One of my favorite things about covering the bot management market is that bots are not just a security issue. Sure, it’s common for bots to conduct credential stuffing attacks with a bunch of stolen usernames and passwords, but that just scratches the surface of the bot problem. Attackers also use bots to perform reconnaissance for future attacks, to commit shopping cart and ticketing fraud, and to engage in ad fraud.
The most sophisticated bots mimic human behavior.
Such scenarios hit the security team, the marketing team, the eCommerce team, and the executive team. Each of those teams has different priorities, acts according to different incentives, and responds to different data. This means that effective bot management solutions must not only address a broad range of attacks and stakeholders but must also present information that resonates with each stakeholder.
Both business and security drivers were front and center as we evaluated the 13 bot management providers for the Forrester New Wave™. The top performers differentiated themselves with strong:
- Attack detection. The most sophisticated bots mimic human behavior. Leading bot management tools find these bots by layering detection methods such as statistical analysis of user behavior, collecting biometrics to detect anomalies, and continuously updating reputational scoring.
- Attack response. Blocking and rate limiting are not sufficient to prevent the bot influx and maintain a frictionless experience for legitimate users. Bot management vendors have added honeypots, redirects, open connections, challenges, and other methods that increase attacker costs.
- Reporting. Dashboards and reports must address business and security contexts. The best ones are consumable across the organization, reporting not just on top countries and IP addresses but on attack intent and mitigations.
For more information on what to look for in a bot management solution and how vendors address these needs, check out our latest report, “The Forrester New Wave™: Bot Management, Q1 2020.”