Eric Ogren of analyst firm 451 Research recently released a report titled “Web behavior analytics: driving out bots, cutting out fraud” where he coined the term Web Behavior Analytics (WBA) to describe the growing anti-bot space. As Eric explains, WBA is an emerging set of technologies used to identify and block automated attacks. In his report, Ogren describes the threat these automated miscreants pose toward web environments, outlines the players in the space, and makes some predictions as to where he believes the space is headed.
A Distinctly Different Problem than Web Application Firewalls OR Code-level Vulnerabilities
Ogren’s report describes the problem of bots as being distinctly unique from other web application layer threats like Cross Site Scripting (XSS) and SQL injection because it is more closely related to business logic attacks and the abuse of legitimate website access than the exploitation of a code-level security vulnerability. The report explores some of the challenges that competitive approaches have in dealing with bots, and ultimately comes to the conclusion that bots are a new problem which requires a new solution: Web Behavior Analytics (WBA).
The Emerging Web Behavior Analytics Landscape
Before discussing which vendors are in this landscape, the report talks briefly about the categories of vendors which should be excluded. Here’s Eric’s take on which vendors should be excluded and why:
- WAFs and NGFWs due to their exploit centric approaches and use of signatures. This technique is too reactive.
- CAPTCHAs because of the friction they create users and the ease of bypassing them.
- IP reputation service because of their inability to handle dynamically rotating IP addresses or highly distributed attacks.
The report then details the current line up of contenders for the WBA crown, which are described as “successfully blending web application security with anti-fraud practices” in their efforts to identify malicious automatons.
The Future of Web Behavior Analytics
The report concludes with Ogren’s take on the future of this space, which may potentially include acquisitions at the hands of companies looking to bolster their offerings with WBA technology. He specifically mentions, credit rating agencies, cloud infrastructure providers, and network security and application delivery controllers vendors as likely purchasers.
Want to learn more?
Download the full report for more in-depth info on Eric Ogren’s analysis of the Web Behavior Analytics market.
About the Author
Orion Cassetto joined Distil Networks as Director of Product Marketing in 2015, bringing with him nearly a decade of experience in the Cyber Security industry. His strengths include competitive strategy, positioning, and messaging for web application security and SaaS-based security solutions.More Content by Orion Cassetto