Bot Defense - Features
Description
Bot Defense is a Self service product available on your instance to protect your website from DDoS attack and botnet attack.
Features
This section is to list the actions that are available to the customer and how to request / perform them :
Self Service | Customer can perform action autonomously. |
On Request | Customer can request the action to be done to cegedim.cloud support team. |
| Features | Self Service | On Request | Comments |
|---|---|---|---|
Activate / Deactivate | Customer can activate or deactivate Bot Defense | ||
Add / Delete IP address on whitelist | Customer can add or delete IP address on whitelist | ||
Choose profile type | Customer can deploy a strict or standard profile | ||
Choose mode | Customer can activate the Bot Defense in transparent or blocking mode | ||
Modify the configuration | On request via a ticket |
DDoS Protection
DDoS Protection determines if the DDoS attack is based on calculations for transaction rates on the client side (TPS-based) or on the latency on the server side (Stress-based).
TPS-based detection
TPS-based detection focuses protection on the client side to detect an attack right away, mostly by looking at the requests per seconds thresholds).
Stress-based detection
Stress-based detection focuses protection on the server side where attacks are detected when a server slowdown occurs. This protection provides more accurate DDoS detection based on latency and requests per second thresholds.
The product offers two levels of security from the Anti-DDoS part :
The standard profile, with a learning phase will define the detection thresholds.
| TPS Threshold | Mitigation |
|---|---|
Auto-calculated threshold | First mitigation is a Captcha and if the captcha is not resolved, all attempt wil be blocked. |
The strict profile doesn't need a learning phase and with more restrictive thresholds he will block a large number of attempts. It will also limit a large number of attempts from sensitive countries.
| TPS Threshold | Mitigation |
|---|---|
200 TPS reached | Request Blocking with rate limiting |
Bot Defense
Bots can be classify in many ways, mostly there are simple Bots, impersonating Bots or Bots acting as full browser.
Bot Defense helps identify and mitigate attacks by malicious Bots before they cause damage to the site.
Simple bot
Good bot
Impersonating bot
Acting as a full browser bot
Bot Defense offers two types of protection against DDoS or Bot attack:
The standard profile, based on a generic profile adapted to the majority of websites, with the least impact on the site concerned. DDoS attack detection thresholds, for example, are calculated automatically. Not recommended if DDoS attacks are in progress.
The strict profile, based on a more restrictive profile, which can be deployed quickly during an attack. Its finer settings are designed to block a larger number of requests. DDoS attack protection incorporates a geolocation mechanism which, in the event of an attack, blocks malicious requests based on the country of origin. This profile can lead to the appearance of false positives and therefore requires greater monitoring when it is implemented.
Also, following the Bot type during a DDoS attack, he will mitigate :
| Bot type | Mitigation |
|---|---|
Malicious Bot | Block |
Suspicious Browser | Block |
Untrusted bot | Block |
Security
Logs are secured in Splunk and managed in ITCare.
Log Management
On ITCare, there is a specific dashboard to get a visibility on your traffic.
Last updated
