Frequently Asked Questions
Q: How does ThreatX manage bot traffic while detecting malicious bots?
A: ThreatX will give you insight into all bot traffic hitting your APIs and applications so that you can understand the full picture of your bot traffic. Using a dynamic risk score, ThreatX highlights malicious bots by incrementally increasing their risk score as more nefarious activity is registered. This allows users (and the ThreatX platform) to quickly understand which bots are likely to be threats, what they’re targeting, and if desired – block them.
Q: How does ThreatX prevent account takeover?
A: Key tactics to protect against account takeover include the following:
Active Interrogation of Visitors – Actively challenge visitors in ways that are completely transparent to valid users while reliably revealing malicious automation.
Fingerprinting and Entity Tracking – Advanced fingerprinting techniques can track attackers even as they change IP addresses, user agents, or other identifying characteristics.
Automated Deception Techniques – deceptive techniques such as fake fields that are readable to bots but invisible to users. Any interaction with these fields or functions can reveal that the visitor is a bot and not a human. Additionally, tarpit or further deceive attackers to monitor and observe ongoing malicious behavior.
Application Profiling and Behavioral Analysis – Baseline and monitor the normal behavior of applications. Since many ATOs rely on malicious automation, it’s important to be able to detect anomalous and suspicious application behaviors to reveal a previously undetected account takeover.
These techniques represent just a few of the techniques and countermeasures that ThreatX uses every day against account takeovers.
Q: Does ThreatX include any manual management?
A: Other than a quick DNS redirect and perhaps some implementation tuning for complex environments – ThreatX is fully managed Protection-as-a-Service. There are no manual tasks for users unless desired. ThreatX managed services are available for support 24/7/365.
Q: How does ThreatX differentiate between good and bad traffic?
A: ThreatX detection methods are primarily looking for indicators of attack. This focus on attacker-centric behavioral analysis combined with a flexible approach to permanent and temporary blocks allows the ThreatX decision engine to identify threats with a high degree of accuracy.
Q: How does ThreatX behavioral analysis work?
A: The ThreatX platform correlates seemingly disparate activity across numerous IP ranges back to single entities and tracks them over time. As these entities perform various activity across your APIs and web apps a risk score starts accruing for malicious or potentially malicious actions.