How to Evaluate Bot Management Solutions

E BOOK

Introduction

Why a Dedicated Bot Management Solution is Essential for Enterprises

Evaluation Criteria

Capability to Detect Large-scale Distributed Human-like Bots

A Bot Detection Engine That Continuously Adapts to Beat Fraudsters and Outsmart Competitors

Bot Management Features

Impact on User Experience — Latency, Accuracy, and Scalability

Extensibility and Flexibility

Infrastructural Modifications, Traffic Re-routing, and Availability

Flexible Deployment Options

Is it a Fully Managed and Self-reliant Service?

Building Vs. Buying a Specialized Solution

Data Security, Privacy, and Compliance Factors

Conclusion

About Radware

Contents02

03

04

05

06

07

08

09

10

11

12

13

14

15

16

Bad bots constitute one of the gravest threats to websites, mobile applications, and APIs owned by businesses such as digital publishing, e-commerce, travel, classifieds portals, social media networks, and others. Bots directly cause a range of business problems such as Account Takeover, Application DDoS, API Abuse, Scraping, Form Spam, Skewed Analytics, and Ad Fraud. Bot traffic also leads to poor user experience from website slowdowns and outages, non-availability of inventory, breaches of personal data, damage to brand reputation and customer loyalty, as well as loss of revenue.

Introduction

How to Evaluate Bot Management Solutions 02

Existing security solutions such as Web Application Firewalls (WAFs) and rate-limiting systems cannot detect and block sophisticated bots that carry out ‘low and slow’ attacks and constantly evolve to evade defense systems. Building and maintaining an adaptive advanced bot mitigation solution in-house is resource-intensive and beyond the capabilities of all but the largest enterprises. Leading analyst organizations such as Forrester Research and Gartner are increasingly focussing on the need for bot management for enterprises, putting the onus on security specialists to choose the best solution to fit their business needs.

Being a nascent industry, there exist few resources to help enterprises evaluate bot mitigation solutions, and even less of a consensus as to what features and capabilities security specialists should look for when auditioning or selecting a solution. This e-book intends to provide security specialists with an overview of key solution capabilities to help them with their evaluation.

Why a Dedicated Bot Management Solution is Essential for Enterprises

03How to Evaluate Bot Management Solutions

Evaluation Criteria

04

Addressing an automated threat requires more than a software package. It demands a deep analysis of bots’ approach and their intent. According to Forrester Research’s ‘New Wave — Bot Management, Q3 2018’ report, “Attack Detection, Attack Response, And Threat Research Are the biggest differentiators. Bot management tools differ greatly in their detection methods; many have very limited — if any — automated response capabilities. Bot management tools must determine the intent of automated traffic in real time to distinguish between good bots and bad bots.”

When selecting a bot mitigation solution, enterprises must evaluate several important and differentiating criteria to best fit their unique needs, which we have listed below:

How to Evaluate Bot Management Solutions

When selecting a bot mitigation solution, businesses should try to understand the underlying technique used to identify and manage sophisticated attacks such as large-scale distributed botnet attacks and ‘low and slow’ attacks that attempt to evade security countermeasures.

Traditional defenses fall short of necessary detection features to counter such attacks. WAFs and rate-limiting systems that are often bundled or sold along with CDNs are incapable of detecting sophisticated bots that mimic human behavior.

The rise of highly sophisticated human-like bots in recent years, therefore, requires advanced techniques in detection and response.

Selection and evaluation criteria must examine the various methodologies the vendor’s solution uses to detect bots, e.g., device and browser fingerprinting, intent and behavior analysis, collective bot intelligence, threat research, as well as other foundational techniques.

Capability to Detect Large-scale Distributed Human-like Bots

05How to Evaluate Bot Management Solutions

A Bot Detection Engine That Continuously Adapts to Beat Fraudsters and Outsmart Competitors

How advanced is the solution’s bot detection technology? Does it use unique device and browser fingerprinting, along with intent analysis (machine-learning detection models that ascertain every visitor ’s intent provide significantly higher accuracy compared to simple interaction-based behavior analysis), user behavioral analysis, collective bot intelligence (i.e. ‘wisdom of the crowd’), dynamic Turing tests, etc.

How deep and effective is the fingerprinting and user behavioral modeling? Does the solution collect hundreds of parameters from users’ browsers and devices to uniquely identify them and analyze the behavior?

How does the solution match the deception capabilities of sophisticated bots? Ask for examples of sophisticated attacks that the solution was able to detect and block.

06How to Evaluate Bot Management Solutions

Bot Management Features

Organizations should evaluate the range of possible response actions — such as blocking, limiting, the ability to outwit competitors by serving fake data, and the ability to take custom actions based on bot signatures and type.

The flexibility to take different mitigation approaches on various sections and sub-domains of a website.

The ability to integrate with only a certain subset of pages in a website.

A ‘monitor mode’ with no impact on web traffic to provide evaluators insights into the solution’s capabilities during the trial before activating real-time active blocking mode.

Can the solution be integrated with popular analytics dashboards such as Adobe or Google Analytics to provide reports on non-human traffic?

07How to Evaluate Bot Management Solutions

Impact on User Experience — Latency, Accuracy, and Scalability

Website and application latency causes poor user experience. Bot mitigation should have a negligible effect on latency.

Accuracy of bot detection is important — the solution must detect not only bad bots but also enhance the user experience and allow authorized bots from search engines and partners.

Maintaining a consistent user experience on sites such as B2C e-commerce portals can be difficult during peak hours. The solution should be scalable to handle spikes in traffic.

