Every organization understands the threat posed by DDoS attacks. It is 2020, after all. DDoS flooding attacks against big name brands have made media headlines for more than two decades. However, what many organizations don’t yet understand is that not all bot attacks originate from botnets.
In fact, many bot attacks aren’t flooding attacks at all. These attacks pose a huge threat to organizations and website owners… but few are aware of the risks.
DDoS flooding attacks are simple things. A malicious actor uses malware to take control of tens or hundreds of thousands of Internet-connected devices. Once control is established, these devices become the ‘bots’ in a botnet, which is often used to flood a target website with connection requests until it can no longer cope with the load. But devices enslaved into the ranks of a botnet are just one of many types of bot.
An incredible 37.9% of all Internet traffic is made up of bot activities — 17.5% from good bots, and 20.4% from bad bots.¹
Good bots help web users find relevant businesses, products, and services. They include search engine crawlers and price comparison bots.
Bad bots are used by malicious actors to automate attacks, reconnaissance, and fraudulent activities. These bots can negatively affect website performance, damage the experience of legitimate customers, and directly attack your business.
While ticketing, e-commerce, and financial services organizations have traditionally been top targets, bad bots are a threat across all industries.
Just like human cyber attacks, bots can harm your business in many different ways:
With so many different bad bots to contend with, it’s natural to want to fight back.
However, bots are often hard to detect. Even the simplest bots impersonate traffic from normal sources like common web browsers and mobile devices, which makes them hard to block. At the other end of the scale, sophisticated bots are able to evade static controls like Captcha forms by mimicking human behavior. This makes them almost impossible to detect using standard web technologies.
To make matters worse, you can’t depend on a Web Application Firewall (WAF) to weed out bad bots. While a WAF may be able to detect or block some specific bot attacks, the majority of bots don’t directly attack your website. Instead, they abuse legitimate functions to achieve malicious objectives. Equally, a WAF won’t do anything to lessen the flow of bad bots targeting your website.
This is where bot mitigation services come in.
Bot mitigation isn’t about completely blocking bot activity. Remember, around half of all bots are good. Instead, it’s about determining the nature of every bot that visits your website and preventing the activities of bad bots only.
For this to be possible, a bot mitigation service must be able to:
1. Rapidly identify and mitigate bad bots (even when they aren’t using flooding techniques).
2. Identify and manage unknown bots in real-time.
Note that bot mitigation is not part of a typical DDoS mitigation service. Bots come in many forms, and can’t be detected using the techniques DDoS mitigation services use to protect websites from flooding attacks.
To keep your organization safe from bad bots, you need a bot mitigation service that gives you full control over the wide range of bots that access your website every day.
At Link11, our bot mitigation service uses proprietary AI and Machine Learning algorithms to distinguish between good and bad bots in real-time — with zero human intervention.
Known bad bots are blocked instantly, while unknown bots are identified and mitigated within five seconds on average. This is critical, as new bots are constantly developed to bypass lower-quality controls.
As a result, your organization gets:
To find out more about our industry-leading bot mitigation capabilities, visit our bot mitigation service page.