Bot Defense - Features
Last updated
English
Last updated
Bot Defense is a Self service product available on your instance to protect your website from DDoS attack and botnet attack.
This section is to list the actions that are available to the customer and how to request / perform them :
Self Service
Customer can perform action autonomously.
On Request
Customer can request the action to be done to cegedim.cloud support team.
Activate / Deactivate
Customer can activate or deactivate Bot Defense
Add / Delete IP address on whitelist
Customer can add or delete IP address on whitelist
Choose profile type
Customer can deploy a strict or standard profile
Choose mode
Customer can activate the Bot Defense in transparent or blocking mode
Modify the configuration
On request via a ticket
DDoS Protection determines if the DDoS attack is based on calculations for transaction rates on the client side (TPS-based) or on the latency on the server side (Stress-based).
TPS-based detection focuses protection on the client side to detect an attack right away, mostly by looking at the requests per seconds thresholds).
Stress-based detection focuses protection on the server side where attacks are detected when a server slowdown occurs. This protection provides more accurate DDoS detection based on latency and requests per second thresholds.
The product offers two levels of security from the Anti-DDoS part :
The standard profile, with a learning phase will define the detection thresholds.
Auto-calculated threshold
First mitigation is a Captcha and if the captcha is not resolved, all attempt wil be blocked.
The strict profile doesn't need a learning phase and with more restrictive thresholds he will block a large number of attempts. It will also limit a large number of attempts from sensitive countries.
200 TPS reached
Request Blocking with rate limiting
Bots can be classify in many ways, mostly there are simple Bots, impersonating Bots or Bots acting as full browser.
Bot Defense helps identify and mitigate attacks by malicious Bots before they cause damage to the site.
Bot Defense offers two types of protection against DDoS or Bot attack:
The standard profile, based on a generic profile adapted to the majority of websites, with the least impact on the site concerned. DDoS attack detection thresholds, for example, are calculated automatically. Not recommended if DDoS attacks are in progress.
The strict profile, based on a more restrictive profile, which can be deployed quickly during an attack. Its finer settings are designed to block a larger number of requests. DDoS attack protection incorporates a geolocation mechanism which, in the event of an attack, blocks malicious requests based on the country of origin. This profile can lead to the appearance of false positives and therefore requires greater monitoring when it is implemented.
Also, following the Bot type during a DDoS attack, he will mitigate :
Malicious Bot
Block
Suspicious Browser
Block
Untrusted bot
Block
Logs are secured in Splunk and managed in ITCare.
On ITCare, there is a specific dashboard to get a visibility on your traffic.