Bot Shield is a comprehensive Bot management solution. It allows site and application owners to easily diﬀerentiate between human traffic and bot traffic, and then again between beneficial bots and malicious ones. Bot Shield mitigates automated attacks, fraud, and abuse of resources by blocking malicious bots eﬀectively, without disrupting the user experience of legitimate human users. Bot Shield is used by customers in multiple diﬀerent industries to identify and block attacks and abuses such as Ticket scalping and deny of inventory, scraping, brute force and account take over, fraudulent registrations, malicious vulnerability scanning, carding and more.
Bot Shield is deployed on CDNetworks’ distributed Points-of-Presence (PoPs) as a cloud-based solution. It can be provided with a full CDN acceleration service, a Web Application Firewall (Application Shield), and a DDoS mitigation solution (Flood Shield). Bot Shield uses multiple technologies to identify and block bot attacks. It uses browser detection and human behavior sensors to monitor entire sessions and then applies both hidden and visible challenge-response themes to block suspicious traffic. Customized rate limitations can be configured according to IP addresses, URIs, HTTP headers, and other parameters and combinations, and the triggered action and its severity level can be set by the customer. A comprehensive list of beneficial bots can be used to avoid disruption to indexing and monitoring services and new such beneficial bots can be defined by the customer as well. Finally, each event and each action triggered are all logged. Logs are available to the customer to download or explore with an intuitive analysis tool to instigate and correlate attack events.
|Transparent Challenges||Testing of browser capabilities with an obfuscated JS challenge.||Block malicious scripts and headless browser automation tools without any disruption to user experience.|
|Human Behavior Detection||Automated detection of mouse moves, mouse clicks, the screen tilts, etc. to validate if a browser is being automated.||Detect cases of standard web browsers being automated to perform malicious tasks and block them.|
|Customized Actions||Choose the right action for each event: log, block, or challenge. Customize challenge thresholds. Send bot warning to the origin via HTTP header.||Total ﬂexibility and control over bot traffic shaping, allowing customers to take specific actions against any threat type.|
|Advanced Rate Limiting||Limit access rates by IP address, URI, HTTP header, the user ID or any combination of these parameters.||Protect sites and APIs against repeated attempts to scrape or steal data, guess passwords and other such malicious automated activities.|
|Visual Dashboard||View bot traffic trends on a real-time dashboard, filter by domains, attack types, dates and more parameters.||Get an immediate and intuitive picture of your bot vs human traffic and your security status.|
|Incident Investigation||Route traffic to CDNetworks’ PoPs through a DNS configuration.||Easily investigate bot traffic and attacks and attack trends. Correlate between events by clickable parameters.|