451 Report Reviews the Web Behavior Analytics Landscape

December 14, 2015 Orion Cassetto

Eric Ogren of analyst firm 451 Research recently released a report titled Web behavior analytics: driving out bots, cutting out fraud” where he coined the term Web Behavior Analytics (WBA) to describe the growing anti-bot space. As Eric explains, WBA is an emerging set of technologies used to identify and block automated attacks. In his report, Ogren describes the threat these automated miscreants pose toward web environments, outlines the players in the space, and makes some predictions as to where he believes the space is headed.

Web behavior analytics: driving out bots, cutting our fraud

A Distinctly Different Problem than Web Application Firewalls OR Code-level Vulnerabilities

Ogren’s report describes the problem of bots as being distinctly unique from other web application layer threats like Cross Site Scripting (XSS) and SQL injection because it is more closely related to business logic attacks and the abuse of legitimate website access than the exploitation of a code-level security vulnerability.  The report explores some of the challenges that competitive approaches have in dealing with bots, and ultimately comes to the conclusion that bots are a new problem which requires a new solution: Web Behavior Analytics (WBA).

The Emerging Web Behavior Analytics Landscape

Before discussing which vendors are in this landscape, the report talks briefly about the categories of vendors which should be excluded.  Here’s Eric’s take on which vendors should be excluded and why:

  • WAFs and NGFWs due to their exploit centric approaches and use of signatures.  This technique is too reactive.
  • CAPTCHAs because of the friction they create users and the ease of bypassing them.
  • IP reputation service because of their inability to handle dynamically rotating IP addresses or highly distributed attacks.

The report then details the current line up of contenders for the WBA crown, which are described as “successfully blending web application security with anti-fraud practices” in their efforts to identify malicious automatons.

The Future of Web Behavior Analytics

The report concludes with Ogren’s take on the future of this space, which may potentially include acquisitions at the hands of companies looking to bolster their offerings with WBA technology.  He specifically mentions, credit rating agencies, cloud infrastructure providers, and network security and application delivery controllers vendors as likely purchasers.

Want to learn more?

Download the full report for more in-depth info on Eric Ogren’s analysis of the Web Behavior Analytics market.

 

About the Author

Orion Cassetto

Orion Cassetto joined Distil Networks as Director of Product Marketing in 2015, bringing with him nearly a decade of experience in the Cyber Security industry. His strengths include competitive strategy, positioning, and messaging for web application security and SaaS-based security solutions.

More Content by Orion Cassetto
Previous Article
The Best Piece of Security Advice for CISOs in 2016
The Best Piece of Security Advice for CISOs in 2016

Advice & Biggest Cybersecurity Threats for CISOs in 2016. Fourteen Industry experts weigh-in on how to miti...

Next Article
Understanding Bot Motives with Top Targeted Content Reporting
Understanding Bot Motives with Top Targeted Content Reporting

Understand the motives behind bot attacks. Get a summary of top content targeted by bots. Don’t sift throug...