Intelligent CIO APAC Issue 18 - Page 26

Bad bots are built to perform various malicious activities . it ’ s critically important to detect and effectively block bot traffic .”
Best practices to protect against bot attacks
• Most bot traffic comes in from the two large public clouds-AWS and Microsoft Azure-in roughly equal measure .
• Just over 22 % of bad bot traffic comes from Europe , with European bad bot traffic more likely to come from hosting services or residential IPs .
• Bad bots follow a standard workday and with good reason . The attackers running these bad bots prefer to hide within the normal human traffic stream to avoid raising alarm bells . The common stereotype of a ‘ hacker ’ performing their attacks late into the night in a dark room with green fonts on a black screen has been replaced by people who set up their bots to carry out the automated attacks while they go about their day .
“ While some bots like search engine crawlers are good , our research shows that over 60 % of bots are dedicated to carrying out malicious activities at scale ,” said Nitzan Miron , VP of Product Management , Application Security , Barracuda . “ When left unchecked , these bad bots can steal data , affect site performance and even lead to a breach . That ’ s why
When it comes to protecting against newer attacks , such as bots , defenders can be overwhelmed at times due to the number of solutions required . The good news is that solutions are consolidating into WAF / WAF- As-a-Service offerings , also known as Web Application and API Protection ( WAAP ) services . This will improve both user experience and overall security . A few key steps include :
• Put proper application security in place . Install a web application firewall or WAF-As-a-Service solution and make sure it is properly configured . This is an important first step to make sure your application security solution is working as intended .
• Invest in bot protection . Make sure the application security solution you choose includes anti-bot protection so it can effectively detect and stop advanced automated attacks .
• Take advantage of Machine Learning . With a solution that uses the power of Machine Learning , you can effectively detect and block hidden almost-human bot attacks . Be sure to turn on credential stuffing protection to prevent account takeover as well . p
26 INTELLIGENTCIO APAC www . intelligentcio . com