Tales from the Front Lines: Large Retailer Achieves Near Immediate Time-to-Value

November 11, 2020

One of our newest customers is a large, community-based retailer that had a mobile application and API account takeover problem. Roughly 12 months ago, they selected a JavaScript and SDK-based bot mitigation solution to address their ATO challenges. The initial focus was to protect the mobile applications and associated APIs – and that’s where the struggles began.

ATO prevention for mobile applications requires SDK integration, which means an increased burden on the development team for third-party app validation, added QA test cases and cycles, and internal coordination to ensure the latest version of the SDK is deployed. Once deployed, multiple versions are often maintained to avoid forcing an end-user to upgrade, which may result in dissatisfaction and lost customers.

Time for a Change

After countless attempts to roll out ATO prevention, the retail customer chose to investigate alternative bot mitigation solutions including Cequence Security Bot Defense SaaS. The initial evaluation took the teams a few hours to redirect traffic from Fastly CDN to Bot Defense SaaS and shortly thereafter, the management dashboard lit up with account takeover attacks on both the web and API endpoints. Working closely with the CQ Prime Threat Research and Customer Success Teams, the customer quickly came up to speed in navigating the UI, drilling down into the attack behaviors, translating the findings into policy, and onboarding apps without assistance. The customer commented that the difference between Bot Defense and the incumbent solution was night and day.

  • The required SDK integration injected delays and obstacles into the deployment and protection of the mobile application.
  • The incumbent was a black box, providing limited to no visibility into attack patterns or analysis without engaging professional services.
  • Policy modification was an equally challenging exercise that often took multiple hours or days to engage professional services.

Bot Defense is based on CQAI, a patented ML-based analytics engine that determines the transactional intent, legitimate or malicious, without requiring JavaScript and SDK integration. The platform is open and extensible, providing the customer with full visibility into their web, API, and mobile applications, allowing them to analyze the traffic and separate legitimate from malicious with intuitive policies.

Flipping the Switch

The week-long PoC demonstrated near-immediate value by enabling the rapid onboarding of applications through a simple traffic redirect from their Fastly CDN to Bot Defense SaaS. Once completed, the applications were discovered and analyzed with a few clicks of a mouse. Findings included:

  • An ATO against the web login distributed across more than 3,500 residential proxies and was spoofing a Chrome User-Agent string represented roughly 95% of the login traffic over a period of several days.
  • A highly automated “low and slow” ATO attack that evenly rotated through User-Agent strings of multiple browser families and distributed the requests across more than 1,100 residential IPs.
  • An ATO attack against the mobile login API used a single User-Agent string and was spoofing an Android app but appeared to be an iOS device. The attack was distributed across residential IP proxies located in China, Romania & Brazil.

In contrast, the previous solution had struggled to show protection value for more than a year. Moving from PoC to production was equally simple. On the backend, the Bot Defense SaaS instance was already created with application traffic flowing through it. The next steps were to formally engage with the CQ Prime threat research team to train the customer’s security team on using CQAI, analyzing threat traffic, and setting policies.

Rapid Time-to-Value

Within a matter of weeks, the customer validated the speed with which new mobile, API, and web application endpoints can be onboarded and the prevention efficacy of Bot Defense SaaS. The ease with which the applications can be protected, the openness of the platform, and the close working relationship with the CQ Prime Threat Research Team is a stark contrast to the incumbent solution that was largely ineffective for nearly a year.

Learn more about how Bot Defense sets itself apart from other, first-generation bot mitigation alternatives here.

Tags

ATOBot Defense SaaSCustomersSDK integration

About the Author

Matt Keil

Matt Keil

Director of Product Marketing

4 November 2020

Tales from the Front Lines: How Third-Party APIs Simplify Enumeration Attacks

Read More
12 October 2020

An Alternative Approach to WAAP Architecture

Read More
28 September 2020

Tales from the Front Lines: Whitelist and Forget, A Cautionary Tale

Read More
17 September 2020

Get Ready— It’s Almost Bots Attack Week!

Read More
14 August 2020

Tales from the Front Lines: Maintaining Detection Efficacy (and Your Cool) in the Summer Heat

Read More

Subscribe to our blog