Navigating the Bot Ecosystem

August 8, 2019 — by Carl Herberger0


Bots touch virtually every part of our digital lives — and now account for over half of all web traffic.

This represents both a problem and a paradox. Bots can be good, and bots can be bad; removing good bots is bad and leaving bad bots can be even worse.

Having said that, few businesses, application owners, users, designers, security practitioners, or network engineers can distinguish the difference between good bots and bad bots in their operating environments.

As the speed of business continues to accelerate and automate, the instantaneous ability to distinguish legitimate, automated communications from illegitimate will be among the most crucial security controls we can on board.

Differentiating Between Good & Bad Bots

Indeed, as the volume of automated communication over the internet has dramatically increased,and according to Radware’s research, today’s internet now represents a majority (52%) of bot traffic. But how much of that traffic is “good” vs. “bad”?

[You may also like: Good Bots Vs. Bad Bots: What’s The Impact On Your Business?]

Some help populate our news feeds, tell the weather, provide stock quotes and control search rankings. We use bots to book travel, access online customer support, even to turn our lights on and off and unlock our doors.

But other bots are designed for more mischievous purposes — including account takeover, content scraping, payment fraud and denial-of-service (DoS) attacks. These bots account for as much as 26% of total internet traffic, and their attacks are often carried out by competitors looking to undermine your competitive advantage, steal your information or increase your online marketing costs.

These “bad bots” represent one of the fastest growing and gravest threats to websites, mobile applications and application programming interfaces (APIs). And they’re fueling a rise in automated attacks against businesses, driving the need for bot management.

[You may also like: Key Considerations In Bot Management Evaluation]

In the early days, the use of bots was limited to small scraping attempts or spamming. Today, things are vastly different. Bots are used to take over user accounts, perform DDoS attacks, abuse APIs, scrape unique content and pricing information, increase costs of competitors, deny inventory turnover and more. It’s no surprise, then, that Gartner mentioned  bot management at the peak of inflated expectations under the high benefit category in its Hype Cycle for Application Security 2018.

The ULTIMATE Guide to Bot Management

Recognizing the inescapable reality of today’s evolving bots, we have released the Ultimate Guide to Bot Management. This e-book provides an overview of evolving bot threats, outlines options for detection and mitigation, and offers a concise buyer guide to help evaluate potential bot management solutions.

From the generational leaps forward in bot design and use, to the techniques leveraged to outsmart and cloak themselves from detection, we’ve got you covered. The guide also dives into the bot problems across web, API and SDK / Mobile applications, and the most effective architectural strategies in pursuing solutions.

We hope you enjoy this tool as it becomes a must-have reference manual and provides you with the necessary map to navigate the murky waters and mayhem of bot management!

Read “The Ultimate Guide to Bot Management” to learn more.

Download Now


It only takes 6,000 smart phones to take down our Public Emergency Response System?

June 28, 2018 — by Carl Herberger1


There are fewer scenarios which illustrate an evildoer’s heart than those designed for mass carnage.

We are all familiar with the false alarm (human mistake) of the Public Emergency Broadcast system in Hawaii earlier this year, which wreaked havoc throughout the archipelago. However, do we realize how fragile our nation’s emergency communications are and how vulnerable it is to cyber-attacks?


2018: Snapshot of the Most Important Worldwide Cybersecurity Laws, Regulations, Directives and Standards

June 5, 2018 — by Carl Herberger0


Are you out of breath from the breakneck pace of cyberattacks since the start of 2018? Throughout the world, nearly daily news reports have been filed detailing the results of incredibly effective cyberattacks ranging from small companies to nation-states. The sum total of these attacks has permanently and dramatically changed the information security threat landscape.  This change hasn’t gone unnoticed with the regulators and now, depending on where your business operates, you have accrued even more work to demonstrate your diligence to these threats.


Federal CISO: Superhero Needed

May 16, 2018 — by Carl Herberger0


A famous leadership coach said, “Only Superman can leap tall buildings in a single bound, the rest of us must chip away at our goals one day at a time.” What a befitting quote for the position of Federal CISO! This role of organizing, equipping, training and leading the nation’s cybersecurity programs is not only ominous, it has thus far been an utter failure when historically approached.


What Does a Windstorm in Wyoming Have to Do with Cyber Security?

February 7, 2018 — by Carl Herberger0


Natural disasters serve as excellent examples of the unforeseen consequences that a cyber-attack against infrastructure will have. Take for example a strong windstorm in Wyoming in February 2017. The storm knocked down power lines, forcing water and sewage treatment plants to operate on backup generators, which weren’t available to some of the pumps that moved sewage from low-lying areas to higher ground. As a result, the sewers backed up after the weather continued to prolonged the outage. While government officials tasked with disaster planning have long focused on the cascading effects of power outages from natural disasters, only recently have they realized the effects of cyber warfare could be quite similar.


Cyber Security Predictions

December 12, 2017 — by Carl Herberger2


2016 was the Year of DDoS. 2017 was the Year of Ransom. Can we assess leading indicators of new attack techniques and motivations to predict what 2018 will bring? The answer is a resounding “yes.” We believe 2018 will be the Year of Automation—or, more precisely, big, bad attacks on automated technology processes. Here are four reasons why.