Staying Ahead of The Bots

Jaheer Abbas, Regional Director, SE Asia and ANZ, Limelight Networks

Jaheer Abbas, Regional Director, SE Asia and ANZ, Limelight Networks

Bots, short for robots, have officially overrun the Internet. More than half of website visits today come from bots, software applications or automated scripts that perform repetitive tasks that are too mundane or time-consuming for humans. While bots generate a large amount of internet traffic, more than half of all bots are malevolent – they infect and control vulnerable machines, steal data and commit fraud, among other violations.

According to the Singapore Cyber Landscape report by the Cyber Security Agency of Singapore, over 60 Command and Control (C&C) servers that control botnets, a collection of infected devices, were detected in 2016.

With more local businesses turning to e-commerce as a sales channel, they need to ensure that bad bots are stopped, and good bots are facilitated to sustain revenue-generating traffic.

Distinguishing the Bad, the Good and the Ugly

Web servers need protective measures that can distinguish a good bot from a bad bot. For example, servers might interact with a shopping bot unaware that it’s a fake and meant to steal customers’ credit card details and other personal information. If customers find out that their financial or personal information has been compromised, an online retailer could receive a substantial blow to its brand reputation.

What’s worse, bots mutate constantly as cybercriminals play a game of cat and mouse with security solution vendors. As soon as a security vendor detects one type of bad bot, hackers come up with new ways around that protection. Bots have become progressively more sophisticated to circumvent detection algorithms used to uncover them. A common example would be distributed denial of service (DDoS) attacks, where bots and botnets flood a website with requests that impact performance, even bringing the site down.

While bots generate a large amount of internet traffic, more than half of all bots are malevolent

On the other hand, good bots perform vital functions on the internet. It is thus not enough to block bad bots; cyber security solutions must also facilitate good bots, such as search engine bots that retrieve content and monitoring bots that monitor various performance metrics on websites.

Protect Web Applications from Bad Bots Without Impacting Performance

The good news? There are bot manager solutions that can easily keep sites securely up-and-running with a defence-in-depth strategy that stops bad bots and facilitates good bots. Most importantly, this helps ensure secure customer experiences, thereby resulting in the following benefits to brands:

• Protects brand reputation—Security breaches have a lasting impact on brand reputation, with more than 40 percent of consumers saying they will no longer make online transactions with a web site that has been previously breached. By strengthening web application security and protecting customer data from intrusion ultimately helps ensure that your brand’s reputation remains intact.

• Keep customers coming back for more—Consumers have higher engagement with web sites that offer faster performance. By blocking resource-draining bots and providing the fastest online experiences, user experience is improved, and they are then encouraged to continually interact with your brand.

• Defend against emerging security threats—Ongoing monitoring and tuning of bot management policies ensures an optimal security profile to protect web applications against new and emerging threats.

Once malicious bots find a vulnerable compute resource, they can infect that machine and report back to a host machine, like a C&C server on the internet. This system then uses the victim compute resource to carry out various automated tasks.

That’s not all. Once a bot has infected a host machine, it can steal personal and private information such as credit card details or bank credentials and send them back to the hacker. With this information, data thieves break into websites, even using content gleaned from web scraping to undercut prices and attract customers away from competitors.

These attacks can severely damage brand reputation and has happened to big brands such as LinkedIn that suffered an attack in 2016, compromising 400 million global users in the process.

Bot Management: Best Practices

In conclusion, businesses need to stay ahead of the bots and have the right bot manager tools in place to not only manage its traffic but have an optimal security profile to protect your web applications without impacting performance. A real-time dashboard, reporting, analytics and alerts notify your security personnel of any bot attacks, so they can quickly remediate the situation.