Learn how customers are leveraging security automation to accelerate bot attack response time and improve their API security posture. In effect, customers can fight fire with fire by using automation to block (automated) bot attacks like account takeover, shopping bots and loan fraud.
Every IT security professional I know, or meet is overworked. This is not just people just saying they are busy for the sake of it. This is real – late nights, weekends, holidays on call – working. Validating what I am hearing is data from the 2022 (ISC)2 Cybersecurity Workforce Study, which states that there are 3.5M unfilled IT security jobs. This equates to roughly 41% of the 8.1M available positions. No wonder all my friends and our customers are overworked.
To make matters worse, many of the daily tasks are manual and repetitive, introducing unreasonable delays, injecting errors into the process and reducing an organizations competitive stature. Research shows that tedious, repetitive tasks within an organization can drive employees away, and for your business that can mean you aren’t getting the return on investment you expect for the smart people you hire. Enter automation – a process historically proven to improve productivity by minimizing human interaction required to accomplish a given task.
Automation was a key topic during a recent business trip where I had a chance to speak with a couple of dozen CISOs. They resoundingly said that one of their top 2023 business initiatives was automation, specifically security automation. Why? Because they want to focus their staff on more interesting, challenging things that cannot be or are not yet automated. To get to this point though, you first need to get rid of the tedious, mundane, multi-step tasks that are burning their time. The opportunity for automation is significant. Any process done manually, and on a regular basis is low hanging fruit with other, less frequently but also manual processes an additional longer-term opportunity.
Threat actors have long used automation by scripting attacks – both large and small – with shopping bots the most well-known example. Your daughter did not lose her chance to see Taylor Swift because her friend was faster at hitting the buy button. She lost because she was competing with millions of bots operating at computer speed.
API Security Automation Enables Successful Hype Sales
API security automation plays a key role for our customers in successfully detecting and mitigating automated bot attacks on their APIs. Obvious examples are hype sales or drops where much-anticipated products are brought to market. During the pandemic, hype sales extended to toilet paper but more often than not today they gaming consoles, concert tickets, and shoes. With success measured not only in sales and revenue, but end-customer satisfaction, it becomes critical for the offering organization to leverage automation to create an environment where the bots don’t win.
As an example, prior to deploying the Cequence Unified API Protection (UAP) solution, one of our retail customers would need to manually scale their platform by 400% for each sale event. During the event, it was all hands on deck to maintain system operations while their platform was pummeled by bots. This manual effort placed significant limitations on how frequently they could execute their hype sales, resulting in revenue expectation and vendor relationship challenges.
Once the UAP was deployed, our CQ Prime Threat Research team worked closely with the customer to map out the hype sale process and identify simple ways to get rid of the bots. The steps were then automated to where the customer is now able to execute a hype sale at any time of the day, without needing to manually pre-scale or call for all hands on deck. They simply load some information about the hype sale into a system, this triggers alerts that a drop is happening and automation scales the UAP solution accordingly. During the hype sale, automation is used to monitor the malicious traffic, making real-time adjustments to mitigation responses based on bot behavior. Even if the bots change IP addresses, API paths, user agents and so on, the UAP sorts through the noise by automatically adjusting policies to drop unwanted traffic. The customer is able to launch new products to market while the UAP ensures the bots are mitigated and humans can purchase the items they want.
Automating API Security to Fight Loan Fraud
One of our financial services customers regularly handles a large number of fraudulent loan applications. Prior to deploying the Cequence UAP, the loan application legitimacy was determined manually, overwhelming the fraud team during promotional events. Today, all digital loan applications are analyzed by the Cequence UAP, with potentially fraudulent loans tagged for analysis by their fraud analysis platform and if needed, manual review. This process reduces the need to review every loan document and frees up reviewers for loan applications that are actually fraudulent. This is automation augmenting a manual review to reduce errors.
API Security Automation Instantly Mitigates Account Takeovers
Many of our customers enjoy the automatic protection our Confidence-based mitigation provides. ML analysis by CQAI determines the likelihood (Confidence) that traffic is malicious and policies are implemented to mitigate the traffic automatically, eliminating any manual traffic analysis. Additional signals and criteria can be layered in to build detailed policies that will drop malicious traffic. One of our retailers had an Account Take Over campaign hit their login flows and our systems picked it up automatically based on rates of failed login attempts, overall login attempts and an understanding that usernames should only come from a certain number of IPs. When combined, each transaction was rated and confidence scores applied. Confidence based policies are great for a number of transaction types and often result in an attack campaign writer getting frustrated with retooling attempts not working.
These are just a few examples of the way in which security automation helps customers do more with less in the battle against malicious (automated) bots. Security teams are less involved in the mundane, repetitive tasks and are now able to chase down the real problems. If your goals for 2023 include creating or implementing automation keep these key steps in mind.
- You need to have a manual process that can be integrated into technology.
- You need to understand the metrics that you would like to improve.
It’s possible that you already have mechanisms in place to trigger automation and you just need a partner that will complete the story.
Never miss an update!