Company
Build.com is an online home improvement retailer. The company sells bathroom, kitchen and lighting hardware, appliances and other supplies.
“We live in a very dynamic world where threats are evolving and customer expectations are increasing. Having a team that we can rely on that feels like a natural extension of our team has been a big piece of our relationship with HUMAN.”
– VP of Technology Build.com
Challenge
Build.com had been experiencing automated bots scraping their product data, but they considered it an inevitable part of being an online business. Soon however, the attacks grew in sophistication. Bots not only continued to scrape the site, but also targeted login pages with credential stuffing and account takeover attacks. These attacks were distributed in nature and mimicked real user traffic, with a large amount of unique IPs and high volume of requests coming from each IP. Customers couldn’t log in because Build.com’s login service was overwhelmed. It was clear that the company’s firewalls and other traditional web security controls weren’t sufficient to block more advanced bad bots.
Solution
Build.com chose HUMAN to accurately detect and mitigate sophisticated bot attacks.
Learn More
The team chose HUMAN Application Protection for the following capabilities:
- Advanced machine learning and behavioral analysis: Application Protection takes a behavior-based approach to not only identify automated traffic, but distinguish good bots from bad.
- Easy integrations: Application Protection seamlessly integrated with Build.com’s existing tech stack, including Fastly. There were no changes required or disruptions to performance.
- Low latency: Application Protection blocks bots at the edge to improve latency and website performance. The solution stops sophisticated bot attacks without impacting user experience.
RESULTS
With Application Protection, Build.com was able to identify behavioral anomalies that marked malicious automated traffic and execute appropriate mitigation actions. The company no longer experienced disruptions in their login service, and they enjoyed better latency and site speed. Best of all, their risk of automated scraping and account takeover attacks was reduced.
