One thing that will always remain true for cybersecurity – it will never be static. Our adversaries are moving just as quickly as we are, if not more so, to come up with new attack methods and ways to end run existing defenses. We are seeing this play out now with the emergence of solver services for bot defenses.
Learn more about how attackers are leveraging bots in our whitepaper, The Role of Bots in API Attacks.
What Are Solver Services?
In a nutshell, solver services are the result of cyberattackers being entrepreneurial. First, they figure out how to circumvent or bypass a known bot solution. Next, they re-sell the “solver software” to other criminals – essentially commercializing the solution they built. In 2022, a Kasada report found a 750 percent increase in solver bot use in a 12-month period. They also report that in 2022, solver bots made up 95 percent of e-commerce bot traffic.
This is a new phenomenon, but also essentially the same problem organizations have always had defending against bot attacks – only amplified. It has long been a game of whack-a-mole trying to protect organizations from bad bots. Correlating logs, trying to figure out what the bots are doing, creating rules to block IPs and geos – only to have the attackers pivot and use new tactics, new IPs, and new evasions. Solver services make all this harder, and often impossible.
The Price of Solver Software
In the end, solver services not only leave organizations vulnerable to attack, but also out a significant investment. An organization spends time and money getting a bot protection solution deployed, then an attacker cracks it – either by paying for a service that can get around it, or cracking it themselves and reselling the workaround. Either way, it makes the organization’s investment worthless, the organization remains at risk, and it is forced to invest in an alternative bot solution.
How to Defend Against Solver Services
Many of the bot solutions that are getting “solved” are focused on a point in time or a particular type of attack. Keeping up with attackers today requires a security solution that can evolve and adjust as fast as they do. Relying on particular signatures of attacks or on one method of defense is no longer enough – effective solutions today require the ability to identify suspicious behavior and track the attacker over time – with the ability to identify and block not only attacks, but the suspicious activity leading up to the attack as well.
Learn more about an attacker-centric approach in our whitepaper.
How ThreatX Can Help
Rather than requiring a single, significantly risky event or identifying a known signature, ThreatX analyzes behaviors from multiple vantage points and tracks behavior over time. This lets the ThreatX Platform identify and block more threats, more accurately than competing solutions.
ThreatX recognizes suspicious user behavior, then flags and watches that user. This real-time monitoring enables ThreatX to execute advanced threat interrogation techniques, such as IP interrogation, fingerprinting, and tarpitting. When a series of user interactions cross a pre-determined risk threshold, we block the attack.
In this way, ThreatX evolves its techniques and tactics as the attackers do – leading to more effective bot blocking and less effective “solving.”
To see our bot management capabilities in action, get a short tour of our new botnet console.