New Bot Defense for API offering prevents bots from accessing the API servers that power websites and mobile apps.
With the addition of Bot Defense for API, Distil Networks is the only comprehensive bot defense platform that protects websites, mobile apps, and API servers from advanced persistent bots (APBs).
Distil’s existing Bot Defense for Web product has long protected APIs from bad bots within web pages. However, bad bot operators thwarted on websites move to the unprotected API server. By going directly to the API server and bypassing the browser and web server, bots circumvent traditional web application security. With the launch of Bot Defense for API, the API server that powers your website is now also protected from bad bots.
Key Bot Defense for API Features
Bot Defense for API brings industry leading bot defense technology to API security. It works by validating browsers using Bot Defense for Web, which detects bad bots and identifies them with a Hi-Def Fingerprint. Once set, the Hi-Def Fingerprint must be present in API requests, preventing bad bots from exploiting API servers directly—also known as “Browser-Not-Present” attacks.
Key Bot Defense for Mobile Apps Features
In addition to attacking the API server, bot operators masquerade as mobile app users. Bot Defense for Mobile Apps ensures only humans, using valid mobile apps, on real mobile devices can access mobile app APIs. Using our natively installed SDK, Distil’s unmatched bot detection starts inside the mobile application.
The SDK detects mobile device emulators, automated mobile users, and reverse engineered mobile apps. The Distil Appliance assigns each mobile device a unique ID that must be present in order for mobile apps to access APIs. The ID is managed and validated by Distil Networks to detect tamper attempts.
Distil Networks provides peace of mind, knowing your web and mobile assets are utilized by users and other legitimate human traffic—not malicious bots, programmed to cause your business harm.
Our technology verifies that humans, using verified browsers or mobile applications (on actual mobile devices) are allowed access. Every user is given a unique identifier and tracked using machine learning to ensure even the most crafty APBs are thwarted.
To learn more about Bot Defense for API, please visit: https://www.distilnetworks.com/api-security/
About the Author
Peter Zavlaris weighs in on various topics around bot mitigation, bot defense sharing white papers, videos and other resources on the topic.More Content by Peter Zavlaris