I’ve filmed a Korean webinar on 21 May about Cloudflare Bot Management. (Slide is in English) With this product, you can get a score info based on possibility of whether the particular request is coming from human through browsers, or from automated scripts, malicious bots. You can set your security rules based on this score. I was happy to have a chance to introduce this product as I personally like it. Hope you find it helpful.
5월 21일에 한국어 웨비나를 촬영했습니다. Cloudflare Bot Management 제품에 관한 웨비나입니다. Bot Management를 사용하면 특정 웹사이트/어플리케이션에 들어오는 리퀘스트가 사람이 브라우저로 보낸 리퀘스트인지, 악성 봇 혹은 자동화된 스크립트가 보낸 리퀘스트인지를 판단할 수 있고 이에 따라 보안 룰을 설정할 수 있습니다. 개인적으로 좋아하는 제품인데 웨비나로 소개할 기회가 있어 기뻤네요. 도움이 되시길 바랍니다.
4. Customers benefit from integrated security, performance, and reliability
35% performance
improvement
50% acceleration in
DNS performance
60% reduction in
malicious traffic
41k WAF blocks
per month
900k login attempts
blocked in 2 hours
50% decrease
in page load times
5. Facts
● Automated program designed to perform specific task
● Execute tasks over and over at a much faster rate than a human could
● Interact with a webpage, fill out and submit forms, click on links, scan
(or "crawl") text, and download content
● Watch videos, post comments, and post, like, or retweet on social
media platforms
What are bots
6. Myth #1: All Bots are Bad
Facts
● Bad bots tend to get the most attention, good bots are almost as
prevalent
● Good bots play crucial roles in keeping digital business flowing.
● Google, Bing and Baidu for SEO, Partner bots, site monitoring bots
● Hackers deliberately design malicious bots to mimic the behavior of
the good bots
● Malicious bots have become more sophisticated and prevalent, from
impersonating human behavior to changing tactics
7. Myth #2: Bad bots only attack e-commerce,
travel, and finance
Facts
● Many high-profile bot attacks have targeted banks, airlines, hotels, and
e-commerce companies
● Increased bot attacks on - Healthcare facilities, educational
institutions, gaming companies, marketing firms, publishing houses,
and even government agencies
● Every industry has a different bot problem
○ Ecommerce, travel – price scraping is a big concern
○ Healthcare, tech, ecommerce - credential stuffing on rise
8. Myth #3: Bot attacks are only a holiday shopping
problem
Facts
● Bot attacks can strike at any time of the year
○ Major event like a product launch,
○ Political events
○ During Covid
● Credential stuffing attack on Zoom - March 2020
● Credential stuffing attack on J.Crew - April 2019
9. Myth #4: Isolated tactics can stop all malicious
bots
Facts
● DDoS mitigation - can be effective against volumetric attacks but less
adept at detecting individual bots that imitate human user behavior
● Web Application Firewall (WAF) – can defend against SQL injections,
cross-site scripting (XSS), and zero-day attacks but not block bots that
scrape content
● Rate limiting - can block simplistic bot attacks but cannot detect bots
that go “low and slow”
● Multi-factor authentication or Captcha – provides additional layer of
security but don’t work for the all of bot use cases and adds friction to
user experience
10. Myth #5: I should build a custom bot
management tool
Facts
● May prove effective in the immediate term but requires
○ In-house technical expertise
○ Costly maintenance
○ Tedious upgrades
○ Constant fine- tuning of rules and policies
12. Built for security needs of the modern business
Configuration
Flexibility
Threat Intelligence
At-Scale
Automatic Whitelists
No JS injection
Integrated Security
and Performance
Mobile App Endpoint and
API Protection
Complete without
Complexity
Bot Management
14. Advantages of Bot Management solution
Simple
Deployment
Quick
Mitigation
Accurate
Detection
Rich
Analytics
● No JavaScript
● No mobile SDK
● Behavioral analysis
● Machine learning
● Fingerprinting
● Alternative content
● Captcha
● Log
● Block
● Reports
● SIEM integrations
15. Protect revenue and
customer trust
by enhancing sales
and reducing
customer churn.
Rich user experience due
to availability of website
during business hours
providing consistent user
experience without delays
Reduced operational
cost by eliminating the
manual effort of
detecting and blocking
bad bots
Benefits of Cloudflare’s Bot Management
Solution
16. CHALLENGES
• ArtStation saw account takeovers creating a bad experience for customers,
jeopardizing their business which grows through word-of-mouth and a positive
brand.
• Spamming and “social engineering” via mass posting and fake comments also
risked hurting the brand, making the environment feel unsafe.
• Competitors were scraping user information to spam them with competing offers.
ArtStation provides artists with an
amazing platform to showcase their
portfolio, find work and connect with
opportunities.
“Cloudflare Bot Management gives us
peace of mind as we scale our
business. Our team can focus on
creating value for our clients instead
of dealing with bots! It also results in a
better experience for our clients with
reduced spam, account takeovers and
malicious activity.”
Leonard Teo
CEO
http://cfl.re/art-station-customer-case
ArtStation / Customer Case Study
16
CLOUDFLARE SOLUTION
● Cloudflare’s bot management
classified and mitigated bad bots
that were waging credential stuffing
attacks.
● It did so without false positives or
blocking good bots.
● Built on Cloudflare, very simple to
integrate.
KEY RESULTS
● Peace of mind - knowing that
Cloudflare was working behind the
scenes to protect the site.
● Developers can focus on building
high value things instead of dealing
with malicious bots.
● Better experience for our clients
results in increased reputation.