Introducing Bot Defense SaaS

January 28, 2020
Bot Defense SaaS

Many of our customers are digitally transforming their legacy applications to deliver a more modern, feature-rich user experience for their customers, partners and employees. Such modernized applications are often microservices-based and run in containerized environments, leveraging APIs to connect to back-end systems hosted in public or private clouds, as well as within customer data centers.

Attackers often target these high-value APIs and public-facing applications for data exfiltration and application business logic abuse. To maximize their return on investment, attackers use common attack toolkits, stolen credentials and compromised infrastructure such as a Bulletproof Proxy to execute automated bot attacks against these applications. If you’re a financial services provider and have experienced a recent spike of account takeover fraud, or you’re an online retailer who believes your competitors are scraping your product pages, you might need an advanced bot defense solution.

At Cequence Security, we built Bot Defense SaaS as a solution to address these types of automated attacks. Today, we are excited to announce the immediate availability of this service in the AWS Marketplace, where customers can rapidly integrate our advanced bot protection with their web, mobile and API-based applications.

Bot Defense SaaS integrates easily with any CDN, including Amazon CloudFront, to receive network traffic flowing to and from your applications. If you do not use a CDN, the product can integrate with your application as a sidecar proxy. And, that’s pretty much it. Unlike competitive offerings, there is no need for JavaScript instrumentation for your web apps, or need for SDKs to be integrated into your mobile apps. Eliminating the penalties associated with JavaScript or SDK integration to collect attack telemetry is one of our key differentiators.

At the heart of Bot Defense SaaS is CQAI, our patented technology for detecting and blocking malicious bots based on the behavior exhibited in their communication with the application. To maintain high efficacy, CQAI uses Machine Learning to constantly learn your application’s behavior and offers a combination of out-of-the-box and customizable rules to tune the system. Eliminating the JavaScript or SDK requirement means not having to deal with slow webpage loading times or backward compatibility issues with SDKs. For our customers, this translates into considerable time and cost savings, while maintaining a high efficacy in blocking advanced bots.

Bot Defense SaaS hosted on AWS and can be provisioned in minutes without needing any software to be deployed on-premises, and it is compliant with PCI DSS 3.2 Level 2 for Service Providers.  SOC II Level I certification will be available soon.

Let’s dig into some details now.

Discover all your public-facing web and API-based applications

The advantage of leveraging the CQAI multidimensional analysis (including network, user, client, and application) for bot detection is that it allows the product to discover all your public-facing applications instantly. Therefore, right out of the box, you can discover your complete attack surface of all public-facing web and API-based applications, along with the volumes of traffic received by each application endpoint.

Discover screen - Bot Defense SaaS

Often, this visibility triggers action by our customers to address security blind spots or gaps. For example, a security engineer at one of our customers discovered a non-production API endpoint was inadvertently published without notifying the security team. As a result, the exposed API was quickly targeted by advanced bots to extract data.

 

Detect advanced bots using Machine Learning

The next step is to detect the types of advanced bots that are targeting your applications. Bot Defense SaaS provides a rich, customizable dashboard that reveals the behavioral characteristics exhibited by each advanced bot – such as evidence of their evasive behavior, the use of known Bulletproof Proxy vendors or the use of stolen credentials. Unlike competitive products that merely offer a high-level classification as “legitimate traffic, good bots and bad bots”, Bot Defense provides you with a detailed analysis of the attack characteristics observed.

For each application request, CQAI creates a unique behavioral fingerprint and a corresponding threat score based on the four pillars of detection:

  1. Tools used to generate the request (e.g., web or headless browsers, known, commercially available toolkits used by botnets).
  2. Infrastructure to distribute and anonymize the request (including IP Address, Organization and Country).
  3. Credentials contained in the request (to check whether they appear to be stolen credentials from a known data breach).
  4. Behavior exhibited by the client across multiple requests (analyzing beyond the context of a single request).

Alert Triggers screen - Bot Defense SaaS

From the dashboard, you’ll find that unlike good bots (search engine bots, commercial crawlers and well-known aggregators), malicious bots try to evade detection and attempt to use stolen credentials or make repeated attempts using sophisticated toolkits to try and exfiltrate data.

Defend with policies to block (or deceive!) advanced bots

Every customer environment is unique in the sense that the types and frequency of advanced bots targeting their apps tend to vary with time and sophistication. Once you’ve identified the bots targeting your apps, it is time to set policies to block them. You can either block them with action-oriented policies or take a monitoring approach. This is done by simply adding a header to the requests Cequence identifies as advanced bots to enable
further analysis downstream by your SIEM or SOAR system.

You can take action with blocking policies that reject the malicious bot requests, or you could rate-limit them. Alternatively, you could set a policy whereby Bot Defense SaaS will send a response to the attackers that looks entirely legitimate, complete with header values and cookie values similar to what the product has learned from good traffic. This technique, called Honeytrap Deception, confuses the attacker, who gets the impression that they’ve successfully hit the application but instead is receiving entirely fake responses.

Bot traffic graph - Bot Defense SaaS

With Bot Defense SaaS in production, our customers see nearly instant results. Attack traffic drastically drops in volume, saving application infrastructure resources. More importantly, the risks posed by these attacks on your data is minimized. To further reduce the threat risk, you can use the REST-based API to extract user accounts identified as under attack or compromised for additional analysis or remediation through an account password reset.

Next steps: get started with a free trial

The SaaS deployment model makes it easy to get started with Bot Defense because you do not need any infrastructure or software deployed in your environment. Sound interesting? Request
a 30-day, zero-cost trial
, and we’ll spin up a SaaS tenant for you on AWS where you can integrate your applications quickly and see our award-winning technology in action.

Learn more:

Tags

Bot Defense SaaS

About the Author

Subbu Iyer

Subbu Iyer

Vice President of Product Management

Resources

Browse our library of datasheets, research reports, blogs, and archived webinars to learn more about our Application Security Platform.

27 March 2020

Bulletproof Proxies: The Evolving Cybercriminal Infrastructure

Read Now
29 March 2020

Zoosk: Preventing ATOs and Romance Fraud

Read Now

Subscribe to our blog