these bots combine all the different technologies to imitate human behaviors, forge their User Agents (UAs), and rotate through vast numbers of IP addresses.
To manage bot activities, the bot defense use the following technique :
Challenging the bot: we can challenge the bot with a CAPTCHA or with invisible tests like suddenly asking the client to move the mouse cursor in a certain way, which is going to be very difficult to solve by a bot.
Throttling/rate-limiting: allowing the bot to access the site, but slowing down its bandwidth allocation to make its operation much less efficient. The hope is that the operator will give up due to the very slow speed.
You can configure whitelists of sources IP to consider safe so that the system does not need to validate them. This speeds up access time to the web site.
Once Bot Defense is enabled and configured, you can view and filter traffic and transaction statistics with the Bot Defense Dashboard in ITCare Console to see which users are malicious and how they’re being mitigated.
Billing
Monthly cost per public IP available through your Service Delivery Manager.
Demo
Last updated