Bot Defense - Features

Description

Bot Defense is a Self service product available on your instance to protect your website from DDoS attack and botnet attack.

Features

This section is to list the actions that are available to the customer and how to request / perform them :

Self Service

Customer can perform action autonomously.

On Request

Customer can request the action to be done to cegedim.cloud support team.

FeaturesSelf ServiceOn RequestComments

Activate / Deactivate

Customer can activate or deactivate Bot Defense

Add / Delete IP address on whitelist

Customer can add or delete IP address on whitelist

Choose profile type

Customer can deploy a strict or standard profile

Choose mode

Customer can activate the Bot Defense in transparent or blocking mode

Modify the configuration

On request via a ticket

DDoS Protection

DDoS Protection determines if the DDoS attack is based on calculations for transaction rates on the client side (TPS-based) or on the latency on the server side (Stress-based).

TPS-based detection

TPS-based detection focuses protection on the client side to detect an attack right away, mostly by looking at the requests per seconds thresholds).

Stress-based detection

Stress-based detection focuses protection on the server side where attacks are detected when a server slowdown occurs. This protection provides more accurate DDoS detection based on latency and requests per second thresholds.

The product offers two levels of security from the Anti-DDoS part :

  • The standard profile, with a learning phase will define the detection thresholds.

TPS ThresholdMitigation

Auto-calculated threshold

First mitigation is a Captcha and if the captcha is not resolved, all attempt wil be blocked.

  • The strict profile doesn't need a learning phase and with more restrictive thresholds he will block a large number of attempts. It will also limit a large number of attempts from sensitive countries.

TPS ThresholdMitigation

200 TPS reached

Request Blocking with rate limiting

Bot Defense

Bots can be classify in many ways, mostly there are simple Bots, impersonating Bots or Bots acting as full browser.

Bot Defense helps identify and mitigate attacks by malicious Bots before they cause damage to the site.

Simple bot

Good bot

Impersonating bot

Acting as a full browser bot

Bot Defense offers two types of protection against DDoS or Bot attack:

  • The standard profile, based on a generic profile adapted to the majority of websites, with the least impact on the site concerned. DDoS attack detection thresholds, for example, are calculated automatically. Not recommended if DDoS attacks are in progress.

  • The strict profile, based on a more restrictive profile, which can be deployed quickly during an attack. Its finer settings are designed to block a larger number of requests. DDoS attack protection incorporates a geolocation mechanism which, in the event of an attack, blocks malicious requests based on the country of origin. This profile can lead to the appearance of false positives and therefore requires greater monitoring when it is implemented.

Also, following the Bot type during a DDoS attack, he will mitigate :

Bot typeMitigation

Malicious Bot

Block

Suspicious Browser

Block

Untrusted bot

Block

Security

Logs are secured in Splunk and managed in ITCare.

Log Management

On ITCare, there is a specific dashboard to get a visibility on your traffic.

Last updated