Web apps face evolving threats that include attacks from all types of automated bots. Bot automation continues to advance at an alarming pace, even outpacing most traditional detection and blocking technologies. A new approach is needed to accurately detect and block the most sophisticated automation seen today. Instart’s client-side, fact-based approach to detection and blocking provides a number of advantages over the complex server-side anomaly-based analysis approaches used by other vendors.
Instart is the only vendor that provides a single platform that protects against origin infrastructure attacks and the latest wave of sophisticated automated attacks from bots that accurately mimic real human visitor behavior.
The rise of more sophisticated bot detection
Bots on the web first became a problem about a decade ago. Simple command line bots were becoming more automated, increasing the load on backend infrastructure for most web apps. In addition, bots were becoming more sophisticated, with the ability to execute complex, automated brute force account takeover attacks.
Automation for this first generation of bots meant they were able to run a simple computer program to make HTTP requests. These programs required few resources and were simple to code.
In response to early bot attacks, web security vendors expanded their web application security offerings to detect and block bots. At the time, this only consisted of vendors expanding their backend pattern-based detection to help them identify and block this new type of attack. First-generation bad bots were fairly easy to detect — request and response patterns were used to determine which visitors were legitimate and which were bots.
Automated traffic had a higher volume of requests, generally sent HTTP headers that differed from regular human browsers, and tended to come from the same small set of IPs that could be added to a blacklist and blocked. It was easy to create and maintain pattern detection policies that effectively prevented bots from reaching a website while still allowing real human visitors access.
The need for anomaly-based detection
Similar to the security vendors that evolved their offerings in response to this new threat, the cybercriminals engineering bot attacks also began to create more sophisticated attacks in order to evade the detection approaches being employed by existing security solutions. To avoid detection, bot operators improved their tactics by:
- Employing botnets to distribute requests across a wider set of IP addresses to avoid easy detection.
- Matching HTTP headers to current browsers so requests appeared to be legitimate.
In reaction, bot mitigation vendors once again had to further invest in server-side architectures and develop complex anomaly-based detection systems that were able to collect a wider variety of signals, such as website navigation behavior, time of day, GeoIP location, and the rate of requests for all traffic.
Bot writers continued to look for ways to subvert detection and and get around CAPTCHAs. As part of this, they started making use of full browsers to make requests and subverting client-side detection approaches. This was aided by easier to use headless browser automation frameworks based on PhantomJS and Selenium.
Despite these advancements, the anomaly-based approaches developed by bot mitigation vendors were able to detect many of the bots by looking at access patterns, the source of requests (data centers), and basic client-side detection.
New highly sophisticated bots pose a new challenge for web security
The current generation of bots are becoming so highly sophisticated that it has become difficult to distinguish them from genuine human traffic on a website. Attackers now leverage distributed botnets that exploit millions of real devices, instead of datacenter server. They also employ headless browser automation frameworks, session replay, and intelligently modified navigation patterns to evade detection.
In other words, bots now look exactly like a human visitor — and traditional bot security solutions that use anomaly-based detection are no longer effective for detecting automated traffic.
Fact-based detection is the most effective way to stop malicious bots
Unlike other bot mitigation solutions, Instart has chosen to combine anomaly-based detection with client-side, fact-based detection. Leveraging deep in-browser API interception, Instart Bot Management collects rich low-level facts about the endpoints making requests. By actively interrogating the browser execution environment and looking at how the endpoint interacts with your web applications, Instart is able to easily identify when even the most sophisticated automation is in use.
The result is unparalleled mitigation of bot attacks — Instart makes better and faster decisions about blocking, monitoring, or serving alternative content to this latest generation of bots.
How Instart compares to other bot management solutions
|Fact-based bot detection|
|Instart||Other bot solutions|
|Instart uses a unique client/cloud architecture that collects signals at runtime in the browser that enable us to accurately identify bots without having to guess.||Other bot management solutions collect limited signals in the browser and require back-end machine learning systems to guess whether a visitor is a bot, creating false positives and allowing sophisticated human-looking bots through.|
|Complete web security|
|Instart||Other bot solutions|
|Instart’s unified platform provides complete security that prevents traditional web infrastructure attacks while protecting against new threats in the end users’ browsers and sophisticated bot attacks.||Other bot management solutions only offer point solutions that leave gaps in coverage and require combining multiple solutions with different administrative and support experiences.|
|Instart||Other bot solutions|
|Instart provides a complete set of analytics and controls via UI and API that allow administrators to create both simple and complex rules using a visual rule builder with access to both client- and cloud-based criteria, plus a rich set of RBAC, data export, and compliance capabilities required for the modern enterprise.||Other bot management solutions only offer basic analytics and control while lacking specific enterprise capabilities.|
*** This is a Security Bloggers Network syndicated blog from Instart blog RSS authored by Andy Wyatt. Read the original post at: https://instartstage.wpengine.com/blog/better-than-other-bot-management-solutions