Bot Shield keeps bots from hijacking your assets.
CDNetworks Bot Shield platform (CDN integrated) keeps bots from hijacking your assets by strengthening web security and creating a better end-user experience by eliminating bad bots and redirecting good bots the way you want it. Bot Shield offers a real-time dashboard, reporting, analytics, and alerts to continuously provide you with insights into all web activities, ensuring the optimal security profile to protect your web applications without sacrificing performance.
Resources
Product Benefits
Strengthen security by identifying / eliminating bad bots
Fight fraud and abuse of digital assets by validating legitimate end-user behavior
Create better end-user experiences by prioritizing authorized traffic
Bot Shield Features
Attack Monitoring And Notification
- Comprehensive monitoring and alerting services.
- Real-time notifications via visualizations, email or SM
Device Fingerprinting Challenge
Identifies normal usage patterns for each web application based on legitimate user behavior analysis and provides customizable security postures for Bots that deviate from the standard usage behavior, activity or frequency.
Human Interaction Detection
Generates a hashed signature of both virtual and real browsers based on 50+ attributes. These proprietary signatures are then leveraged for real-time correlation to identify and block malicious bots.
Bot Traffic Shaping
Traffic control mechanism used to detect and delay traffic created by suspicious Bots, while also prioritizing and white listing authorized traffic. Flexibility to choose the right action for each event and take action against each threat type.
Bot Visibility
- User friendly charts of good and bad bots attacks and trends
- Sophisticated log and incident query tool to investigate bot attacks
Javascript Challenge
Sent to every client, attacker and real end-user. Legitimate browsers will pass the challenge without the user’s knowledge while Bots, which are typically not equipped with JavaScript, will fail and be blocked.
CAPTCHA
Challenge intended to differentiate between Bots and humans. Scripted Bots are unable to solve the Captcha and repeat the words and numbers used the way humans can. User behavior model based on behavioral analysis and with pre-designed scenarios such as mouse movement and keyboard typing.
Good Bot White Listing
Recognize and remember good Bots and allow them access. Controls access by multiple dimensions, such as IP address, URL, user-agent, HTTP request header and region to meet various scenarios.
Intelligent Bot Detection
Detects and recognizes accesses from normal users, benign bots and malicious bots through real-time big data analysis. Incorporates threat library, beneficial bot library, rate limiting and machine learning functionalities.
Customized Bot Policies
- Advanced rate limitations
- Limit access rates by user-ID, URI, IP addresses and more
- Choose action aggressiveness level for each threshold
Bot Shield Diagram
What is Bot Management?
Bot management is the practice of blocking or filtering malicious internet bot traffic while allowing useful bots to pass through. Useful bots can include those like Google crawlers which are in fact necessary to let through. Bot management involves detection of suspicious bot activity, figuring out which bots are exhibiting undesirable behavior that needs to be stopped and identifying the source of the bot.
How Does a Bot Manager Work?
Bot managers work by blocking malicious bots from hijacking your assets and thereby strengthening web security and the reliability of your mobile apps. They eliminate bad bots and redirect good bots the right way. As a result, the end-user experience is improved and your business protected from losses and reputation damage.
A bot manager comes in the form of a software product that accomplishes certain specific objectives. These include telling bots from human visitors, analyzing the bot’s behavior, reputation and origin IP addresses and IP reputation. Bot managers also enable you to add “good” bots to a list so that they can be allowed to do their job. For example, Google uses a bot to index a web page in order to rank them on Google search results. If these bots are not including the good bots list, it could affect your website’s ranking and organic traffic.
Bot managers could employ a variety of security solutions including machine learning algorithms and threat intelligence to assess bots, detect and block suspicious activity while allowing legitimate bots to operate uninterrupted.
For bots that are known and active, a static approach can help with detection. This involves static analysis tools that look for header information and web requests typical of bad bots.
A behavioral approach on the other hand can be used to distinguish between human users, good bots and bad bots by evaluating the activity and matching it against known patterns.
A third approach involves challenges or tests that bots cannot perform easily. This can include the popular CAPTCHA verification test, Javascript injection and other methods.
There are also bot mitigation services that can automate some of the above approaches. If you work with APIs, these services can also monitor your API traffic and implement rate-limiting to prevent API abuse. This rate-limiting helps restrict bots across a wide landscape instead of focusing on a single IP address.
What is a Bot
But what exactly is a bot in the first place? Put simply, a bot is a program that is tasked with performing some actions without the need for further human intervention. The idea is that bots can automate some routine and repetitive tasks that could take humans much longer to get done, and do so with no errors.
Bots can be programmed to do something as simple as fill out and submit forms, crawl a web page or download content. They can also be used to like, follow or interact with users on social media platforms. Examples of bots include the Google crawlers mentioned before, chatbots that automate responses to FAQs on websites.
Good Bots vs Bad Bots
Not all bots are equal or created with the same intentions. Some are created with a legitimate purpose while others are made solely to cause harm.
Good bots are those that assist humans with a service. These can include search engine crawlers, customer support chatbots that automate responses to FAQs and bots that help in monitoring performance of a website to alert owners and admins of anomalies. Any website that incorporates a bot must follow the rules outlined by Google in the robots.txt file.
Bots created specifically to misuse products, harm websites or interrupt services are bad bots. Some specific examples of bad bots include email harvesting bots that spam users to collect their email addresses, those that try to hack into user accounts and others that use up a website’s resource. Sometimes bots can be controlled remotely in a network called botnet, which can be used to launch cyber attacks like the DDoS threat.
A bot that performs a needed or helpful service can be considered “good.” Customer service chatbots, search engine crawlers, and performance monitoring bots are all examples of good bots. Good bots typically look for and abide by the rules outlined in a website’s robots.txt file.
Why is Bot Protection Important?
Without sound bot management solutions and strategies, your business can be susceptible to significant damage. These may come in the form of traffic overloads leading to web server downtime, denial of service to real users (DDoS attacks) and theft of personal information or user credentials. The bots can also be used for content scraping or defacing content on the website, stealing intellectual property or to launch phishing attacks, spam and other more dangerous cyber attacks.
