Many of our customers are digitally transforming their legacy applications to deliver a more modern, feature-rich user experience for their customers, partners and employees. Such modernized applications are often microservices-based and run in containerized environments, leveraging APIs to connect to back-end systems hosted in public or private clouds, as well as within customer data centers.
Attackers often target these high-value APIs and public-facing applications for data exfiltration and application business logic abuse. To maximize their return on investment, attackers use common attack toolkits, stolen credentials and compromised infrastructure such as a Bulletproof Proxy to execute automated bot attacks against these applications. If you’re a financial services provider and have experienced a recent spike of account takeover fraud, or you’re an online retailer who believes your competitors are scraping your product pages, you might need an advanced bot defense solution.
At Cequence Security, we built CQ botDefense SaaS as a solution to address these types of automated attacks. Today, we are excited to announce the immediate availability of this service in the AWS Marketplace, where customers can rapidly integrate our advanced bot protection with their web, mobile and API-based applications.
CQ botDefense SaaS hosted on AWS and can be provisioned in minutes without needing any software to be deployed on premises, and it is compliant with PCI DSS 3.2 Level 2 for Service Providers. SOC II Level I certification will be available soon.
Let’s dig into some details now.
Discover all your public-facing web and API-based applications
The advantage of leveraging the CQAI multidimensional analysis (including network, user, client, and application) for bot detection is that it allows the product to discover all your public-facing applications instantly. Therefore, right out of the box, you can discover your complete attack surface of all public-facing web and API-based applications, along with the volumes of traffic received by each application endpoint.
Often, this visibility triggers action by our customers to address security blind spots or gaps. For example, a security engineer at one of our customers discovered a non-production API endpoint was inadvertently published without notifying the security team. As a result, the exposed API was quickly targeted by advanced bots to extract data.
Detect advanced bots using Machine Learning
The next step is to detect the types of advanced bots that are targeting your applications. CQ botDefense SaaS provides a rich, customizable dashboard that reveals the behavioral characteristics exhibited by each advanced bot – such as evidence of their evasive behavior, the use of known Bulletproof Proxy vendors or the use of stolen credentials. Unlike competitive products that merely offer a high-level classification as “legitimate traffic, good bots and bad bots”, CQ botDefense provides you with a detailed analysis of the attack characteristics observed.
For each application request, CQAI creates a unique behavioral fingerprint and a corresponding threat score based on the four pillars of detection:
- Tools used to generate the request (e.g., web or headless browsers, known, commercially available toolkits used by botnets).
- Infrastructure to distribute and anonymize the request (including IP Address, Organization and Country).
- Credentials contained in the request (to check whether they appear to be stolen credentials from a known data breach).
- Behavior exhibited by the client across multiple requests (analyzing beyond the context of a single request).
From the dashboard, you’ll find that unlike good bots (search engine bots, commercial crawlers and well-known aggregators), malicious bots try to evade detection and attempt to use stolen credentials or make repeated attempts using sophisticated toolkits to try and exfiltrate data.
Defend with policies to block (or deceive!) advanced bots
Every customer environment is unique in the sense that the types and frequency of advanced bots targeting their apps tend to vary with time and sophistication. Once you’ve identified the bots targeting your apps, it is time to set policies to block them. You can either block them with action-oriented policies or take a monitoring approach. This is done by simply adding a header to the requests Cequence identifies as advanced bots to enable further analysis downstream by your SIEM or SOAR system.
You can take action with blocking policies that reject the malicious bot requests, or you could rate-limit them. Alternatively, you could set a policy whereby CQ botDefense SaaS will send a response to the attackers that looks entirely legitimate, complete with header values and cookie values similar to what the product has learned from good traffic. This technique, called Honeytrap Deception, confuses the attacker, who gets the impression that they’ve successfully hit the application but instead is receiving entirely fake responses.
With CQ botDefense SaaS in production, our customers see nearly instant results. Attack traffic drastically drops in volume, saving application infrastructure resources. More importantly, the risks posed by these attacks on your data is minimized. To further reduce the threat risk, you can use the REST-based API to extract user accounts identified as under attack or compromised for additional analysis or remediation through an account password reset.
Next steps: get started with a free trial
The SaaS deployment model makes it easy to get started with CQ botDefense because you do not need any infrastructure or software deployed in your environment. Sound interesting? Request a 30-day, zero-cost trial, and we’ll spin up a SaaS tenant for you on AWS where you can integrate your applications quickly and see our award-winning technology in action.