Wednesday, September 22, 2021

Enterprise Bot Security is Essential Especially amid COVID-19

Andy Still

 

 

Blocking all bots is a bad idea, it’s far better to figure out who wants to do harm and keep them off your site, says Andy Still, CTO Netacea

 

 

ITSW Bureau: How important is the need for security against bad bot traffic? What role does Netacea play in this?

Businesses used to face attacks that would target their security measures, find weak points, and steal data from them. Today, the problem has shifted as it is not just their own security that businesses need to worry about but also about the security failings of others.

Data breaches are now so common that the criminals that steal usernames and passwords have a supply and demand problem—there’s so much of this data available that it’s incredibly cheap to buy. The buyers, in turn, need to use automated techniques to sift through the data and discover what passwords are reused and validated, and therefore have value.

This is where bots are used. They work through these huge lists of stolen credentials at speed to break into accounts, also known as a “credential stuffing attack”. There are marketplaces online, on the dark web but increasingly on the clear web, where you can pick up a Spotify, Netflix or even an Uber Eats account for just a few dollars.

Automation Anywhere Delivers Business Continuity with RPA Industry’s First Bot Security Program

Credential stuffing isn’t the only bot attack to look out for. “Sneakerbots” snap up exclusive, limited-edition goods such as sneakers, and automatically sell them at a markup on a third-party site. The bot operator makes an instant profit, the consumer misses out, and the brand can take a reputational hit as its loyal customers correctly assume something isn’t quite right. “Seat spinner” bots do something similar with airline seats, making flights appear to be sold out when in reality they are selling tickets on a third-party site at a markup. The result is the same—bot operators make easy money and consumers are ripped off and frustrated.

ITSW Bureau – What are some of the ways in which bots are taking advantage of the COVID-19 pandemic?

We’ve seen shifting tactics. Obviously airline tickets are not selling, so we’ve seen an uptick in bots used elsewhere, such as those targeting online retail and streaming services. The increase in streaming accounts signups due to lockdown has presented opportunities for bots. Anyone signing up using a smart TV is unlikely going to be tempted to use a strong unique password for their new streaming account—who wants to type a series of numbers and symbols with a remote control? This makes it far simpler for a bot to take over accounts, and as many of these accounts are multi-user, they can even be stolen without users being any the wiser.

There is also the problem that bots take up a great deal of bandwidth. With many services under strain from the sheer number of users—for example, the supermarkets and DIY stores that needed to implement queuing systems. The sheer amount of traffic created by bots, often over half the traffic on a given site, can overwhelm the site causing it to slow down and damage the experience for real consumers.

ITSW Bureau: What are some of the top factors that drive the botnet detection market?

It’s an arms race between the cybercriminals and the good guys—that’s us. We are constantly on the lookout for new techniques that are being used to disguise bot traffic. For example, some bots will test rate-limiting, designed to limit the amount of activity one visitor can perform on a site without being blocked. Once that limit is found, the bots will act just under that limit, so as to be as efficient as possible while avoiding detection.

COVID-19 – Majority of Enterprises to Increase Cyber Security Spending

Bots are increasingly sophisticated and are developed by talented people in organizations. One of the most commonly used bot mitigation techniques, the CAPTCHA, where a human has to perform a task such as selecting the right photos, is increasingly ineffective. This increasing sophistication has led Netacea to develop our Intent Analytics engine. We combine machine learning with data analysis and the vast experience held within our team, to ask a different question not “is this a bot?”, but “what is this visitor’s intent?” That way we can better target those bots by identifying malicious behavior. After all, not all bots are bad—some are used by search engines, others for price comparison sites. Blocking all bots is a bad idea, it’s far better to figure out who wants to do harm and keep them off your site.

Andy is a pioneer of digital performance for online systems. As Chief Technology Officer, he leads the technical direction for Netacea’s products, as well as providing consultancy and thought leadership to clients. Andy has authored several books on computing and web performance, application development, and non-human web traffic.

Latest news

Freshworks Announces Pricing of Initial Public Offering

Freshworks Inc., a leading software company empowering businesses to delight their customers and employees, today announced the pricing of its initial public offering of...

Comfy | Enlighted Launches Flexible Spaces 2.0 to Help Manage Hybrid Workplaces

Today, Comfy | Enlighted , the leading provider of smart and sustainable workspace solutions, has announced the launch of Flexible Spaces 2.0 . This enhanced application extends the functionality of...

ARDX Expands Partnership with the City of Norfolk: Digital Entrepreneur Ecosystem Hub is Now Live

ARDX is excited to announce StartGrowBiz.norfolk.gov is now live which is a new online tool designed, developed, and hosted  by ARDX on behalf of the City of...

Los Angeles Based Startup Offering a New Approach to Employee Well-Being Through Artificial Intelligence and Psychology Announces Its SEED Round

A new employee wellness technology startup based in Los Angeles, Three Good, announces its SEED round of funding this week. The employee well-being platform leverages...

Glassbeam Expands Clinsights 2.0 with Service Analytics Functionality Targeted for Radiology and Clinical Engineering Departments

Glassbeam, Inc., the premier machine data analytics company for the healthcare industry, announced the general availability of the Clinsights Service Analytics app, a revamped...

NerdRabbit Appoints Annelle Barnett as New Chief Executive Officer

NerdRabbit, the world's first AI-Powered, unbiased hiring platform that matches Cloud professionals with Cloud (h)opportunities, today announced the appointment of Annelle Barnett as Chief Executive Officer...

Related news

Freshworks Announces Pricing of Initial Public Offering

Freshworks Inc., a leading software company empowering businesses to delight their customers and employees, today announced the pricing of its initial public offering of...

Comfy | Enlighted Launches Flexible Spaces 2.0 to Help Manage Hybrid Workplaces

Today, Comfy | Enlighted , the leading provider of smart and sustainable workspace solutions, has announced the launch of Flexible Spaces 2.0 . This enhanced application extends the functionality of...

ARDX Expands Partnership with the City of Norfolk: Digital Entrepreneur Ecosystem Hub is Now Live

ARDX is excited to announce StartGrowBiz.norfolk.gov is now live which is a new online tool designed, developed, and hosted  by ARDX on behalf of the City of...

Los Angeles Based Startup Offering a New Approach to Employee Well-Being Through Artificial Intelligence and Psychology Announces Its SEED Round

A new employee wellness technology startup based in Los Angeles, Three Good, announces its SEED round of funding this week. The employee well-being platform leverages...

LEAVE A REPLY

Please enter your comment!
Please enter your name here