If you haven’t heard of the Savannah Bananas, you’re missing out. This traveling baseball team has become the Harlem Globetrotters of baseball, playing a modified version of the sport with rules designed to speed up games and engage the fans. (If a fan catches a foul ball? The batter is out.) Almost all Banana Ball games stream on YouTube, and I’ve watched several, including a recent sold-out game at Fenway Park. The Bananas (and their traveling opponents, the Party Animals and the recently launched Firefighters) emphasize entertainment, fun … and most of all, the fans.

Banana Ball games are incredibly popular and always sold out, but Bananas owner Jesse Cole keeps the prices low to make it a fan- and family-friendly event. If you are able to buy tickets, they are just $35 per person with open seating (and $100 per person for a limited number of VIB — Very Important Banana — experiences) with no additional fees. Attending a game means signing up for the waitlist on the Bananas website the year before and then hoping that you have an opportunity to buy tickets when they become available. Unfortunately, and perhaps not surprisingly, Bananas fans and Cole are seeing hard-earned Banana Ball tickets put up for sale on resale sites for hundreds of dollars per seat. When I looked to see if there were any tickets for the Fenway game, I saw them going for about $600 each on one site. Because this type of scalping is antithetical to Cole’s focus on creating a fan-friendly experience, Cole shared on his LinkedIn post the double-edged challenge of fending off scalpers while not creating too much friction in the ticket-buying process: “We’ve learned that eliminating friction is a huge part of creating fans and a fans-first experience. But to create a system that dramatically limits scalping tickets would then create more friction for our one million plus fans that do get tickets the right way every year.”

Those of you who have been following me for a while know where this is going: Cole and the Bananas have a bot problem. While there are probably a handful of legitimate human customers who are reselling their tickets at high markups, it’s equally likely that bot operators are getting on the waitlists and buying up whatever tickets they can get their hands on. Inventory hoarding is a common bot use case, though certainly not the only one that organizations face today; security leaders also struggle with account fraud, web scraping, DDoS, and ad fraud.

As bot operators get smarter and anyone can buy into a bot service to launch an attack, bot management solutions must be ready to respond to an endlessly adaptive stream of attacks. While conducting research for The Forrester Wave™: Bot Management Software, Q3 2024, I found that the top vendors in the space are largely up to the task, with multilayer detection, strong threat research teams, and reporting that has dramatically improved over the past few years. Customers looking to adopt bot management software will find they have multiple options that:

  • Rapidly evolve detections to defend against new attacks and meet customer needs. Every vendor has a multilayer detection strategy that includes several out-of-the-box machine learning detection models. What sets vendors apart is how they evolve those models to new use cases and attack patterns, how much customization they offer, and how they use their research and expertise to support customers. Look for vendors that consistently update models to detect the latest attacks, retire models that are no longer effective, and have updated their detections to be more privacy-forward. Vendors that allow customers to bring their own models or that help customers build bespoke models will be important to any customer with specialized use cases. Customers maximize bot management investments with vendors’ security operations center (SOC) services or threat intel teams that proactively share data and reach out to customers under attack.
  • Support the full range of use cases and stakeholders. Bots wreak havoc on the security, e-commerce, marketing, fraud, and executive teams, so a comprehensive bot management solution must address all their needs. Look for solutions that provide use-case-specific response policies, out-of-the-box general and use-case-specific dashboards that are easy to customize and share, and detailed analysis and explainability about bot attack approaches and goals. Some vendors now offer ROI reports that will help security pros articulate the solution’s value to their leadership team.

For more on the bot management market, check out our just-published report, The Forrester Wave™: Bot Management Software, Q3 2024, or set up a guidance session or inquiry.