Bot Management Product Overview
By Netacea / 24th Oct 2018
Eliminate Malicious Bots, Enable Real Users
Over half of all web traffic is bots performing automated tasks; some good, some bad. However, most businesses do not know the composition of their web traffic, or what that traffic is doing on their websites.
It is essential to quickly and reliably ascertain if a visitor is human or if they are a malicious bot to mitigate any impending attack. However, this is becoming more difficult due to the significant rise in bot sophistication.
Over the past 5 years, Netacea customers have seen a significant rise in the number of account takeover attacks. The increased sophistication of these attacks enables them to bypass traditional bot management technologies. Static rules, threshold-based detection techniques are no longer enough to stem this, a radical new approach is needed.
Advanced Behavioural Machine Learning
Netacea Bot Management’s core detection and methodology is machine learning, behavioural analytics and anomaly detection to distinguish between real visitors and the automated traffic that threatens your web applications.
Once the machine learning understands your estate & risk criteria, the machine learning can start to understand the visitor flow in the background. This enables Netacea to provide a rich and detailed profile of who are the authentic versus the fake.
From the very outset, you train the machine learning to understand your critical paths, vulnerabilities, and top business priorities using a simple visual tool. The heavy processing needed to establish ‘normal behaviour’ versus ‘abnormal behaviour’ is all done out of line without affecting your site’s visitors in any way.
Extensible Implementation Options
Netacea’s implementation options have been designed to support all businesses no matter their size or current architecture. Customers can integrate into their existing infrastructure in one of 3 ways: Ultra Low Latency Reverse Proxy, Netacea Adaptive Threat Architecture or API Based Integration.
This implementation requires that Netacea is implemented in front of the origin site but behind any CDN/WAF/DDoS layers. The implementation is achieved by using a DNS/CNAME change. The CDN/WAF/DDoS layer is to be configured to use Netacea as its upstream endpoint and Netacea is configured to use the origin as its upstream endpoint.
Adaptive Threat Architecture
The Adaptive Threat Architecture (ATA) has been designed to be a technical integration at the CDN layer to address any customer concerns about automated traffic and because we are leveraging the power of edge computing we can significantly reduce latency that could be caused by using a bot management solution.
API Based Integration
The API implementation is a customer-centric design that allows Netacea to be implemented in a way that works best for the customer. The methodology is to explore the customer’s current architecture to understand what area(s) the solution could ingest logs to then analyse the data and to then provide recommendations. This implementation has been particularly popular with customers that wish for Netacea to provide threat intelligence on their web application traffic but not to mitigate.
Guided Machine Learning
Although you may not know which bots are hitting your web site, most businesses have very clear policies on how they want bot visitors to be handled once they know what the bot payload is. For example, if you knew bots were hitting your web site faking the behaviour of well-known search engines, but were in fact competitive scrapers, you probably will know what policies you want to put in place to deal with these fake search engines.
Once you set up the policies and key critical paths the machine learning then takes your input and builds up a custom threat score for your actual environment. Everything is then automatic and the setup for the original learning just takes a few minutes to complete. As we identify new bot threats, you can guide the machine learning at any time by adding your feedback into how you want to treat bots. You can get as granular as you like, or just accept the default settings from your custom configuration list.
- Fake Search Engine Bots
- Shopping Cart Abuse
- Account Takeover
Empower your business with control over sophisticated bot traffic. Start your free trial and access the Netacea Bot Management dashboard and test it on your live site.