Limelight Networks recently announced a new option for its Limelight Web Application Firewall (WAF): the Advanced Bot Manager. The company said that in light of the massive growth of bots, a new option was needed to protect digital content.
According to a recent Statista report, over half of website visits come from automated scripts performing repetitive tasks. Half of the global bot traffic is malevolent, seeking out vulnerabilities, stealing corporate and personal data, launching DDoS attacks and committing fraud. Malicious bots perform damage in multiple other ways, and begin their activities via reconnaissance missions searching for unprotected computers to attack. Once they infect a vulnerable machine, they usually link it to a Command and Control System (CnC) on the Internet, which then uses the victim compute resource (such as home Internet routers, connected cameras and other IoT devices) to carry out automated tasks of its choosing, such as DDoS attacks or Spam Bot attacks.
With more Internet traffic coming from bots than humans, and the Internet actually relying upon beneficial bots to power search engines and digital assistants, they have become a necessary focus point for security services. Good bots must be distinguished from bad ones, and constantly mutating bad bots must be tracked and stopped. Security specialists have developed sophisticated challenges, such as CAPTCHA to help tell a computer and human apart. However, hackers are using a “Captcha as a Service” whereby a CAPTCHA challenge is sent to a team of human responders to solve the CAPTCHA and allow the malicious bot to pass through.
The new Limelight WAF Advanced Bot Manager aims to ensure “maximum availability and security of web infrastructure to sustain revenue generating web traffic by eliminating malicious bot traffic while managing legitimate bot traffic”.
Furthermore, it endeavours to maintain fast customer experiences through ongoing monitoring of bot management policies, and adjusting them as necessary to combat emerging security threats, and protect applications and web infrastructure without affecting performance.
“There are constantly new threats trying to access sensitive content and take down websites, plus global regulations to protect consumer data are increasing,” said Steve Miller Jones, Senior Director of Product Management at Limelight Networks. “Add to that the fact that there’s a shortage of skilled IT security personnel, making it difficult for companies to protect the integrity of their websites and customer data. Our full range of security solutions are integrated into our massive global private network infrastructure to help organizations secure their web infrastructure and content without impacting website performance.”
Limelight Cloud Security Services offer a wide range of defense solutions, including the Limelight DDoS Attack Interceptor which protects against denial-of-service attacks and its TLS/SSL capabilities encrypt data to prevent it from being accessed during transit; in addition to numerous content security techniques, including URL tokenization, geo-fencing and IP address white and blacklisting, ensuring that only authorized users have access to specific content.