ATO prevention for mobile applications requires SDK integration, which means an increased burden on the development team for third-party app validation, added QA test cases and cycles, and internal coordination to ensure the latest version of the SDK is deployed. Once deployed, multiple versions are often maintained to avoid forcing an end-user to upgrade, which may result in dissatisfaction and lost customers.
Time for a Change
After countless attempts to roll out ATO prevention, the retail customer chose to investigate alternative bot mitigation solutions including Cequence Security Bot Defense SaaS. The initial evaluation took the teams a few hours to redirect traffic from Fastly CDN to Bot Defense SaaS and shortly thereafter, the management dashboard lit up with account takeover attacks on both the web and API endpoints. Working closely with the CQ Prime Threat Research and Customer Success Teams, the customer quickly came up to speed in navigating the UI, drilling down into the attack behaviors, translating the findings into policy, and onboarding apps without assistance. The customer commented that the difference between Bot Defense and the incumbent solution was night and day.
- The required SDK integration injected delays and obstacles into the deployment and protection of the mobile application.
- The incumbent was a black box, providing limited to no visibility into attack patterns or analysis without engaging professional services.
- Policy modification was an equally challenging exercise that often took multiple hours or days to engage professional services.
Flipping the Switch
The week-long PoC demonstrated near-immediate value by enabling the rapid onboarding of applications through a simple traffic redirect from their Fastly CDN to Bot Defense SaaS. Once completed, the applications were discovered and analyzed with a few clicks of a mouse. Findings included:
- An ATO against the web login distributed across more than 3,500 residential proxies and was spoofing a Chrome User-Agent string represented roughly 95% of the login traffic over a period of several days.
- A highly automated “low and slow” ATO attack that evenly rotated through User-Agent strings of multiple browser families and distributed the requests across more than 1,100 residential IPs.
- An ATO attack against the mobile login API used a single User-Agent string and was spoofing an Android app but appeared to be an iOS device. The attack was distributed across residential IP proxies located in China, Romania & Brazil.
In contrast, the previous solution had struggled to show protection value for more than a year. Moving from PoC to production was equally simple. On the backend, the Bot Defense SaaS instance was already created with application traffic flowing through it. The next steps were to formally engage with the CQ Prime threat research team to train the customer’s security team on using CQAI, analyzing threat traffic, and setting policies.
Within a matter of weeks, the customer validated the speed with which new mobile, API, and web application endpoints can be onboarded and the prevention efficacy of Bot Defense SaaS. The ease with which the applications can be protected, the openness of the platform, and the close working relationship with the CQ Prime Threat Research Team is a stark contrast to the incumbent solution that was largely ineffective for nearly a year.
Learn more about how Bot Defense sets itself apart from other, first-generation bot mitigation alternatives here.