Enhanced Bot Protection with AppTrana
July 20, 2022
Imagine a future with no bots. Can’t imagine right!
Bots have become a part of our daily lives. They can be good or bad but surely, can’t be ignored. These statistics say so.
- Bot traffic accounts for 40% of the internet traffic. Bots are used for malicious purposes to carry out many attacks like credential stuffing attacks, web scraping, DDoS attacks, etc.
- Botnet attacks increased by 23% from Q3 to Q4, 2021. Source – Comparitech
- Russia witnessed a 124% increase in BOtnet C&C attacks from Q3 to Q4, 2021. Source – Comparitech
- Botnet hijacked crypto transactions in India work ₹39 crores. Source – Hindu Newspaper
Bot management essentially boils down to differentiating a bot from a human. Once a request is differentiated, that is, if it is a human or bot, then, further heuristics can be applied to differentiate a bot into a good bot vs bad bot.
We are excited to announce that Indusface has released its enhanced module for Bot Protection in AppTrana. Read on to know more about these enhancements.
Enhanced Bot Protection with AppTrana
It’s all co(relative)
We always had policies to detect bots but what we realized was we could become more efficient and get different bot modules to work in correlation. Now, we are leveraging our big data architecture to build correlation around these policies. So now for every request, various modules of the bot would inspect these requests simultaneously and collectively decide if a request is made by a bot or human. And if made by a bot, whether it is a bad bot or not.
For every request, each module does these checks individually and if the check passes, it adds a risk score for the identity from which the request is generated (generally, the identity here is an IP address). Hence for every identity making a request to the website protected by AppTrana, a risk score is added. For all the identities, the risk score starts with zero and then based on the behavior of requests, various bot modules add risk scores which in turn determine if the identity is a malicious bot.
Advantages of having this enhanced bot protection, the AppTrana users get –
- Better Bot Protection unlike any! – Not siloed, it’s all correlative protection against bots
- More controls so customers can adjust how bot protection works
- Better visibility into Bot Detection and Blocking
We have added the following new modules to enhance bot protection:
- Allow Good Bots/ Block Good Bot Pretenders
- Tor IP
- User Agent Based Detection
- Suspicious Countries
- IP Reputation
- Data Center IP
Let’s understand each module in detail:
Allow Good Bots/ Block Good Bot Pretenders
- As the name suggests, good bots are allowed such as search engine bots, copyright bots, chatbots, site monitoring bots, commercial bots, feed bots, and personal assistant bots. And bots masquerading themselves as good bots are blocked.
- Our Methodology –
- A list of good bots is maintained, and the customers can decide to remove certain bots from the good bot list.
- For every request, it is determined if the request is made from the good bot list and if the identity is actually a good bot or is pretending to be one, based on this we decide if a request should be blocked or allowed. If the identity is pretending, then the IP risk score will be increased such that it is blocked immediately.
Tor IP
- What is a Tor IP?
- It is free or open-source software that enables anonymous communication. It hides your IP address every time you send or request data online. Thus, threat actors hide behind these and use these to orchestrate their bot attacks.
- Our Methodology –
- We have collated a TOR IP database.
- If the IP belongs to this TOR database and if the customer has chosen to block TOR IP, then, the IP identity is marked as the maximum risk score, else, we increase the risk score so that system knows that the identity is slightly suspicious. This does not immediately result in the blocking of the identity but now, if any further suspicious activity is performed by the identity, then, the score may be sufficiently increased to block it.
User Agent-Based Detection
- What is a User Agent?
- It is software that retrieves and presents web content. Examples of user agents are web browsers, media players, and plug-ins.
- Our Methodology –
- We have collated a comprehensive database of bad bots based on the user agents. Now, based on the UA of the requests, the risk scores are increased.
Suspicious Countries
- Requests from certain countries can be deemed to be malicious. Now, AppTrana users can set the risk score for requests from countries and if the request comes from that particular country, then, the respective IP & cookie associated risk score will be increased, this won’t result in an immediate blocking of the request but will ensure that any further suspicious activities don’t go unnoticed
IP Reputation
- As the name suggests, based on the reputation of malicious IPs, the risk score of the identity is increased
Data Center IP
- We have collated a data center IP database and generally, the requests coming from the data center will be by bots (though they may be good bots or bad bots). So, for requests coming from the data center, risk scores are further increased.
Anomaly Behaviour Detection
- This is the latest enhancement to our Bot Protection feature, called as Anomaly Behaviour Detection, in which, the risk scores from both the core and custom rules are now correlated with the above risk scores.
Now, with all these modules adding their own risk score, for an identity, the risk score continuously gets adjusted and when it goes above a threshold then the identity will be blocked. Customers get to adjust at what threshold bots should be blocked by configuring their sensitivity to bots in the AppTrana portal.
Start a free trial to get Bot protection with AppTrana.
Stay tuned for more relevant and interesting security articles. Follow Indusface on Facebook, Twitter, and LinkedIn.
