Battling the Bots

By Michael Lynch, Chief Strategy Officer June 27, 2017

Share:

Companies doing business online would be wise to invest in sophisticated device intelligence, machine learning, and authentication technology to help distinguish bot traffic form legitimate traffic.

Bot traffic actually exceeds human traffic on the internet, which is an alarming statement.

According to a security report by Imperva, bots are responsible for 52 percent of web traffic.

Botnets are a type of malware that allows an attacker to take control over an affected computer. They are typically linked together as part of a whole network of infected machines, also known as a “botnet”.

According to PYMNTS’ Q4 2016 Global Fraud Attack Index TM “Botnets are booming – the rate of attacks featuring botnets rose by 47 percent Q3 2015 and Q2 2016.”

Botnets are being used to target a range of industries including online merchants, ticket purchasing services, the travel industry and digital advertising.

Fortunately, technology exists that can help.

One signature quality behind bot attacks is their high rate of speed. Some solutions work by flagging devices that are used to perform multiple unusual behaviors at a high rate of speed. If a device performs multiple login attempts on multiple accounts over a short period of time, this could signal the use of a bot.

However, many of these bot detection tools fall short of true identification because they rely on IP addresses or cookies in their model. This method of identification is easily thwarted by sophisticated bots that change their IP address continually or clear/disallow cookies.

The next generation of bot-prevention tools involve device intelligence, device fingerprinting, malware detection, machine learning, and behavioral analysis. This model relies more on identifying the bot at the root, at the device level. Such solutions employ both static techniques, such as detecting malware on the device, and a more complete behavioral analysis—that is, detecting a high number of attempts or unusual traffic patterns.

Companies doing business online would be wise to invest in sophisticated device intelligence, machine learning, and authentication technology to help distinguish bot traffic form legitimate traffic.

About the Author

Michael Lynch is InAuth’s Chief Strategy Officer and is responsible for developing and leading the company’s new products strategy, as well as developing key US and international partnerships. He brings two decades of experience in key roles within financial services, consulting, and Fortune 500 companies, specializing in security and technology leadership.