HUMAN Blog

HUMAN's BotGuard for Applications: powerful new capabilities and integrations to stop sophisticated bot attacks

Today, we announced BotGuard, our platform for enterprises to protect their digital properties, APIs, and apps from the impacts of sophisticated bots. BotGuard for Applications, our product designed specifically for enterprise web and mobile apps, protects against malicious scraping, account takeover, account creation and credential fraud, and in-app content and experience abuse. 

With this release, BotGuard gains some powerful new features to further strengthen bot detection accuracy and mitigation options, new integrations with leading edge and web server solutions to speed deployment and reduce implementation efforts, and new dashboard features to enhance visualization and enable granular policy customization. 

 

Detection Enhancements

HUMAN is continually enhancing the Human Verification Engine that underpins BotGuard’s detection capabilities. BotGuard detects bots missed by leading Content Delivery Networks (CDNs) and Web Application Firewall (WAF) bot management features - in one case, up to 14% of a customer’s invalid traffic was bot activity that passed through a CDN bot management feature completely undetected. 

Screen Shot 2021-07-15 at 9.56.18 AM

BotGuard for Applications gains two detection innovations with this release:

  • Improved single page application (SPA) integration - BotGuard now automatically injects signals into request headers and simplifies deployment to SPAs.
  • Enhanced content scraping protection - BotGuard’s page load protection stops bots from accessing pages at scale and scraping content. On protected pages, bots are blocked and humans are allowed access. 

 

Attack Response Enhancements

BotGuard for Applications integrates with industry-leading platforms to defend your digital business using your existing best-of-breed solutions. Today, we’ve announced our expanded integrations, including NGINX, Cloudflare, Fastly and AWS Cloudfront. These will speed your BotGuard deployment and reduce the effort to implement our real-time mitigation API.

  • Nginx Plug-In - We’ve launched a customizable Nginx plug-in that provides turn-key integration with BotGuard’s real-time mitigation API. This means you can integrate BotGuard for Applications in-line to detect and mitigate bots with minor updates to your Nginx configuration and without making extensive changes to your application code. Mitigation actions can then be tailored to different endpoints or applied globally across all protected endpoints. 
  • CDN/Edge Solution Module - BotGuard integrates with Fastly, Cloudflare and AWS Cloudfront to defend against the abuse of applications and websites from sophisticated bots. The BotGuard CDN module enables easy integration with BotGuard’s real-time mitigation API and custom mitigation actions. Fastly’s CEO, Joshua Bixby, featured HUMAN in their May 5th, 2021 shareholder letter (see page 4) by stating that our organizations are working together to extend mitigation and enforcement efforts. 
  • Identity partnerships with PingFederate and Okta - BotGuard for Applications now augments PingFederate and Okta authentication policies. BotGuard’s BOT OR NOT® security report allows the administrator to create a policy that steers verified traffic to the application and steers malicious bot traffic towards ‘access denied’ or step-up authentication such as MFA. 
    • Custom Rules Engine - provides new policy options with custom rules, for example, for stage and production environments, or an allow list for test or QA bots.
  • Human Checkbox - BotGuard has unrivaled bot detection accuracy but there are rare cases where human behavior may be seen as suspicious. Rather than simply blocking suspicious activity, your application can now serve the new Human checkbox. When the slider is dragged, additional signals are created. Bots fail the challenge while your users can quickly and easily verify their humanity.

 

New Human Checkbox

Management and Reporting - BotGuard management enhancements include SAML support for single-sign-on and multi-user granular permissions, including to the API. Dashboard improvements include advanced visualizations, custom alerting configuration and custom data exports to create a HUMAN to customer feedback loop by integrating with SOC, SIEM and fraud team workflows.

Threat Research - HUMAN’s Satori Threat Intelligence and Research Team regularly takes down multiple large-scale attack networks, proactively identifying and reverse engineering new threats to inform our detection techniques with new indicators against emerging attacks. Recent successes include PARETO where a 1 million node CTV botnet was taken down and the Methbot case that led to the successful prosecution of the criminal gang behind the operation.

HUMAN’s BotGuard for Applications continues to lead the bot management field in detection, threat intelligence and vision. If you’d like to see if we can help you solve your bot problem by deploying a single line of code please visit here.