The Imitation Game: Detecting and Thwarting Automated Bot Attacks

IT & DATA MANAGEMENT RESEARCH,
INDUSTRY ANALYSIS & CONSULTING
Paula Musich
Research Director, Security and Risk Management
pmusich@emausa.com
The Imitation Game:
Detecting and Thwarting
Automated Bots

Watch the On-Demand Webinar
Slide 2
• The Imitation Game: Detecting and Thwarting Automated Bot
Attacks: https://info.enterprisemanagement.com/detecting-and-
thwarting-automated-bot-attacks-webinar-ws
• Check out upcoming webinars from EMA here:
http://www.enterprisemanagement.com/freeResearch

Featured Speaker
Paula Musich, Research Director, Security and Risk Management
Paula brings over 30 years of experience covering the IT security and
networking technology markets. She has been an IT security analyst for
ten years, including as a research director at NSS Labs, and earlier as
the principal analyst for enterprise security for Current Analysis. As a
security technology analyst, Paula has tracked and analyzed competitive
developments in the threat management segment of the information
security market, ranging from advanced anti-malware to next-generation
firewalls and intrusion prevention systems to content security, data loss
prevention, and more.
Slide 3 © 2020 Enterprise Management Associates, Inc.

Logistics
An archived version of the event recording will be available at
www.enterprisemanagement.com
• Log questions in the chat panel located on the lower left-
hand corner of your screen
• Questions will be addressed during the Q&A session of
the event
QUESTIONS
EVENT RECORDING

Sponsors

Agenda
• Introduction
• Methodology & Demographics
• The Attackers and Their Tactics
• The Defenders and Their Approaches
and Successes
• The Defenses and How They Stack Up

INDUSTRY ANALYSIS & CONSULTINGSlide 7
Introduction
and Demographics
© 2020 Enterprise Management Associates, Inc.

Bots by the Numbers
• 187: The average number of times that Googlebots visit websites
per day*
• 11-25: The number of times per day most EMA research
respondents said their organizations’ websites were hit by
automated bot attacks
• 2016: The year that all bot traffic exceeded web traffic generated by
humans**
• 20%: The percentage of all website requests made by bad bots***
• 73.6%: The percentage of bad bot traffic generated by advanced
persistent bots***

Demographics
• Company size
• 53% Enterprise
• 35% SME
• 13% Midmarket
• Annual IT Budget
• 21% $50 - <$100 Million
• 16% $10 - <$25 Million
• 14% +$100 Million
• 13% $25 - <$50 Million
• Geography
• North America
• Number of Respondents
• 209
• Vertical Industries
• 21% Finance
• 13% High Technology Software
• 11% Manufacturing
• 8% Healthcare
• 7% Retail

INDUSTRY ANALYSIS & CONSULTINGSlide 10 © 2020 Enterprise Management Associates, Inc.
Percentage increase or decrease of respondent organizations’ annual IT and
information security or cybersecurity budgets from last year to this year
7%
25%
28%
22%
1%
0%
10%
24%
31%
18%
3%
2%
0% 5% 10% 15% 20% 25% 30% 35%
Increased more than 25%
Increased between 10% and 25%
Increased less than 10%
Stayed the same
Decreased less than 10%
Decreased between 10% and 25%
Security IT

The Attackers
and Their Tactics

Application Types Most Frequently Targeted
60%
14%
17%
9%
0% 10% 20% 30% 40% 50% 60% 70%
Web
Mobile
API-based
I don't know
Column %

Over the past 12 months, which of the following types of malicious bot attacks
have your organization's public-facing web, mobile, and API-based applications
experienced?
52%
38%
38%
26%
23%
18%
17%
17%
14%
13%
Application DDoS
Fake account creation
Vulnerability scanning/reconnaissance
Account takeover/credential stuffing
Content scraping
Automated shopping to buy high-demand items that limited quantity per
buyer
Denial of inventory (loading shopping cart but not purchasing to prevent
others from buying)
Gift card/loyalty program fraud
Reputation bombing/enhancement
Denial of wallet (purposely driving traffic to a public-facing application to
increase resource consumption and costs)

