Nearly 40% of all internet traffic is now malicious bot traffic. Good bot traffic is also booming, but it’s lagging at “only” about 25% of all traffic. And this is taking place as organizations are increasingly migrating to hybrid or cloud-only environments, creating a wealth of new potential attack surfaces.
Just as good bots are invaluable tools to perform a wide range of necessary tasks, bots are very handy in criminals’ hands too — for example, sifting through a vast stolen data dump to find and test credentials, credit card numbers, and so on. And they’ve grown very sophisticated, able even to successfully mimic human behavior to evade detection.
OWASP has analyzed today’s entire range of bot attacks, or Automated Threats to Web Applications, and has classified them into 21 separate types. They’ve also created a list of types of countermeasures available to help you combat those threats.
How to stop bad bots
At Barracuda’s Secured.21 global virtual customer conference last year, the App and Cloud Security track included a Deep Dive session on the OWASP automated threat data and how to stop bad bots while allowing good bots and human users to engage normally.
Here’s a clip in which Senior Project Management Director Anshuman Singh begins to present the 21 threats listed in OWASP’s handbook, dividing them into six categories, such as credential theft, vulnerability scanning, denial-of-inventory, and others:
After explaining in depth the scope and power of malicious bots in the hands of bad actors, Anshuman goes through OWASP’s listing of 14 types of bad-bot countermeasures, and how they address different aspects of the threat posed by bot attacks.
Watch the whole session and you’ll also get Anshuman’s detailed presentation about how Barracuda WAF-as-a-Service works in the cloud to provide many of the countermeasures listed by OWASP. And you’ll see a demo of how the powerful, intuitive interface makes it easy to visualize, monitor, and control your cloud app security infrastructure.
Automated application-layer attacks executed with highly sophisticated bots are growing fast. Watch this highly informative session to understand both the nature of the threat and the requirements for an effective defense.
Tony Burgess is a twenty-year veteran of the IT security industry and is Barracuda’s Senior Copywriter for Content and Customer Marketing. In this role, he researches complex technical subjects and translates findings into clear, useful, human-readable prose.
You can connect with Tony on LinkedIn here.