The solution should keep false positives to minimal levels to ensure that user experience is not impacted — real users should never have to solve a CAPTCHA or prove that they’re not a bot.

A sophisticated bot detection engine should have deep learning and self-optimizing capabilities to identify and block constantly-evolving bots that alter their characteristics to evade detection by basic security systems.

08How to Evaluate Bot Management Solutions

Extensibility and Flexibility

Does the solution protect all your online assets including your website, mobile apps, and APIs?

Bots do not limit themselves to websites alone, hence protecting APIs and mobile apps is crucial, as is interoperability with systems belonging to your business partners and vital third-party APIs.

09How to Evaluate Bot Management Solutions

Infrastructural Modifications, Traffic Re-routing, and Availability

A bot mitigation solution should provide easy and seamless deployability without infrastructure changes or the risk of re-routing traffic from your CDN and/or DNS.

A solution provider should ideally have multiple, globally-distributed points of presence to maximize system availability, minimize latency, and overcome any Internet congestion issues.

10How to Evaluate Bot Management Solutions

Flexible Deployment Options

Bot mitigation solutions should be easy to deploy and operate with existing infrastructure such as CDNs, WAFs, as well as various technology stacks and application servers.

Look for solutions that have a range of integration options such as web server/ CDN/ CMS plugins, SDKs for Java, PHP, .Net, Python, ColdFusion, Node.js, etc., as well as via JavaScript tags and virtual appliances.

A solution with a non-intrusive API-based integration capability is key to ensuring minimal impact on your web properties.

11How to Evaluate Bot Management Solutions

Is it a Fully Managed and Self-reliant Service?

Does the solution require a specialized team to manage it, or does it operate autonomously after initial setup?

Webpage requests can number in the millions per minute for popular sites, and data processing for bot detection needs to be in real-time. This makes manual intervention impossible — even adding suspected IP address ranges is useless in countering bots that cycle through vast numbers of addresses to evade detection.

Bot mitigation engines equipped with advanced technologies such as machine learning help in automating their management capabilities to significantly reduce the time and workforce needed to manage bots.

Automated responses to threats and a system that does not require manual intervention considerably reduces the total cost of ownership.

12How to Evaluate Bot Management Solutions

Building Vs. Buying a Specialized Solution

Giant companies such as Amazon Inc. have the resources to develop their own in-house bot management solutions, but most firms do not have such resources.

Building an adaptive and sophisticated bot mitigation solution that can counter constantly-evolving bots takes years of specialized development and tremendous resources.

Capex vs. Opex: Financially, it makes business sense to minimize capex and purchase cloud-based bot mitigation solutions on a subscription basis. This can help enterprises realize the value of a bot management without making a large one-time investment.

13How to Evaluate Bot Management Solutions

Data Security, Privacy, and Compliance Factors

A solution should ensure that traffic does not leave your network — or in case it does, data should be in an encrypted and hashed format to maximize privacy and compliance.

Ensure that the bot mitigation solution is compliant with GDPR regulations pertaining to data at rest and data in transit to avoid personal data breaches and the risk of financial and legal penalties.

14How to Evaluate Bot Management Solutions

Conclusion

15

This primer on how to evaluate bot mitigation solutions outlines the key capabilities and features we consider essential in an enterprise-grade bot management solution. Businesses that are already using a WAF or CDN can consider an add-on bot management solution from their WAF or CDN vendor, or choose a dedicated bot management solution after evaluating its capabilities against the criteria mentioned above.

Regardless of the size of your organization, the escalating intensity of global bot traffic and the increasing severity of their overall impact mean that bot management solutions are crucial to ensure business continuity and success. Several solutions are available, ranging from cloud-based, on-premise, and hybrid systems, on a monthly subscription and with pricing models that are based on your traffic. Free trials offered by most vendors provide a way to test various solutions and determine their effectiveness and suitability to your business needs before making a selection.

Thank you for reading this e-book. We welcome your questions and comments at info@shieldsquare.com.

How to Evaluate Bot Management Solutions

16

About RadwareRadware® (NASDAQ: RDWR), a leading provider of cyber security and application delivery solutions, acquired ShieldSquare in March 2019.

Radware® (NASDAQ: RDWR) is a global leader of cybersecurity and application delivery solutions for physical, cloud and software-defined data centers. Its award-winning solutions portfolio secures the digital experience by providing infrastructure, application and corporate IT protection and availability services to enterprises globally. Radware’s solutions empower more than 12,500 enterprise and carrier customers worldwide to adapt quickly to market challenges, maintain business continuity and achieve maximum productivity while keeping costs down. For more information, please visit www.radware.com

Radware encourages you to join our community and follow us on: Radware Blog, LinkedIn, Facebook, Twitter, SlideShare, YouTube, Radware Connect app for iPhone® and our security center DDoSWarriors.com that provides a comprehensive analysis of DDoS attack tools, trends and threats.

Disclaimer

This document is provided for information purposes only. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law. Radware specifically disclaims any liability with respect to this document and no contractual obligations are formed either directly or indirectly by this document. The technologies, functionalities, services or processes described herein are subject to change without notice.

© 2019 Radware Ltd. All rights reserved. The Radware products and solutions mentioned in this document are protected by trademarks, patents and pending patent applications of Radware in the U.S. and other countries. For more details, please see: https://www.radware.com/LegalNotice/. All other trademarks and names are property of their respective owners.

www.radware.com www.shieldsquare.com