How has the frequency of malicious bot attacks against your organization's public-
facing web, mobile, and API-based applications changed from 12 months ago?
7%
30%
25%
11%
Decreased less than 25%
Stayed the same
Increased less than 25%
Increased between 25% and 49%

How often has your organization observed bot attack campaigns that attackers
reconfigure to attempt to overcome your bot defense solution?
9%
29%
19%
27%
11%
5%
Always
Most of the time
Often
Sometimes
Rarely
Never

The Defenders and
Their Approaches
and Successes

8.68
4.96
9.32
7.73
6.25
4.81
7.08
4.99
5.03
6.38
Application DDoS
Automated shopping to buy high-demand items that limited
quantity per buyer
Content scraping
Denial of inventory (loading shopping cart but not purchasing to
prevent others from buying)
Denial of wallet (purposely driving traffic to a public-facing
application to increase resource consumption and costs)
Days
Mean time to detect each type of attack experienced
© 2020 Enterprise Management Associates, Inc.Slide 17

3.18
4.12
6.12
7.56
5.12
3.61
5.68
3.29
2.75
4.91
Application DDoS
Automated shopping to buy high-demand items that limited quantity per
buyer
Content scraping
Denial of inventory (loading shopping cart but not purchasing to prevent
others from buying)
Denial of wallet (purposely driving traffic to a public-facing application to
increase resource consumption and costs)
Days
Mean time to mitigate attack types experienced

Of the following use cases, please rank each one in the order of importance to your
organization's decision to acquire bot defense technology, with 1 being most
important and 10 being the least important.
3.80
3.19
6.05
5.21
6.44
6.34
5.33
7.09
5.92
5.27
Account takeover
Application DDoS
Automated shopping to limit quantity per buyer
Content scraping
Denial of inventory
Denial of wallet

The Defenses and
How They Stack Up

You indicated that your organization is using a bot defense solution. Which of the
following types of bot defense is your organization using?
51%
34%
55%
48%
15%
26%
Dedicated bot mitigation
Content delivery network (CDN)-based
Web application firewall (WAF)-based
CAPTCHA
Manual via log analysis/SIEM
Next-generation firewall

Based on a scale from 1 to 5, with 1 being the most effective and 5 being the least
effective, how would you rate your bot defense technology's ability to…
22%
35%
31%
11%
0%
27%
33%
21%
10%
3%
28%
33%
23%
9%
1%
1 Most effective
2
3
4
5 Least effective
Correctly identify previously unidentified bot attacks Stop attacks targeting APIs
Stop attacks targeting mobile apps

Average number of public-facing web, mobile, and API-based
application/application endpoints deployed, and average number of
those protected by bot defense.
Deployed Protected
Web 146.56 145.94
Mobile 706.83 703.42
API-Based 185.08 153.26

Top bot defense issues by organizational size
17%
17%
44%
39%
22%
23%
29%
23%
26%
29%
29%
18%
12%
12%
35%
18%
43%
27%
41%
14%
Difficult to install/configure
Too many false positives
Cumbersome to configure/manage
Does not integrate with existing security infrastructure
Implementation model slows application
development/rollout process
Midmarket Low-end SME High-end enterprise Very large enterprise

Questions?
Get the report at
http://bit.ly/3997mJz

The Imitation Game: Detecting and Thwarting Automated Bot Attacks

Recommended

Recommended

More Related Content

What's hot

What's hot (19)

Similar to The Imitation Game: Detecting and Thwarting Automated Bot Attacks

Similar to The Imitation Game: Detecting and Thwarting Automated Bot Attacks (20)

More from Enterprise Management Associates

More from Enterprise Management Associates (20)

Recently uploaded

Recently uploaded (20)

The Imitation Game: Detecting and Thwarting Automated Bot Attacks