- Human Defense Platform
Modern application security needs to address a range of multifaceted threats, including proliferating bot attacks. Here’s what a good strategy looks like—and why it’s critical.
Content delivery networks (CDNs) protect business and user data by distributing web application content across a network of servers in various geographic locations. This offers users two benefits. By distributing traffic, users can access website information stored on servers that are closer to them, which speeds up user experience. And as a security measure, caching application data on remote networks protects businesses’ network servers from potential distributed denial-of-service (DDoS) attacks, which employ botnets to overwhelm websites with fake traffic. These botnets can either cripple a website and make it inaccessible to legitimate users, or they can be used as a smokescreen as cybercriminals mount a parallel attack to breach security.
Web application firewalls (WAFs) create a barrier between an application and the internet, blocking traffic from suspicious IP addresses. WAFs can be configured to allow only pre-approved traffic, block known malicious actors, restrict IPs from specific countries, or block IP addresses that are sending an unusual number of requests.
In the past, the two technologies above were effective at protecting applications from attack, but fraudsters and cybercriminals now use networks of sophisticated bots that can outsmart traditional application security defenses. According to ESG, 86 percent of security professionals now believe that most bots can bypass simple security measures like WAFs. And these bots, explains Ann Johnson, Corporate Vice President of Security, Compliance, & Identity (SCI) Business Development at Microsoft and a member of HUMAN’s Board of Directors, are an ever-growing percentage of total web traffic.
“I think people think that there is a low percentage of network traffic that is actually bot,” Johnson says. “But it is actually closer to 40 percent.”
The evolving nature of security threats suggests a need for newer and more sophisticated application security tools.
The Open Web Application Security Project (OWASP) framework lists 21 known bot outcomes from cyberattacks. These are three common botnet strategies.
Once cyberattackers have access to an account, they can use in-application features to scrape content and manipulate data, often in ways that are invisible to users and website operators. Attackers may dispatch a command across a pool of infected botnet desktop and mobile devices to scrape application content, like customer data. Information stolen from a website can be used by criminals in several ways. It is often sold in criminal marketplaces, used to trick unsuspecting customers, fed into copycat applications, or targeted to directly damage your business operations.
HUMAN Bot Defender uses the Human Verification Engine to sift through 2,500 client-side signals that indicate real human activity. This information is then sent to HUMAN for processing.
HUMAN employs a real-time decision engine that uses machine learning to identify whether users display human or non-human behaviors. HUMAN’s tools verify 15 trillion interactions per week, and it can harness that scale of visibility—as well as a decade of historical data—to deliver ever-improving, adaptable, and mutually reinforcing recognition precision and protection. These tools identify non-human actors with industry leading accuracy.
Once BotGuard’s decision engine has determined whether a user represents a threat, it deploys a real-time recommendation to block or allow the user. Application operators can also customize mitigation to automatically mitigate non-human activity.
HUMAN’s real time monitoring system updates the BotGuard dashboard within minutes, allowing application managers to identify invalid traffic and threat categories.
HUMAN Bot Defender uses technical evidence, machine learning, and continuous adaptation to improve its detection tools. HUMAN also employs a proactive approach to detection. Its Satori Threat Intelligence and Research Team investigates and takes down multiple large-scale attack networks each year. The team can then use information gathered during these investigations to reinforce Bot Defender's detection techniques. This ensures that clients are equipped with an application security system that can not only keep up with, but stay ahead of the ever-evolving ingenuity of cybercriminals.