The Many Faces of Bad Bots

PUBLISHED ON September 1, 2020
LAST UPDATED August 19, 2021

Bad bots and malicious automation are one of the few technology challenges that can materially impact on every business team inside an organization. With up to 50% of Internet traffic generated by bots, organizations are awash in a sea of automated visitors. Some bots are benign, others aren’t. Those that aren’t can interfere with customer acquisition. They steal data and intellectual property. They erode application performance. They directly defraud businesses.

How well an organization addresses risks from bots will typically have a measurable effect on the health of the business. This creates a unique opportunity for security professionals to deliver material business value. Instead of being viewed as the team that says “no,” the bot management challenge can serve as a call-to-action, requiring security-led collaboration across the organization.   

Bad bots are one of the few cyber threats that can impact almost every team and a functional group within an organization. If the business relies on its online presence, then the effects of automation are likely to be pervasive throughout the organization. The very fact that bots can affect so many teams may actually make it unclear which group should own responsibility for solving the problem. Yet while many teams will be affected, it is ultimately the AppSec and operational security teams who have the hands-on opportunity to address the problem at its source. This provides an ideal opportunity for security teams to step as problem solvers for a wide variety of teams. 

It is also important to note that bots and malicious automation are always evolving. A detection that works on one form of automation may not work on another. If an attacker is thwarted by a particular technique, they are likely to shift to others the next time. This makes it important to support a multi-disciplined approach to solving the bot problem. For example, behavioral analysis, active interrogation of a visitor, and/or deception may all be required to confidently–and accurately–distinguish a bot from a valid user. DDoS protection may be required to protect resources and ensure applications remain available. Likewise, organizations should have access to experts who are used to dealing with malicious automation. This can allow teams to quickly adapt as attackers shift to new techniques. 

Bots can impact a business and uniquely affect each functional teams within an enterprise. Technique and considerations within each functional team can vary. Here’s how:

ThreatX provides a fully integrated platform that is able to detect and mitigate bots using a variety of techniques that all work together. The platform also comes with built-in managed security services that provide 24/7 on-demand access to experts so that organizations the help they need–when they need it.

To learn more about ThreatX and its bot detection and management capabilities, contact the team to schedule a demo.


About the Author

Gene Fay

Gene has extensive experience building high-impact teams at early-stage startups in storage, virtualization, and cybersecurity. He has specific expertise in go-to-market strategies, marketing, customer success, and channel development. Gene holds an MBA from Northeastern University, where he guest lectures on topics such as product management, marketing, and sales.