If you have an online business presence, then this will come as no surprise: bots are bad for business. In fact, 89 percent of all businesses have suffered some form of bot attack. And the current generation of bots are so highly sophisticated and skilled at evading bot detection that it has become difficult to distinguish them from genuine human traffic on a website.
In the beginning, early bots were used to execute simple HTTP requests to a small number of IP addresses — today, they are distributed across thousands of IP addresses and utilized in various malicious activities across the web.
Among other things, bad bots can be used to:
- Steal credentials
- Take over accounts
- Cause service downtime
- Create fake accounts to flood services
- Cause denial of inventory by holding items in shopping carts during inventory holding attacks
- Perform mass credit card and gift card fraud
- Scrape prices and content
And since these highly sophisticated bad bots have adopted human-like characteristics that can be carried out at different times from different locations, they now require an incredible amount of intelligence and analysis to detect them.
Bots have evolved over time
The hardest part about dealing with bots is keeping up with them. They are continuously being refined and adapted to defeat the security defenses put in place by organizations.
- First generation – Simple, command-line bots using basic automation to increase the load on the backend infrastructure of web apps. Detected through request and response patterns.
- Second generation – More complex bots that leverage headless browser frameworks like PhantomJS and botnets to distribute requests across a wider range of IP addresses. Detected through behavior-based detection and fingerprint by collecting signals and generating a bot score that can be used to decide whether to block the request or send a CAPTCHA.
- Third generation – Bots using full-fledged browsers and able to simulate extremely basic human browsing patterns, such as site navigation and request timing. Detected based on simple behavior-based interaction patterns and basic client-side detection.
- Fourth generation – Highly sophisticated bots that are distributed across thousands of different IP addresses and able to carry out advanced human interaction, such as random mouse clicks or random site navigation that fails to follow a fixed pattern. Traditional behavior-based detection will often result in generating a high number of false positives.
Basically, today’s fourth generation of bots now look exactly like human visitors — making requests across the site, changing their patterns of navigation, coming from ISP networks, and always running the latest browser code. And these new sophisticated bots are defeating traditional bot management solutions that are using behavior-based detection to identify automated traffic.
Your traditional bot management solution is being overwhelmed
Bot management solutions have become a must-have part of any enterprise security strategy, mostly in part to the rise of automated attacks. But in most cases, traditional or in-house bot management solutions fail because they are unable to keep pace with the continuous research and maintenance involved with keeping bad bots at bay. In addition, traditional bot management solutions use limited signals in the browser, which then requires additional back-end machine learning systems to inspect and decide whether they are bots.
Behavior-based detection is no longer sufficient to identify this new generation of bots — it must be combined with additional client-side, fact-based detection as well as global threat intelligence in order to stay on top of the constantly evolving threats posed by automated attacks.
Instart Bot Management leverages deep in-browser API interception to collect rich low-level facts about the endpoints making requests, actively interrogating the browser execution environment and looking at how the endpoint interacts with your web applications. As a result, Instart is able to easily identify when sophisticated automation is in use, enabling faster and more informed decisions about what action to take against potential bot threats.
*** This is a Security Bloggers Network syndicated blog from Instart blog RSS authored by Andy Wyatt. Read the original post at: https://www.instart.com/blog/bots-outsmarting-traditional-bot-management