Data Sheet

Bot Management Product Overview

By Netacea / 24th Oct 2018

Bot Management Product Overview

Eliminate Malicious Bots, Enable Real Users

Over half of all web traffic is bots performing automated tasks; some good, some bad. However, most businesses do not know the composition of their web traffic, or what that traffic is doing on their websites, and that’s those without a bot management product.

It is essential to quickly and reliably ascertain if a visitor is human or if they are a malicious bot to mitigate any impending attack. However, this is becoming more difficult due to the significant rise in bot sophistication.

Over the past 5 years, Netacea customers have seen a significant rise in the number of account takeover attacks. The increased sophistication of these attacks enables them to bypass the traditional bot management product and the technology it holds. Static rules, threshold-based detection techniques are no longer enough to stem this, a radical new approach is needed.

Netacea bot management product overview

Advanced Behavioural Machine Learning

Netacea Bot Management’s core detection and methodology is machine learning, behavioural analytics and anomaly detection to distinguish between real visitors and the automated traffic that threatens your web applications.

Once the machine learning understands your estate & risk criteria, machine learning can start to understand the visitor flow in the background. This enables Netacea to provide a rich and detailed profile of who is authentic versus the fake.

From the very outset, you train the machine learning to understand your critical paths, vulnerabilities, and top business priorities using a simple visual tool. The heavy processing needed to establish ‘normal behaviour’ versus ‘abnormal behaviour’ is all done out of line without affecting your site’s visitors in any way.

Netacea risk dashboard profile

Extensible Implementation Options

Netacea’s implementation options have been designed to support all businesses no matter their size or current architecture. Customers can integrate into their existing infrastructure in one of 3 ways: Ultra-Low Latency Reverse Proxy, Netacea Adaptive Threat Architecture or API Based Integration.

Reverse Proxy

This implementation requires that Netacea is implemented in front of the original site but behind any CDN/WAF/DDoS layers. The implementation is achieved by using a DNS/CNAME change. The CDN/WAF/DDoS layer is to be configured to use Netacea as its upstream endpoint and Netacea is configured to use the origin as its upstream endpoint.

Adaptive Threat Architecture

The Adaptive Threat Architecture (ATA) has been designed to be a technical integration at the CDN layer to address any customer concerns about automated traffic and because we are leveraging the power of edge computing we can significantly reduce the latency that could be caused by using a bot management solution.

API Based Integration

The API implementation is a customer-centric design that allows Netacea to be implemented in a way that works best for the customer. The methodology is to explore the customer’s current architecture to understand what area(s) the solution could ingest logs to then analyse the data and to then provide recommendations. This implementation has been particularly popular with customers that wish for Netacea to provide threat intelligence on their web application traffic but not to mitigate.

Guided Machine Learning

Although you may not know which bots are hitting your web site, most businesses have very clear policies on how they want bot visitors to be handled once they know what the bot payload is. For example, if you knew bots were hitting your web site faking the behaviour of well-known search engines but were, in fact, competitive scrapers, you probably will know what policies you want to put in place to deal with these fake search engines.

Once you set up the policies and key critical paths the machine learning then takes your input and builds up a custom threat score for your actual environment. Everything is then automatic and the setup for the original learning just takes a few minutes to complete. As we identify new bot threats, you can guide the machine learning at any time by adding your feedback into how you want to treat bots. You can get as granular as you like, or just accept the default settings from your custom configuration list.

Classifications include:

  • Fake Search Engine Bots
  • Scrapers
  • Shopping Cart Abuse
  • Account Takeover

Empower your business with control over sophisticated bot traffic. Start your free trial and access the Netacea Bot Management product dashboard and test it on your live site.