Advanced Bot Protection
FortiGuard Advanced Bot Protection detects sophisticated, human-like bot behaviors to stop attacks such as account takeover, DDoS, fraud, and webscraping
Overview
FortiGuard Advanced Bot Protection employs continuous machine learning and behavioral analysis to protect applications from account takeover attempts, data theft, and service disruption. A continuous feedback loop allows the creation and then detection of emerging attack patterns and bot behaviors. The service is able to distinguish between human users, legitimate bots (chatbots), and dangerous bots.
Browser Fingerprinting Detection
FortiGuard Advanced Bot Protection can block or limit simple bots by IP or signature. To detect more sophisticated bots, the service analyzes crawler-specific attributes and checks for inconsistencies in the browser and operating system. Not only does it follow every unique user agent that transacts with the application, but it also feeds the algorithm with new patterns.
Biometric-Based Detection
For more sophisticated bot threats, FortiGuard Advanced Bot Protection monitors, collects, and analyzes client events. These include mouse movements and keyboard clicks to cross-validate with identification and intent-based parameters. It also looks for CAPTCHA bypasses and challenges these bots, to eventually provide a risk score for the organization to act upon.
Continuous, Adaptive Learning
As bots continuously evolve to bypass security mechanisms, new bot behaviors and evasion techniques must be learned and applied to defenses. Our solution uses deep learning and data correlation between multiple dimensions, challenging and probing variations over time to provide accurate risk evaluation. It also accurately classifies good bots.
Features and Benefits
Automated threats have grown in sophistication and scale, increasing the risk to data integrity and confidentiality. To protect network availability and applications across environments, FortiGuard Advanced Bot Protection accurately distinguishes between good and bad bots, and between bots and humans.
Comprehensive bot detection
Defends against account takeover,
web-scraping, inventory depletion, fraud, and DDoS attacks
Resiliency over time
Continuously learns about and analyzes suspicious behaviors to create a risk score to act upon
Consolidated Application Security
Boosts application security when attached to FortiWeb or FortiADC
FortiGuard Advanced Bot Protection Defends Against:
Account Takeover
Brute force, credential dumping, and account creation are all methods bots use to bypass authentication and gain access to customer data.
Webscraping
Copying website data such as text, files, images, prices, and even screen captures can be used to clone a website or divert business.
Inventory Depletion
Bots hoard online stock such as products, tickets, and hotel rooms, to either resell them or simply diminish online revenue.
Denial of Service
A coordinated attack by a network of compromised machines (botnets) can overwhelm a network or application servers, knocking them offline.
Spam
Mass distribution of malicious content (text, advertisements, trackers, or malware) via email or SMS, can be done by bots. Sometimes this is used to degrade SEO rankings.
Fraud
Bots use different ways to trick applications to allow using a resource via false requests. Examples are ad fraud, click fraud, and payment fraud.
