Imagine a future with no bots. Can’t imagine right!
Bots have become a part of our daily lives. They can be good or bad but surely, can’t be ignored. These statistics say so.
Bot traffic accounts for 40% of the internet traffic. Bots are used for malicious purposes to carry out many attacks like credential stuffing attacks, web scraping, DDoS attacks, etc.
Botnet attacks increased by 23% from Q3 to Q4, 2021. Source – Comparitech
Russia witnessed a 124% increase in BOtnet C&C attacks from Q3 to Q4, 2021. Source – Comparitech
Botnet hijacked crypto transactions in India work ₹39 crores. Source – Hindu Newspaper
Bot management essentially boils down to differentiating a bot from a human. Once a request is differentiated, that is, if it is a human or bot, then, further heuristics can be applied to differentiate a bot into a good bot vs bad bot.
We are excited to announce that Indusface has released its enhanced module for Bot Protection in AppTrana. Read on to know more about these enhancements.
Enhanced Bot Protection with AppTrana
It’s all co(relative)
We always had policies to detect bots but what we realized was we could become more efficient and get different bot modules to work in correlation. Now, we are leveraging our big data architecture to build correlation around these policies. So now for every request, various modules of the bot would inspect these requests simultaneously and collectively decide if a request is made by a bot or human. And if made by a bot, whether it is a bad bot or not.
For every request, each module does these checks individually and if the check passes, it adds a risk score for the identity from which the request is generated (generally, the identity here is an IP address). Hence for every identity making a request to the website protected by AppTrana, a risk score is added. For all the identities, the risk score starts with zero and then based on the behavior of requests, various bot modules add risk scores which in turn determine if the identity is a malicious bot.
Advantages of having this enhanced bot protection, the AppTrana users get –
Better Bot Protection unlike any! – Not siloed, it’s all correlative protection against bots
More controls so customers can adjust how bot protection works
We have added the following new modules to enhance bot protection:
Allow Good Bots/ Block Good Bot Pretenders
Tor IP
User Agent Based Detection
Suspicious Countries
IP Reputation
Data Center IP
Let’s understand each module in detail:
Allow Good Bots/ Block Good Bot Pretenders
As the name suggests, good bots are allowed such as search engine bots, copyright bots, chatbots, site monitoring bots, commercial bots, feed bots, and personal assistant bots. And bots masquerading themselves as good bots are blocked.
Our Methodology –
A list of good bots is maintained, and the customers can decide to remove certain bots from the good bot list.
For every request, it is determined if the request is made from the good bot list and if the identity is actually a good bot or is pretending to be one, based on this we decide if a request should be blocked or allowed. If the identity is pretending, then the IP risk score will be increased such that it is blocked immediately.
Tor IP
What is a Tor IP?
It is free or open-source software that enables anonymous communication. It hides your IP address every time you send or request data online. Thus, threat actors hide behind these and use these to orchestrate their bot attacks.
Our Methodology –
We have collated a TOR IP database.
If the IP belongs to this TOR database and if the customer has chosen to block TOR IP, then, the IP identity is marked as the maximum risk score, else, we increase the risk score so that system knows that the identity is slightly suspicious. This does not immediately result in the blocking of the identity but now, if any further suspicious activity is performed by the identity, then, the score may be sufficiently increased to block it.
User Agent-Based Detection
What is a User Agent?
It is software that retrieves and presents web content. Examples of user agents are web browsers, media players, and plug-ins.
Our Methodology –
We have collated a comprehensive database of bad bots based on the user agents. Now, based on the UA of the requests, the risk scores are increased.
Suspicious Countries
Requests from certain countries can be deemed to be malicious. Now, AppTrana users can set the risk score for requests from countries and if the request comes from that particular country, then, the respective IP & cookie associated risk score will be increased, this won’t result in an immediate blocking of the request but will ensure that any further suspicious activities don’t go unnoticed
IP Reputation
As the name suggests, based on the reputation of malicious IPs, the risk score of the identity is increased
Data Center IP
We have collated a data center IP database and generally, the requests coming from the data center will be by bots (though they may be good bots or bad bots). So, for requests coming from the data center, risk scores are further increased.
Anomaly Behaviour Detection
This is the latest enhancement to our Bot Protection feature, called as Anomaly Behaviour Detection, in which, the risk scores from both the core and custom rules are now correlated with the above risk scores.
Now, with all these modules adding their own risk score, for an identity, the risk score continuously gets adjusted and when it goes above a threshold then the identity will be blocked. Customers get to adjust at what threshold bots should be blocked by configuring their sensitivity to bots in the AppTrana portal.