Discover patterns of malicious enumeration in API traffic and take action by rate limiting, blocking, or sending a deceptive response.
Automation allows a bad actor to launch enumeration attacks directly against the application APIs as shown in the Prying-Eye vulnerability where a bot cycles through (enumerates) and discovers valid numeric meeting IDs. If the common user practice of disabling security functionality is followed, then the bad actor would be able to view or listen to an active meeting.
Targeting the web conferencing application APIs directly, this attack (1) uses a bot to enumerate and discover the numeric, or alphanumeric identifiers that (2) perform the attendee access control function. If the application is not protected by a password or other authentication mechanism, (3) the bad actor can surreptitiously gain access to the web meeting.
Enumeration Attacks are often used by bad actors to validate and use gift cards before the real owners are able to do so. Bad actors can easily determine the numeric sequence by viewing the cards on display in retail stores. Armed with the numeric pattern, a bot can be programmed to validate the card numbers. In some scenarios, a bank validation is required prior to use, and if successful, they can then be used immediately to make valid purchases.
Using more than 150 customizable automation indicators, CQAI determines the malicious or benign intent of each application request. The REST API can be used to export CQAI findings to external systems for archiving, additional analysis or an alternative response.
Customizable mitigation policies provide multiple response options including block, rate limit, geo fence, or deception. Using deception allows you to send a custom response to the attacker, effectively putting guardrails around their activities.
As new public-facing applications that use numeric identifiers are deployed, they are automatically discovered and protected from enumeration attacks by Bot Defense, effectively baking security into your application deployment workflow.
Agentless approach allows you to deploy consistent visibility and policy protection from enumeration attacks for your API and web-based applications.
A container-based software architecture allows Bot Defense to be deployed in your data center, the cloud or as a SaaS offering, so you to choose the architecture that best fits your needs.
CQAI and Bot Defense automatically discover all your web and API-based endpoints saving you incident response time while minimizing harm to your users and business.
Customizable automation indicators and responses enable you to fine tune and maximize attack pre-vention policies to eliminate fraud associated with enumeration attacks.
With REST APIs and an open architecture, you can ensure information is shared between third party sites and other IT infrastructure like SIEMs and SOC systems.