Top Of The Bots

Oliver Sears

Bots are everywhere and they need to be managed!

In this blog I am going to explore what Bot Management is, the benefits of having a bot management solution as well as provide a comparison between some of the top bot management products in the market for 2019. 

What is Bot Management Software?

Bot Management is a piece of security software that can identify whether or not traffic requests on a website or network comes from an actual human or machine. It can then decide to either block or grant this request based on whether it thinks the traffic is legitimate or suspicious.  Around 50% of traffic on the internet comes from bots – both good and bad – which are bits of code that carry out automated tasks. Good bots for example, can be used for indexing content for search engines making it easier to find whereas bad bots can exploit vulnerabilities, steal date and shut down websites. 

What are the Benefits?

Bot managers can enable companies to take advantage of the good bots while also protecting themselves against the bad bots. Some machine traffic is helpful – such as Google’s – as it helps you find the website you want quicker. 

The categories of bots fit into two areas. Humans or good bots, or unknown and malicious bots. Bot management solutions treat unknown bots as malicious to protect against the uncertainty of that bot potentially being harmful. The software directs malicious activity away from the website which protects the intellectual property of the organisation and the end-user experience. 

Comparison Criteria

For my comparison I have used the following criteria:

  1. Attack Detection – How does the product identify bots?
  2. Attack Response – How does the product respond to attacks?
  3. Threat Research – How does the product address bot patterns?
  4. Reporting and analysis – What reports does the product run?
  5. Feedback Loops – How does the product enable feedback loops to the SOC?

I have chosen three of the 12 solutions – Distil Networks, Oracle Dyn and Radware (previously ShieldSquare) as outlined in ‘The Forrester New Wave: Bot Management Report’.

If you would like a more detailed comparison of the 12 Solutions please download the report or call activereach for advice on how to pick a solution that is the best fit for your organization.

Distil Networks

Let’s begin with Distil Networks, the Leader in Bot Management. First of all, Distilled Network’s bot management solution goes above and beyond with robust detection, response and reporting. They use 15 different machine learning models to identify bots. On the other hand, I feel Distil Networks should add feedback loops that feed into security operations. They could benefit from using formal integrations with security and marketing tools to help keep business stakeholders informed about attacks. This solution seems to be best for firms that want flexibility in bot management.

Oracle Dyn

Next, Oracle Dyn offer a respectable solution too. Their bot management solution has a robust attack response. Oracle Dyn’s can block attacks with a configurable error code, mitigate attacks by slowing traffic that looks malicious as well as replacing a website page with a different one. Something that their product could improve on is the performance metrics and feedback loops. Oracle Dyn’s only allows customers to provide feedback to the support team, and I would like to see them publish best practices to help this. It seems that this solution is best for firms looking to single source, ie those organizations with existing Oracle Cloud Infrastructure.

ShieldSquare/Radware

Finally, Radware’s solution is a relaunched ShieldSquare offering after a recent acquisition. It is embedded with all the features you’d want to see in a Bot Management Solution. It boasts the ability to handle bot traffic in a number of different ways based on the bot signatures/types. It uses CAPTCHA for suspected bots. It also offers an easy integration. Flexible deployment options include integration via their JavaScript Tag, cloud connectors or web server plug-ins. What makes this solution stand out to me is that it is available as a security as a service integrated with Radware’s Cloud WAF, for complete application protection.

So Who is Top Of The Bots?

All three have their advantages and disadvantages so I didn’t feel there was one overall winner, the best fit will depend on your own company profiles.

If you would like to discuss in more detail which would be the best option for you, please get in touch to one of our specialists or call on us 0845 625 9025 where we can walk you through evaluating the different products for your specific business needs.

Financial Institutions are a popular target for bots as one of our other blogs reveals. Or find out more about Botnet Attack DDoS Testing.