CDSA

Akamai Highlights the Importance of Bot Detection and Having a Bot Strategy

Having an effective, actionable bot management plan with the right tools that can detect, identify and defend against the most sophisticated bots are crucial for organizations because the cost of bots to businesses and IT departments can be huge, according to Akamai Technologies.

Identification plus categorization plus action is the correct formula to get results from a bot management plan, Rob Yates, Akamai senior solutions engineer, said Sept. 29 during the webinar “The Math Behind Bot Management – A Virtual Workshop.”

We are facing an evolving bot landscape in which bots tend to “get pretty smart, pretty quick” and attackers tend to pivot once blocked and stage a multichannel attack against an organization, he explained. Bots also tend to defy easy categorization, he said.

A Bot Horror Story

Yates told the story of a large bot attack against a large bank. The attack ramped up over the course of two months and grew to represent 93% of all traffic for that bank, he recalled. There were more than 170 million bot login attempts over a week (nearly 1 million an hour) in that case, he said.

It started on a desktop website and pivoted to the mobile web also, then to the bank’s native application and then to specialized application programming interfaces (APIs), he noted.

“These attacks caused considerable pain for the bank,” he said, pointing out the bank’s system couldn’t handle all the volume and “customers weren’t able to access data” while the attack was going on. It cost the bank $3-$4 for each call to the call center also, he said.

The bank saw an increase in the number of compromised attacks and there were a huge number of bad customer experiences in which many customers had to reset their passwords after being locked out even if they didn’t attempt to log in, he recalled.

The attacks hurt the company’s backend mainframe and it cost over $1 million to deal with it over the course of 30 days to deal with the attacks, he noted.

There was also an indirect impact of the bot attack because the attack was sustained over the course of several months – “nearly a year” actually – in which attackers would pivot within hours of a countermeasure being implemented, he recalled. The IT team could no longer focus on improving their application also, he said, noting Akamai worked with the bank to combat the attack.

Tips to Topple Bad Bots

Building a strategy to manage bots includes identifying what bots should be interacting with your various channels because, after all, not all bots are necessarily bad, Yates said. Then, define what each trusted bot should be able to do and when within your channels, he noted.

Organizations should manage bots based on their specific impact on your organization, he also said. For example, an online media company should prevent content aggregators from diverting visitors, he noted.

When dealing with login/credential abuse, serving incorrect usernames and passwords to fraudsters is a solution, while when dealing with bots causing performance issues, a good idea is to serve alternate origins to the bots. It may also make sense to slow bot traffic from partners during business hours, he said.

Organizations should then identify the rest of the unknown bots it’s dealing with and apply policies to manage them, he said.

During the Q&A, he was asked how to tell if a suspicious visitor is a bot vs. just a bunch of people at one IP address. He responded: “Are you human or not is ultimately the question that’s being asked and then what’s our confidence level of this.”

If there is a human driving an attack, Akamai’s Bot Manager will not catch that because it doesn’t deal with human fraud, he conceded.

However, “Akamai has tools that are in development that [are] actually going to work not just kind of at the device level” but what “we’re moving towards is a capability of profiling based on the identity itself” and metadata connected to the person logging in, he said.