New Study in Conjunction with OTA Honor Roll Reveals Bot Defense Performance Across Top Websites
SAN FRANCISCO, CA – June 21, 2017 – Distil Networks, the global leader in bot detection and mitigation, today released findings from a study of how top websites perform against sophisticated, moderate, simple and crude bots. This data is being provided with the Online Trust Alliance’s (OTA) Online Trust Audit, which recognizes excellence in consumer protection, security, and responsible privacy practices. The ninth annual audit, powered in part by Distil, evaluated the top 1,000 websites in retail, banking, consumer services, government, news media, internet service providers and OTA members. The findings reveal that while an average of 16 percent of websites across all industries can thwart simple bot attacks, only five percent can properly protect against sophisticated attacks.
Bots are used by competitors, hackers and fraudsters and are the key culprits behind web scraping, account take over, competitive data mining, online fraud, data theft, unauthorized vulnerability scans, spam, digital ad fraud and downtime. Bots vary in volume and sophistication, but all place an increasing burden on IT security and web infrastructure teams across the globe, wreaking havoc across online operations big and small.
Distil tested each website included in the OTA Online Trust Audit on their ability to defend against bot attacks of different sophistication levels, including:
- Sophisticated Bots – “Low-and-slow” bots coming in from dozens of IP addresses, using browser automation tools that can hold cookies and maintain state
- Moderate Bots – Bots with normal browser user agents and headers, coming in slowly from one IP
- Simple Bots – Non-browser user agents and headers, coming in fast from one IP
- Crude Bots – Basic script that behaves like a bot, coming fast from one IP address
The findings show that while most industries tested can adequately protect against crude bots, they struggle to effectively block simple, moderate and sophisticated bots. For example, federal websites block 22 percent of simple bots, but only protect against one percent of sophisticated bots, performing below any other industry tested. Despite poor performance, this year’s findings reveal a marked improvement from Distil’s 2016 study, which found that websites tested could protect against only 0.7 percent of sophisticated bots. Such improvement can be attributed to gradual movement toward greater awareness and adoption of more advanced bot detection and mitigation solutions.
2017 Bot Detection Rates by Sector
For more information regarding this study, visit: https://resources.distilnetworks.com/all-distil-blog-posts/bad-bot-partnership-with-ota
About Distil Networks
Distil Networks, the global leader in bot detection and mitigation, is the only proactive and precise way to mitigate bad bots across web applications, mobile and APIs. With Distil, you automatically mitigate 100% of OWASP Automated Threats without impacting legitimate users. Slash the high tax that bots place on your internal teams and web infrastructure and make your online applications more secure with API security, real-time threat intelligence, an analyst managed service, and complete visibility and control over human, good bot, and bad bot traffic. Distil Bot Defense for Web defends websites against web scraping, competitive data mining, account takeovers, transaction fraud, unauthorized vulnerability scans, spam, digital ad fraud, and denial of service. Distil Bot Defense for APIs protects public and partner-facing APIs against developer errors, integration bugs, automated scraping, and web and mobile hijacking. For more information on Distil Networks, visit us at https://www.distilnetworks.com or follow @DISTIL on Twitter.