Announcing Bot Defense for API and Mobile Application Security

July 12, 2017 Peter Zavlaris

New Bot Defense for API offering prevents bots from accessing the API servers that power websites and mobile apps.

With the addition of Bot Defense for API, Distil Networks is the only comprehensive bot defense platform that protects websites, mobile apps, and API servers from advanced persistent bots (APBs).

Distil’s existing Bot Defense for Web product has long protected APIs from bad bots within web pages. However, bad bot operators thwarted on websites move to the unprotected API server. By going directly to the API server and bypassing the browser and web server, bots circumvent traditional web application security. With the launch of Bot Defense for API, the API server that powers your website is now also protected from bad bots.

Key Bot Defense for API Features

Bot Defense for API brings industry leading bot defense technology to API security. It works by validating browsers using Bot Defense for Web, which detects bad bots and identifies them with a Hi-Def Fingerprint. Once set, the Hi-Def Fingerprint must be present in API requests, preventing bad bots from exploiting API servers directly—also known as “Browser-Not-Present” attacks.

Key Bot Defense for Mobile Apps Features

In addition to attacking the API server, bot operators masquerade as mobile app users. Bot Defense for Mobile Apps ensures only humans, using valid mobile apps, on real mobile devices can access mobile app APIs. Using our natively installed SDK, Distil’s unmatched bot detection starts inside the mobile application.

The SDK detects mobile device emulators, automated mobile users, and reverse engineered mobile apps. The Distil Appliance assigns each mobile device a unique ID that must be present in order for mobile apps to access APIs. The ID is managed and validated by Distil Networks to detect tamper attempts.

Distil Networks provides peace of mind, knowing your web and mobile assets are utilized by users and other legitimate human traffic—not malicious bots, programmed to cause your business harm.

Our technology verifies that humans, using verified browsers or mobile applications (on actual mobile devices) are allowed access. Every user is given a unique identifier and tracked using machine learning to ensure even the most crafty APBs are thwarted.





To learn more about Bot Defense for API, please visit:


About the Author

Peter Zavlaris

Peter Zavlaris weighs in on various topics around bot mitigation, bot defense sharing white papers, videos and other resources on the topic.

More Content by Peter Zavlaris
Previous Article
Are You Treating Your Customers Like Criminals – Without Realizing It?
Are You Treating Your Customers Like Criminals – Without Realizing It?

Learn a new perspective on how to think about online fraud from our visit to the IT Security and Risk Summit.

Next Article
How To Prevent Screen Scraping: Policy, Contracts and Technology Evaluation
How To Prevent Screen Scraping: Policy, Contracts and Technology Evaluation

When organizations create policy requiring screen-scraping and other automated attack prevention and monito...