Secure your online data, analytics and inventory against advanced bots. Protect websites, mobile applications and API’s from the growing threat of advanced bots that can scrape your data, lock up your inventory, skew your web analytics, bringing chaos for your digital business.
Detect and block hidden almost-human bot attacks with machine learning. Our cloud-based Threat Intelligence Service uses crowd-sourced data and battle-tested machine learning models to identify and block sneaky low-and-slow attacks attempted by advanced bots.
Improve user experience and security. Minimize the risk of data breaches, reputational damage and financial disasters without using CAPTCHAs or slowing down customers. Barracuda’s powerful, innovative application security and bot mitigation solutions are truly simple to deploy, configure, and manage.
Web & Price Scraping Protection Competitors and other third parties often use automated scripts to steal pricing and other content in real-time. Price scraping and content scraping results in reduced customer visits and conversions. The ABP solution uses a number of signals – page access speeds, page access patterns, client telemetry (IP, SSL Fingerprint) etc – to identify and block possible web scraping attempts. Brute Force Detection Brute Force attacks are typically used during reconnaissance attempts – these include attacks like directory traversal, credential cracking etc. The Barracuda WAF product line can identify brute force attempts from individual clients and block them.
Bot Spam Detection Bot Spam takes various forms – it can be in the form of referrer spam, polluting your website analytics. Alternatively, it can present as Form Spam, with thousands of spurious signups on your internet facing forms. Either way, you end up with skewed data that can take forever to clean up. Barracuda ABP uses several methods to identify and block such spam, including learning all the forms on a website and the time taken to fill the form. It then uses these learned parameters to identify spammers and block them. Client Fingerprinting Blocking an entire IP address for bad behavior causes significant problems. This method can be used for known problem IP ranges, such as hosting providers, TOR ranges etc, but in most cases, an IP address may have hundreds or more users behind it. The Barracuda ABP systems uses passive and active methods to fingerprint each client beyond the IP, down to the browser level. This allows you to block a single misbehaving client down to the browser level, reducing the blast radius of the block.
Protective Defence Bots come from a variety of sources – home IP addresses, datacenters, VPS, consumer VPN providers and Tor. In some cases, it is quite easy to stop bots by blocking entire IP ranges, like VPS providers or datacenters. The Barracuda WAF product line provides several such IP categories, including reputation-based lists to proactively block attackers and bots at the IP level.
Account Takeover Detection Credential Stuffing and Spraying attacks have been used to compromise household names the world over with Account Takeover attacks. Attackers use bots and breached credential lists to perform low and slow brute force attacks and takeover user accounts. Barracuda ABP hosts a cloud database of breached credentials and validated incoming logins against this database. When a hit is found, you can then block the attacker and secure the user account.
Machine Learnign Based Bot Detection Today’s bots are built to be almost human in their behavior. Standard signature checks and validations do not always catch these bots. Barracuda ABP’s cloud-based detection identifies the most advanced bots within the first few requests using a combination of website specific rules and machine learning models. The website specific rules are built by our system for each application you onboard, leading to a very low false positive rate. Since the ML system is built in the cloud, new bot detection models that are deployed are usable by all connected systems without needing a firmware upgrade.
Crowd-Sourced Bot Detection The Barracuda ABP systems gets data from a massive honeypot network which collects many forms of threat intelligence beyond web attacks. This intelligence is combined with other data we see in production systems the world over, and a curated crowd-sourced threat intelligence stream is available to every ABP customer.
- Machine Learnign Based Bot Detection
- Crowd-Sourced Bot Detection
- Brute Force Detection
- Account Takeover Detection
- Client Fingerprinting