'Tis the season season to be attacked, and time is of the essence, especially during the festive period. High volume sales periods are important for the businesses bottom line and customers are relying on you.
In our previous blog we discussed how fraudsters leave signals of an attack, like a trail of breadcrumbs, that help you identify the malicious activity. Poor visibility allows fraudsters to maximise the ROI of their attack campaign. Your ability to detect these signals is a critical element of your incident response strategy.
In this blog we move to the next stage. It's not enough to know you're under attack, you need to shut it down as quickly as possible to minimise damage.
It's beginning to look a lot like an attack....
How do you know you're under attack? The scenario is all too common:
- Your website is under attack and the attacker is targeting a sensitive endpoint - registration, login and submit payment
- Your existing toolset is unable to detect or mitigate the attack
- Your business is losing money, your site is unstable and your customer's data is at risk
How to best respond to an attack: your move
Introducing a new security tool into your stack can be challenging, disruptive and time consuming. But sometimes it is absolutely necessary.
- Too often legacy security solutions are slow, cumbersome and confusing to configure. This complexity only increases the risks associated with change and slows your time to respond
- Internal dynamics can restrict your speed of response. Decision making between departments can be challenging at any time. When you add the pressure of a highly profitable event and the impact of a cyber attack, the pressure can become overwhelming
- All change introduces an unknown level of risk. Will this solution stop the attack? Will this solution have an adverse impact on our customers? Will this solution impact any of our high value marketing campaigns?
- Uncertainty often leads to indecisiveness. Too often in the past, security solutions such as Web Application Firewalls get 'stuck' in monitor mode. The complexity of the solution prevents the technology from achieving its intended purpose
The bot mitigation market varies greatly in terms of integration complexity. At Kasada, we have specifically designed for simplicity as a core product element. This extends from integration, configuration and ongoing management.
Integration simplicity: As a reverse proxy, our integration model could not be simpler. A DNS routing change at your CDN or DNS provider is all that is required to introduce the flow of traffic.
BYO CDN - You can bring your own CDN to Kasada. This option allows you to avoid disruption and protect specific parts of your application. If you're immediate problem is fraudulent login attempts, just send those requests to us.
Our integration model allows us to rapidly respond to urgent customer requirements. The on-boarding process takes minutes. This allows us to step into a variety of high intensity attack scenarios. Platform agility is a highly rated feature of our offering and should be on any bot mitigation requirements list.
The simplicity of bot mitigation
When compared to web application firewalls, the mechanisms used to detect bots are far simpler and more accurate. WAF's need to inspect the headers and content bodies of each and every request.
This already complex security control is made more challenging by modern application development cycles. Daily code drops add to the confusion and create uncertainty in the broader impact of your WAF. Visibility is the cornerstone of any digital security solution, yet most WAF's only show you the requests that they block. This does not win any friends in the digital and dev crowds.
Bot mitigation flips this challenge on it's head by forcing a simple rule: you must be using a non-automated browser to access the website. This changes and simplifies the inspection model. The core components of a bot detection platform looks at (1) the client environment and (2) the patterns of requests being sent.
Why does this matter?
Ultimately, Kasada's rapid integration reduces your time to respond. Introducing any new technology into a production environment can be riddled with internal and external obstacles. During an attack, the risks associated with the obstacles is often outweighed by the impact of the attack. Investing in a solution that reduces your time to respond is a critical part of your incident response strategy.
Simplifying the ongoing battles
Fraudsters intentionally alter their tactics, techniques and toolsets to evade detection. Your security solution needs to follow this activity and respond to a wide variety of new techniques.
Key features required to maximize your speed of response:
Configuration simplicity: Our product is designed to avoid configuration complexity at all costs. We provide our customers with an on/off decision with as few variations as possible.
Instant Activation: Time is of the essence. Our config model is also designed for instant activation. Every change that you make is instantly active across the platform. This dramatically increases the time to respond and also increases the confidence that our customers have in our solution. If they make a mistake, they can instantly roll back without the annoying delays that plague legacy solutions.
Full visibility: Our portal provides full log analysis of 100% of traffic. This allows you to easily visualize human and bot patterns. During an attack campaign this level of visibility is incredibly important. It allows you to detect detect and follow an attackers reconnaissance and build phases. It allows you to monitor the patterns of behavior across all users. It provides you the certainty that your valuable customers are not being impacted.
Dynamic Detection: In an adversarial attack scenario, having a tool that can shift it's focus is incredibly important. Static bot solutions are a sitting duck for an advanced bot builder.
Management simplicity: The combination of high visibility, low configuration complexity, dynamic detection and instant activation provides a simple but effective toolset to control fraudulent activity
A TODAY issue, not 2020.
No business has time for weeks of integration anymore.
Kasada can onboard you in hours and stop the bots today.
Keep your shopping season on track and contact us here. To learn more about advanced bot detection, read our blog post covering the most important components of non-static bot protection. Read full post here.