Distil Networks - Leader Bot Management
The Forrester New Wave™ and Distil Networks: Bot Management, Q3 2018
In Forrester’s evaluation of the emerging bot management market, they identified the 12 most significant providers — Akamai Technologies, Alibaba Cloud, Cloudflare, DataDome, Distil Networks, Oracle Dyn, PerimeterX, Reblaze, ShieldSquare, Stealth Security, Unbotify, and White Ops — and evaluated them.
Distil Networks, Akamai Technologies, And ShieldSquare Lead The Pack Forrester’s research uncovered a market in which Distil Networks, Akamai Technologies, and ShieldSquare are Leaders; PerimeterX, DataDome, and White Ops are Strong Performers; Alibaba Cloud, Stealth Security, and Oracle Dyn are Contenders; and Reblaze, Cloudflare, and Unbotify are Challengers. Attack Detection, Attack Response, And Threat Research Are The Biggest Differentiators Bot management tools differ greatly in their detection methods; many have very limited — if any — automated response capabilities. For many buyers, threat research will be a key decision criterion, as it indicates whether the vendor continually updates its products for the next wave of bot attacks.
Evolving Bad Bot Attacks Require Technical Solutions
The internet is flooded with automated traffic from sources such as search engines, virtual assistants, and chatbots. But running counter to this productive automated traffic are bad bots, software programs that malicious attackers use to automate their attacks. Bot management tools must determine the intent of automated traffic in real time to distinguish between good bots and bad bots. Meanwhile, attackers can easily create, buy, and modify bots, so their behavior, objectives, and sophistication levels vary greatly:
› Basic bots simply gather data. Web scraping has existed for as long as websites have published data; search engine providers and sales channel partners built bots to simply gather information. But just as quickly, malicious actors built bad bots to steal unprotected, sensitive information. As companies identify and block bots based on behavior such as that coming from static IP addresses or downloading lots of data, attackers continually modify their bots to make them more difficult to detect.
|Attack detection||How does the product identify bots? How is the attack detection differentiating? How does the product ensure that good customer traffic is not impacted? How does the product identify bots for websites and other types of applications such as mobile apps?|
|Attack response||How does the product natively respond to attacks such as alerting, cutting off the user session, denying a specific request, requesting additional identification, slowing down traffic from partners, misdirection, and creating a honey pot?|
|Management UI||How does the UI enable centralized management for the application and modification of attack detection and response? Are rules customizable? If so, how flexible is the product in creating rules, and does the product make editing, testing, and applying rules easy?|
|Threat research||How does the vendor discover and address new threats and new bot patterns? What research is published by the research team about evolving bot trends, and is this research published to customers and/or publicly? How many full-time threat research analysts does the company employ?|
|Reporting and analysis||Does the product create native dynamic reports and visualizations that effectively communicate the value of the bot management solution? Does the product provide out-of-the-box and customizable reports and dashboards on top managed attacks, attack response, and types of bots?|
|Feedback loops||How does the product enable feedback loops to security operations, marketing professionals, and customer experience professionals? Are the feedback loops enabled via integrations with applications that support those specific roles, role-based reporting, APIs, or command line?|
|Performance metrics||How does the vendor ensure that the bot management product effectively blocks bad bots, slows good partner traffic, and enables good performance for its clients? What information is produced for potential and current customers and/or publicly about best practices, trends, and performance impact?|
|Vision||How well does the vendor’s product vision align with the needs of its clients to win, serve, and retain customers? How well does the vision align with current and future trends? Is the company identifying and addressing competitive threats? Does the vision have support and visibility from senior executives?|
|Road map||How strong is the company’s ability to define specific milestones and benchmarks with corresponding resources and capabilities to deliver on its strategy? Does the company have plans to execute on its vision through product enhancements, commercial model enhancements, and partner ecosystem expansion?|
|Market approach||Can the company show tangible evidence of successfully gaining customers in terms of marketing message, vertical market strategy, geographic strategy, average deal size, number of current customers, and commercial model?|
› More mature bots attack vulnerable applications. Bots can attack applications to achieve various malicious goals, such as stealing sensitive customer data, committing fraud, and disrupting commerce. Cyber attackers use bots, either individually or in coordinated botnets, to change source IP addresses or to originate from legitimate customers’ devices. One way to detect these bots is to employ challenge scripts to determine whether the client browser is valid, what peripherals are attached, or what kind of battery a mobile phone contains. More advanced responses, such as misdirection, honey pots, or sending misleading information to a bot, avoid alerting attackers that they should modify their bots to skirt detection.
› Sophisticated bots can mimic human behavior. When humans browse websites, they pause, use nonlinear mouse movements, and follow logical flow. Sophisticated bots can mimic these behaviors and even hijack a real customer’s browser and tokens. To combat these most sophisticated bots, security pros need a bot management tool that can layer detection methods such as statistical analysis of user behavior, collect biometrics to detect anomalies, and continuously update reputational scoring. A bot management vendor threat research team will keep abreast of new bot trends.
Distil Networks: Forrester’s Take
Our evaluation found that (see Figure 3):
› Distil Networks excels with robust detection, response, user interface, and reporting. Distil Networks boasts 15 different machine learning models to identify bots and over 10 different attack responses. The company is continuing with its data science roots, researching new detection methods.
› Distil Networks should add feedback loops to security operations and marketing. Distil could use formal integrations with security and marketing analytical tools to help keep business stakeholders informed about attacks and potential obstruction of good traffic.
› Distil Networks is best for firms that want flexibility in bot management. Customers of Distil Networks have granular control over how the tool detects and responds to attacks. Distil Networks Customer Reference Summary
Customers praised the overall functionality, support, and professional services, but they felt that new functionality could be released faster and that the product needs more-granular reporting.