Recommended
Recommended
More Related Content
Similar to Debunking Myths about Malicious Bots / 악성 봇의 허상과 실상
Similar to Debunking Myths about Malicious Bots / 악성 봇의 허상과 실상 (20)
More from Jean Ryu
Recently uploaded
Recently uploaded (20)
Debunking Myths about Malicious Bots / 악성 봇의 허상과 실상
- 1. 악성 봇의 허상과 실상 5월 21일 오후 3시 KST Jean Ryu Solutions Engineer, Cloudflare Live webinar
- 2. We are helping build a better Internet 2
- 3. 27M+ Internet properties 200 Cities and 95 countries 37 Tbps Network Capacity DDoS mitigation capacity 99% Of the Internet-connected population in the developed world is located within 100 milliseconds of our network Note: Data as of June 28, 2019. Cloudflare’s network operates at massive scale Confidential. Copyright © Cloudflare, Inc.
- 4. Customers benefit from integrated security, performance, and reliability 35% performance improvement 50% acceleration in DNS performance 60% reduction in malicious traffic 41k WAF blocks per month 900k login attempts blocked in 2 hours 50% decrease in page load times
- 5. Facts ● Automated program designed to perform specific task ● Execute tasks over and over at a much faster rate than a human could ● Interact with a webpage, fill out and submit forms, click on links, scan (or "crawl") text, and download content ● Watch videos, post comments, and post, like, or retweet on social media platforms What are bots
- 6. Myth #1: All Bots are Bad Facts ● Bad bots tend to get the most attention, good bots are almost as prevalent ● Good bots play crucial roles in keeping digital business flowing. ● Google, Bing and Baidu for SEO, Partner bots, site monitoring bots ● Hackers deliberately design malicious bots to mimic the behavior of the good bots ● Malicious bots have become more sophisticated and prevalent, from impersonating human behavior to changing tactics
- 7. Myth #2: Bad bots only attack e-commerce, travel, and finance Facts ● Many high-profile bot attacks have targeted banks, airlines, hotels, and e-commerce companies ● Increased bot attacks on - Healthcare facilities, educational institutions, gaming companies, marketing firms, publishing houses, and even government agencies ● Every industry has a different bot problem ○ Ecommerce, travel – price scraping is a big concern ○ Healthcare, tech, ecommerce - credential stuffing on rise
- 8. Myth #3: Bot attacks are only a holiday shopping problem Facts ● Bot attacks can strike at any time of the year ○ Major event like a product launch, ○ Political events ○ During Covid ● Credential stuffing attack on Zoom - March 2020 ● Credential stuffing attack on J.Crew - April 2019
- 9. Myth #4: Isolated tactics can stop all malicious bots Facts ● DDoS mitigation - can be effective against volumetric attacks but less adept at detecting individual bots that imitate human user behavior ● Web Application Firewall (WAF) – can defend against SQL injections, cross-site scripting (XSS), and zero-day attacks but not block bots that scrape content ● Rate limiting - can block simplistic bot attacks but cannot detect bots that go “low and slow” ● Multi-factor authentication or Captcha – provides additional layer of security but don’t work for the all of bot use cases and adds friction to user experience
- 10. Myth #5: I should build a custom bot management tool Facts ● May prove effective in the immediate term but requires ○ In-house technical expertise ○ Costly maintenance ○ Tedious upgrades ○ Constant fine- tuning of rules and policies
- 11. Cloudflare’s Bot Management Solution
- 12. Built for security needs of the modern business Configuration Flexibility Threat Intelligence At-Scale Automatic Whitelists No JS injection Integrated Security and Performance Mobile App Endpoint and API Protection Complete without Complexity Bot Management
- 13. How it works
- 14. Advantages of Bot Management solution Simple Deployment Quick Mitigation Accurate Detection Rich Analytics ● No JavaScript ● No mobile SDK ● Behavioral analysis ● Machine learning ● Fingerprinting ● Alternative content ● Captcha ● Log ● Block ● Reports ● SIEM integrations
- 15. Protect revenue and customer trust by enhancing sales and reducing customer churn. Rich user experience due to availability of website during business hours providing consistent user experience without delays Reduced operational cost by eliminating the manual effort of detecting and blocking bad bots Benefits of Cloudflare’s Bot Management Solution
- 16. CHALLENGES • ArtStation saw account takeovers creating a bad experience for customers, jeopardizing their business which grows through word-of-mouth and a positive brand. • Spamming and “social engineering” via mass posting and fake comments also risked hurting the brand, making the environment feel unsafe. • Competitors were scraping user information to spam them with competing offers. ArtStation provides artists with an amazing platform to showcase their portfolio, find work and connect with opportunities. “Cloudflare Bot Management gives us peace of mind as we scale our business. Our team can focus on creating value for our clients instead of dealing with bots! It also results in a better experience for our clients with reduced spam, account takeovers and malicious activity.” Leonard Teo CEO http://cfl.re/art-station-customer-case ArtStation / Customer Case Study 16 CLOUDFLARE SOLUTION ● Cloudflare’s bot management classified and mitigated bad bots that were waging credential stuffing attacks. ● It did so without false positives or blocking good bots. ● Built on Cloudflare, very simple to integrate. KEY RESULTS ● Peace of mind - knowing that Cloudflare was working behind the scenes to protect the site. ● Developers can focus on building high value things instead of dealing with malicious bots. ● Better experience for our clients results in increased reputation.
- 17. We are helping build a better Internet Q&A