AppTrana employs the following techniques to identify a bot and its intent:
Correlated Risk-Scoring
All the newly added modules (Allow Good Bots/ Block Good Bot Pretenders, Tor IP, User Agent Based Detection, Suspicious Countries, IP Reputation, and Data Center IP) add their respective risk scores for an identity (generally an IP address), the risk score continuously gets adjusted and correlated to block the identity when it goes above a threshold
Fingerprinting
AppTrana captures various internet properties to uniquely identify and categorize bots. Based on the categorization of bots, different mitigation & protection techniques are employed
Behavior Anomaly Detection
The behaviors of requests are tracked and abnormalities to regular behavior are immediately identified using various models and blocked. These models are self-learning and adjust to application normal variance automatically.
Workflow Validation
Bots can be identified through workflow validation rules. Workflows can be defined as what validates normal user behavior. Bots generally do not follow these workflows and can be easily identified with such well-defined workflow rules written by security experts that work closely with customers
Need of Managed Bot Mitigation
No one technique can be used in isolation to identify bots, all the above techniques are used in conjunction, and a confidence score is derived for each request based on which further actions are employed. Protection levels are constantly monitored and fine-tuned by security experts periodically. In case of complex attacks, security experts working as an extended security team of customers build unique policies to mitigate such attacks
