The bot management market has matured considerably over the past few years. Two years ago, many vendors spoke primarily to the security persona, only the top vendors offered machine learning and layered detections, and response options were more limited. With the release of The Forrester Wave™: Bot Management, Q2 2022, we see a market that has consolidated across use cases, with almost every vendor addressing credential stuffing, web scraping, ad fraud, inventory hoarding, card fraud, and other more specialized scenarios. Detection and response capabilities that were differentiated two years ago are on par or even below par now. Bot operators continue to evolve their attacks as they attempt to bypass the latest protections, but firms suffering from bot attacks now have stronger options that can address their business needs. Here are some key findings from this evaluation.
Machine Learning Is Not Just A Marketing Label
Almost every vendor in the Wave evaluation has invested in machine-learning (ML) capabilities to improve detection — these vendors have teams of data scientists, multiple models, and a wide range of training data. Many vendors regularly check their models for drift and augmented ML detections with human analysis. The top vendors create custom models that include customer-provided data.
More Vendors Offer Customers Their Pick Of Defenses
Beyond simply blocking or throwing up basic challenges, better bot management vendors offer a cornucopia of options to stymie bad bots. Delays, honeypots, and deception are commonplace, and many vendors offer innovative custom challenges that are better at identifying bots but limit end customer friction and frustration. Some vendors have implemented invisible challenges such as proof of work. And the top vendors provide granular rules for customers that want to assign different bot defenses to different scenarios.
Reporting Has Vastly Improved, But Customers Still Want More
Bots affect more than the security persona, so top bot management solutions have reporting that targets other users’ interests and priorities. Look for solutions that provide relevant reports and metrics to different stakeholders, offer specifics on attack approaches and goals, and help security pros articulate the solution’s value to their leadership team. Reporting functionality still needs work across the board, however, and customers often find that they are not yet satisfied with reporting capabilities and want more visuals, deeper dives, and additional ways to cut the data.
White Glove Service Or Do-It-Yourself? There’s Something For Everyone
For those firms that prefer to manage their own solutions, several vendors have invested in top-notch reporting and configuration features to make that as straightforward as possible. Other vendors take a more hands-on approach, helping to configure customers’ detection and response options, setting up third-party integrations, generating custom reports, and conducting monthly or quarterly reviews with the client.
To learn more, check out The Forrester Wave™: Bot Management, Q2 2022, or set up an inquiry to discuss further.