Strengths: Solid analytics and good presentation in the user interface.
Weaknesses: None that we noted.
Verdict: For monitoring the impact of bots on a network this is the tool one needs.
SC Magazine’s digital forensics and online fraud group test review earned Distil Networks five-out-of-five stars across all categories: features, ease-of-use, performance, documentation, support and value for the money.
SC Magazine’s 5-Star Review of Distil Networks:
Distil Networks inspects each http request in real time to determine if it is a malicious bot. If so, it blocks the request. Next, machine-learning algorithms digest legitimate traffic patterns to pinpoint dangerous anomalies. When one domain is attacked, Distil gathers the attack information and distributes it back out to all Distil-protected sites. The product analyzes more than 40 bits of information from each client request to build a fingerprint that's unique to the browser making the connection. Fingerprints stick to the bot even if it attempts to reconnect from random IP addresses or hide behind an anonymous proxy. The product can be deployed on-premises or be provided as a cloud-based service.
This is a focused piece of network forensics - concentrating on bot traffic. It bridges the gap between online fraud prevention and cyberforensics in that it not only acts proactively but also provides enough information to at least partially analyze the bot attack. What we found interesting is that Distil does not care about the IP address - the usual touchpoint - but rather it concentrates on the fingerprint of the browser data.
This is not to say that Distil finds IP information irrelevant. The system can block by content (which includes referrers and anonymous proxies), custom pages with CAPTCHAs you create, IP access lists with both black and whitelisting, and a country block list. When a client's implementation triggers on a bad bot it sends the information to the Distil cloud where it is disseminated to all users. Additionally, having that data in the cloud enhances analytics.
One primary use of Distil is identifying and responding to click fraud. Since it makes a distinction between bad and good bots, and because of the integration of CAPTCHA, it is able to identify click fraud rapidly and respond.
We found the user interface very good with clear dashboards and excellent drill-down for details. One useful dashboard is the traffic overview. As well, there is an excellent dashboard that shows the source of bad bots. This dashboard has drill-downs that show threat analysis by organization, malicious countries and specific IP addresses.
Distil has a good website with pretty much everything you'd expect - support, FAQ, knowledge base - and, surprisingly, it offers 24/7 support at no cost. Additionally, the company offers professional and enterprise aid and assistance is available by phone or email. There was no documentation provided, but the cloud version is well-supported so it should not be necessary, especially with 24/7 aid.
While we recommend the cloud deployment - set up with a simple DNS change - on-premises deployment is on a bare metal virtualized environment with high availability and failover monitoring. We found the price reasonable given the quality of the service and, overall, we found this to be well conceived and presented with a set of analytics that is actually quite useful.
If you want to know about bots and botnets accessing your web pages, this tool is your cup of tea. It also is quite clear about the success (or not) of your anti-bot countermeasures, such as CAPTCHA.
To read the Distil Networks review on SC Magazine’s website, please visit: http://www.scmagazine.com/distil-networks/review/4433/
About the Author
SC Magazine Technology Editor Peter Stephenson is the former CISO of Norwich University. His areas of expertise include information assurance and risk, information warfare, counter-terrorism, and digital investigation and forensics. He teaches information assurance, network attack and defense, digital forensics and cyber investigation on both the graduate and undergraduate levels. He started his 40-year career as a U.S. Navy cryptographer, then moved into the private sector where he operated his own information security consulting practice for 20 years.