The document discusses the rise of bot-generated web traffic, which accounts for 50% of all online activity, along with the threats posed by various generations of bots that increasingly mimic human behavior. It highlights the effectiveness of Datadome, a bot management solution that protects against bot attacks with real-time detection and extensive analytics capabilities, as demonstrated in a case study of Blablacar. Key metrics show that Datadome has successfully prevented millions of hacking attempts and provided significant security improvements for websites using its service.

1. Bot management solu-on

2. 50%
OF THE WEB TRAFFIC IS GENERATED BY BOTS

3. OPEN WEB APPLICATION SECURITY PROJECT
The OWASP Founda-on came online on December
1st 2001, is an open community dedicated to
enabling organiza-ons to conceive, develop, acquire,
operate, and maintain applica-ons that can be trusted.

4. OWASP AUTOMATED THREATS

5. data of 3 billion users leaked online
data of 167 million users leaked online
data of 142 million users leaked online
data of 143 million users leaked online
data of 50 million users leaked online
THE BIGGEST DATA BREACHES EVER

6. GDPR: 742 DATA LEAKS
Between May 25 and October 1, 2018, the CNIL received
742 no-fica-ons of personal data breaches that affected
33,727,384 individuals.
More than half of the no-fied breaches (421 no-fica-ons)
were due to hacking via malicious socware or phishing.

7. AUTOMATION IS A REAL THREAT
“Bad bots are automated programs that
a,ackers use to breach applica2ons, steal data,
manipulate analy2cs, and bring down services”
Amy DeMar7ne & Jeff Pollard, Principal Analysts, Forrester

8. THE CHALLENGES OF BOT DETECTION
Bots are more and more complex & distributed
2019
GEN 1 BOTS
No sense of context or session
about the user
Detect through absence of cookies
Ex. Inhouse scripts
GEN 2 BOTS
No Javascript capacity
Detect through absence of
JavaScript firing
Ex. Nutch, Scrapy
GEN 3 BOTS
Look like browsers
mimic legi-mate user traffic
convincingly
Detect with fingerprint
Ex. PhantomJS, CasperJS
GEN 4 BOTS
Mimics human behavior or hides
inside a user session
Detect with behavior analysis
Ex. Chrome Headless

9. DATADOME : BOT MANAGEMENT SOLUTION

10. PROTECTION OF ALL VULNERABILITY POINTS
Website
Mobile Applica-on
Login pages
Payment funnels
{...} Web services APIs
Form and submit sec-ons
BackOffice
RSS
A bulletproof online protec-on needs to go way beyond protec-ng a website. A modern
digital business has 8 different vulnerability endpoints:

11. With 40 million members, BlaBlaCar is currently the
largest community of carpoolers in the world. The web
and mobile plaiorm connects drivers offering seats in
their cars with passengers who want to make the same
journey.
CASE STUDY: BLABACAR

12. The BlaBlaCar team discovered, via unusual
and inexplicable load spikes, that bots
were trying to take control of user accounts
on the site
Bots were using “brute force” technique to
test login-password combina-ons ; success
rate can go up to 8%
PROBLEM: ACCOUNT TAKEOVER

13. SEAMLESS INTEGRATION
SERVER SIDE CLIENT SIDE
SDK Android SDK iOS Javascript Tag
DataDome easily integrates into 95% of the world’s web infrastructure and does not
require any change in hos-ng architecture.
Our solu-on relies on a server-side module, and for behavioral detec-on, DataDome
relies on a client-side integra-on, with a Javascript Tag, an Android or iOS SDK and
Single Page App & Ajax calls.

