When’s the last time you met with your bot management vendor?
For the last few years, I have written about bots and bot management during the holiday season. I ask this question because I’ve noticed a pattern that goes something like this:
- Organization realizes they have a bot problem
- Organization acquires bot management solution
- Bot attacks decrease, organization is happy
- Confident that they have solved the bot problem, organization keeps the solution running, but neglects to regularly tune it
- Meanwhile, bot operators learn, improve, and update their bots
- Slowly, bot traffic begins to increase again
- Organization realizes they have a bot problem
It’s true, you can get away with configuring some application security tools once and then simply rely on periodic rule updates and 0-day responses from the vendors to address new threats. For example, web application firewalls (WAFs) are initially tuned to address the OWASP Top 10, various industry regulations, and policies developed by a particular organization. Then, WAF vendors will push out new rules, and this method has proven to be quite responsive to attacks like Log4Shell. This does not mean WAF is a “set it and forget it” tool, but standard web application attacks like SQL injection are well understood, and the protections and mitigations haven’t really changed.
Bot operators constantly learn and adapt to the latest protections. The upshot: what worked during Thanksgiving might not work come Christmas. Each bot is typically custom built to meet a particular goal against a particular website (e.g., the bot that targets PS5s at Walmart will be different from the bot that targets graphics cards at Best Buy). Bot developers use their knowledge of each site’s bot protections to continuously tune their bots and evade detection. Therefore, a good, proactive bot management vendor must have a strong threat intelligence team and constantly update their rules and detections to account for the latest bot evolutions.
If you haven’t met with your bot management vendor recently, ask them now about attacks they are seeing, the latest evolutions in bots, new rules and detections they have pushed to your system, and any additional tuning that they recommend you do. To paraphrase Kermit The Frog, there are only 31 more sleeps until Black Friday. Now is not the time to sleep on your bot management strategy.
For more information, check out Stop Bad Bots From Killing Customer Experience or set up an inquiry or Guidance Session with me.