Home » All Blog Posts » Structure Security and Distil: Are Bot Operators Eating Your Lunch?

Structure Security and Distil: Are Bot Operators Eating Your Lunch?

November 30, 2016 Edward Roberts

At the first Structure Security event in San Francisco in September, Distil Presented a talk titled “Are bot operators eating your lunch? High risk lessons from OWASP Top 20 automated threats. A new way to think about Web Security.”

This presentation examined how bots are abusing websites and explored the following:

What are the behaviors of bad bots?
Research into how bots are evasive and behaving more like humans
Understanding the OWASP Automated Threats
Detailing why Web Application Firewall’s (WAF) are not built to prevent bots
Real-life case studies about web scraping, vulnerability scanning, credential cracking and stuffing (aka. Account takeover)
How identifying a bot begins with a hi-def fingerprint
The benefits of an inline technology in mitigating bots

Watch the full presentation by Edward Roberts below

About the Author

Edward Roberts leads Product Marketing and has over twenty years experience in technology marketing. Previously he worked for Juniper Networks, heading up Product Marketing for the Counter Security team. Before that he ran marketing for Mykonos Software, a web security company.
More Content by Edward Roberts

Infographic: Can You Trust a Bot?

Humans only make up 54% of total web traffic while bots make up the rest. Are bots bad though? View the dif...

Reviewing IoT Security Vulnerabilities: The Real Cost of Interconnectivity

Technology has improved greatly since 2007 with billions of interconnected devices, but IoT security standa...

DISTIL NETWORKS' RESOURCES HUB

Structure Security and Distil: Are Bot Operators Eating Your Lunch?

About the Author

Previous Article

Next Article

Structure Security and Distil: Are Bot Operators Eating Your Lunch?

About the Author

Previous Article

Next Article

Other content in this Stream

The Distil Research Lab released their latest threat research report called Mobile Bots: The Next Evolution of Bad Bots revealing that sophisticated bot operators now implement a new technique.

In this mobile bots study, Distil Networks now sees 5.8% of all mobile devices on cellular networks are used in bad bot attacks.

Founder of Distil Networks, Rami Essaid is a passionate entrepreneur who has been building companies for over a decade. Read the transcript of Enterprise Security Week’s talk with Rami Essaid.

Airlines suffer from automated abuse from bad bots in a major way. 43.9% of all traffic on airlines websites came from bad bots. Humans accounted for only 55.2% of traffic.

Over half (53.1%) the traffic on gambling and gaming websites comes from bad bots. Only 46.8% of traffic on these websites was human. What are these bad bots doing on gambling sites?

With most bad bot traffic emanating from data centers, it’s no surprise that the US remains the bad bot superpower. But Russia became the most blocked country by Distil customers in 2017.

WIthin our new Threat Research report on The Anatomy of Account Takeover Attacks, we see bad bot traffic on 100% of all monitored login pages.

Meet 2017 recipient Jenny Calderon. Beginning as a child her passion for discovering “how things work” encouraged her studies in the STEM field. Learn more about her path!

Banks are digitizing at a rapid pace to catch up with upstart fintech providers. Such rapid evolution can run the risk of introducing vulnerabilities.

Bad bots makeup 21.4% of traffic on ecommerce sites. When you consider the goals of any bot operator it is easy to understand why ecommerce websites suffer from bot problems.

In this account takeover study, Distil Networks now sees bad bot traffic on 100% of all monitored login pages. View this infographic for more information.

The Distil Research Lab released their latest threat research report called The Anatomy of Account Takeover Attacks revealing that bad bots are on every website with a login page. Even yours.

Bots are on your website every day. Every site is targeted for different reasons, and usually by different methods, so there is no one-size-fits-all bot defense solution. Here are some recommendations

This report is the bot mitigation industry’s leading study and analyzes hundreds of billions of bad bot requests to provide insight into the impact of bad bots on business today.

This infographic shows how the GiftGhostBot works, it's profile, scale and who it effects. Learn about this bad bot and how to detect and stop it.

Last month, OWASP released an updated version of their Automated Threat Handbook that includes Denial of Inventory (OAT-021).

Distil's Edward Roberts, Director of Product Marketing and Anna Westilius, Senior Director of Security explain GiftGhostBot, a sophisticated bot attack on gift card balances.

These days, automated attacks, and the speed with which attackers can modify their techniques to avoid detection, continue to put pressure on rule-based systems.

Bots can appear as normal users, with an IP address, browser and header data, and other seemingly identifiable information. But dig a bit deeper by collecting and reviewing in-depth analytics and othe

The Distil Networks-Akamai Integration Guide, which provides general instructions for integrating Distil with Akamai’s CDN.