14. SOLUTION: BAD BOT REAL TIME DETECTION
• SCALABILITY
“The team managed the ramp-up perfectly, especially since the chosen architecture is
designed in such a way that DataDome is not a Single Point of Failure. It’s fundamental for us
to be absolutely certain that an eventual DataDome failure will not block traffic to our site,”
• LATENCY
Regarding latency, a key element for the user experience, “it’s extremely well managed on the
DataDome side. If there’s any degrada-on, it is largely within acceptable margins (a few
milliseconds), especially given the value we get in return from the service”.
Francis Nappez, cofounder & CTO at BlaBlaCar

15. ARCHITECTURE: AI & REAL TIME RULES
<…>
Web
Mobile app.
API endpoint
MUTUALIZED AI
AUTOMATIC RESPONSES
1
Real 7me rules
MANUAL MANAGEMENT
2

16. DataDome AI
SOLUTION: ANALYSED 2,5 BILLION HITS/DAY

17. 50 metrics & challenges on web and mobile including:
• HTTP headers
• User event tracking
• Plugins, fonts, canvas
• Browser automa-on: PhantomJS, NightmareJS, Selenium
• VM detec-on
• Device emulator detec-on
• Fake language, OS, resolu-on, -mezone
• WebGL
• Screen resolu-on, colours, orienta-on
• CPU
• Browser history length
....
BOT IDENTIFICATION ON WEB / APPS

18. Known threats
2ms
New threats
100 ms
Advanced new threats
Second
sync async
3 layers of fully automated bot threat detec-on
ADVANCED ATTACK DETECTION SOLUTION

19. RESULTS: USER ACCOUNTS ARE PROTECTED
“With DataDome, we benefit from the collec-ve intelligence accumulated on all the sites
protected by the technology, and this delivers great value in terms of guaranteed security.”
Francis Nappez, cofounder & CTO at BlaBlaCar
Key numbers - last 30 days:
✓14,432,438 acts of data / content thec
prevented
✓26,504,418 intrusion aqempts avoided
✓150,342 hacking aqacks denied
Results
✓Automated blocking of impersonator bots
✓Efficient protec7on of data and users
✓Full visibility of bot traffic
STATUS: PROTECTED

20. DISCOVER YOUR REAL-TIME BOT TRAFFIC IN 15 MINUTES FROM NOW
DataDome is the only bot management solu-on available in full
SaaS mode. Our pricing is public, our documenta-on is public, and
you can start a 30-day free trial on your own, any -me you want.
• Create your account (< 1 minute, no credit card)
• Install the DataDome module (< 10 minutes)
• See your bot traffic (instant dashboard access)
START FREE TRIAL

21. ABOUT DATADOME

22. FORRESTER NEW WAVE: BOT MANAGEMENT
DATADOME: STRONG PERFORMER
‣ WAVE POSITION: STRONG PERFORMER
DataDome is the best fit for companies that require speedy detec-on and response.
‣ REFERENCE QUOTES
“Easy to deploy. No overhead.”
“We have seen much-improved website availability and much more stable response
-me.”

23. ABOUT DATADOME
‣ Cofounded in 2015 by Benjamin Fabre and Fabien Grenier
‣ Strong track record: 10 years in the bot industry
‣ 20 people
‣ 900% revenue growth in 2017
‣ 30% of revenue abroad

24. BA & VC INVESTORS - 14 IT & SAAS EXPERTS
Fabien Bourdier
TravelClick
Quen7n de Chivré
Quo-ent Technology
Julien Coulon
Cedexis
Thibaud Elziere
eFounders
Charles Fourault
50 Partners
Godefroy Jordan
Star-ng Dot
Julien Leroy
AdVideum
Sébas7en Lucas
Oxalide
Jérôme Masurel
50 Partners
Francis Nappez
Blablacar
Quen7n Nickmans
eFounders
Christophe Poupinel
Ooreka
Patrice Thiry
ProWebCE
Jus7n Ziegler
Rakuten
Jean-David Chamboredon
Isai

25. FAST GROWTH: +1500 PLATFORMS PROTECTED
eCommerce Classifieds Media

26. CUSTOMER SATISFACTION 2017-2018
! > 98%

27. Lauréat 2017 - catégorie Cybersécurité
CYBERSECURITY STARTUP

28. Benjamin Fabre Fabien Grenier
Merci !