Stop Advanced Automated Attacks that Go Undetected

Malicious Bot, or Not? That is the question. To answer it, understand the behavior of your users.

EnterpriseGRC Solutions has been advocating that we remove bot traffic for many years.  We believe people have mixed emotions about paying to remove a bot when its result is a false sense of web popularity.  A good friend of ours shared this product and white paper from PerimeterX.  We're hooked.  We hope you find their product as compelling as we do and that you'll give Henry (H) Shmouila call for more information. 

Please open or download the full PDF here.

Effective Defense against Infected Users
The only way to incriminate a user infected with Gen 4 bots is by applying a behavior-based approach. This requires a sophisticated sensor framework and big data and machine learning. The result is a highly capable approach to identifying these malicious bots. Once you have the human-behavior framework in place, identification of the attacks is immediate. You Can and Should Act Now Against Automated Web Attacks Some best practices in the defense against Gen4 bot attacks have emerged already. 

  1. Understand your web traffic: Profile your users, and get to know their normal behavior on each page of your sites: Site owners must understand authentic user behavior and how it appears.
  2. Collaborate among security, IT and business owners: Self-defense is a business survival issue; not just an IT issue. It requires collaboration with your application owners. It needs to be cross-departmental.
  3. Pay only for legitimate traffic: Bot activity can escalate fraud costs, data loss, theft, and customer loyalty. If you strip out 40% of undesirable bot traffic you can boost your site performance, stop counting impostors, stop paying bonuses to hijackers. Use correct data in your analytics, and pay only the marketing affiliates that are legitimate.

How to Start
To get started with behavior-based web protection, it’s advisable to use it on a test portion of your website. First, monitor your traffic and understand what is normal and what is abnormal behavior. Next, get the reporting and forensics running before you block users. With this approach, you can quickly get familiarity with no risk. Some CISOs see results within hours. The speed of improvement can be astonishing once you start to block based on WBA, but expect to wait a few
weeks for your analytics to show improvements.

Conclusion
Automated web threats constantly evolve. Their sophistication increases steadily. When we at PerimeterX reverse engineer malware, we see a high level of attackers’ capability. It’s evident that companies face criminal organizations with large, well-trained, organized software teams that perform better than most enterprise software development organizations. These organized crime groups update their malware multiple times per day, and their code is very well written and tested. To protect your site from advanced automated web attacks, in particular, Gen 3 and 4, your organization’s defense needs to evolve and get ahead. A Web behavior based approach to protection is the next level in the evolution of IT security. Once you implement a robust behavior-based layer of defense, you will have established a troublesome barrier against bot attacks that helps prevent damage to your business.

About PerimeterX
PerimeterX prevents automated attacks by detecting and protecting against malicious web behavior. By analyzing the behavior of humans, applications, and networks, PerimeterX catches automated attacks in real-time with unparalleled accuracy. Its proprietary technology protects your business and web infrastructure by preventing known automated attacks, as well as those that do not trigger security alarms. Businesses deploy PerimeterX and gain visibility within minutes, and easily integrate it into their existing infrastructure. PerimeterX empowers companies across numerous industries including enterprise SaaS, e-commerce and media to protect against advanced automated attacks. To learn more, please visit www.perimeterX.com