What Is Bot Mitigation?

Bot mitigation is the task of blocking bad bots or botnet activity from accessing websites, servers, or IT ecosystems. Bot mitigation requires technology that can recognize good bots from bad, even when bot operators revise or mutate bots in an attempt to evade bot management solutions.

When choosing a bot mitigation solution, there are several critical features and capabilities that will help to achieve your bot management goals.

• Effectiveness. Every bot mitigation solution can detect bots. The best technology must be able to detect the most sophisticated bots you are likely to encounter.
• Resilience. Many solutions detect bots initially but lose track of them once they start mutating. The best solutions learn and evolve over time to continue to mitigate bots for the long term.
• Fewer false positives. Blocking bots shouldn’t get in the way of doing business. Solutions that block humans or good bots will be a drag on productivity. The best solutions offer autotuning capabilities to minimize false positives.
• Visibility and reporting. When it comes to a solution that could potentially block your users, you want granular visibility and reporting capabilities that let you zoom in on specific bots, botnets, and bot characteristics.
• API protection. Unless your bot mitigation technology can protect your APIs, bots will simply migrate from web pages to APIs.
• Broad protection. While some bot management solutions are designed only to address a single problem, the best solutions should provide comprehensive protection against malicious bot traffic, whether it affects the entire site or specific pages.

Bots are seemingly everywhere today, accounting for as much as 70% of traffic on websites. While many bots serve valuable functions, others are designed to steal intellectual property, impersonate legitimate users, or play a role in brute-force attacks, account takeover, and other devastating cyberattacks. In this environment, bot mitigation technology is essential to distinguish good bot traffic from harmful bots, and to manage the impact of malicious bot traffic on the performance of your websites and the experiences of your customers.

Akamai Bot Manager helps you protect your customers and operations with sophisticated bot visibility and control. Unmatched detection and bot mitigation capabilities ensure you can run automated operations effectively and safely, protecting the trust that your customers and partners have in your company and your IT ecosystem.

Bot Manager, Akamai’s bot management solution (link to https://www.akamai.com/products/bot-manager), delivers these essential capabilities and more. Using multiple patented technologies, Bot Manager detects and mitigates bots where they make initial contact, instead of allowing them to reach your site first. Bot Manager’s detection and analytics technology is automatically updated with insights from our Security Intelligence Group, which analyzes 130 TB of new attack data daily to improve bot mitigation capabilities.

Akamai Bot Manager provides protection wherever your company interacts with customers and partners, including endpoints via web, native mobile apps, and APIs. Our technology also delivers protection when a request crosses from one domain to another or crosses multiple brands or businesses, ensuring there are no gaps in protection.

With bot mitigation technology from Akamai, you can:

• Recognize and mitigate bots with greater accuracy. As part of the Akamai Connected Cloud, Bot Manager uses an AI framework to learn about bots by observing traffic at the edge, where users first connect to an application. By observing 11.5 billion bot requests and 280 million bot logins per day, Bot Manager collects clean data on traffic patterns, traffic types, and traffic volume, refining our bot detection algorithm to recognize and stop bots with ever-greater accuracy.
• Optimize detection without adding latency. Bot Manager provides a Bot Score for every bot, combining all detection triggers to identify sophisticated bots and gain a more accurate assessment of each request. Bot scores fall into one of three ranges, each with a defined response strategy. Bots with low scores can be watched or monitored while bots with high scores are aggressively mitigated. Bots with scores in the middle — the gray area — can be challenged with cutting-edge challenges to determine whether the request is from a human user or a good bot vs. a malicious bot.
• Deploy rapidly. Bot Manager can be deployed quickly and seamlessly to detect bots in real time with no latency and no impact on site or network performance. Thanks to the massive capacity of the Akamai platform, Bot Manager can also scale easily to accommodate spikes in traffic.
• Continually improve. Because Akamai protects some of the largest and highest-profile companies in the world, we see many of the most advanced bot attacks and most sophisticated bot traffic. When a new bot is detected for one customer, data and insights are immediately added to our bot library and algorithms, benefiting all Akamai customers.

Key features of Bot Manager include:

• A known bot directory. Our bot directory now includes more than 1,750 known bots and is constantly updated as new bots are discovered.
• Dynamic detections. Using a variety of AI and machine learning models, Bot Manager accurately detects unknown bots from first interaction. These techniques include user behavior analysis, automated browser detection, high request rates, HTTP anomaly detection, and browser fingerprinting.
• The Bot Score. Every bot request detected with Bot Manager receives a Bot Score, which indicates the likelihood that the request is coming from a bot vs. a human.
• Custom settings. Bot Manager provides the ability to set strategic responses to bot scores at different thresholds for each endpoint.
• Autotuning. As bots evolve, Bot Manager learns normal traffic patterns and automatically tunes detections to avoid potentially misclassifying requests.
• Additional response actions. Bot mitigation choices go beyond simple block and allow, enabling you to choose options such as serve alternate content, serve challenge, slow, and more.
• Granular analysis and reporting. Bot Manager delivers visibility into big-picture trends as well as detailed analyses of individual bots and bot traffic.
• Managed services. Akamai Managed Security Service offers the option to deploy dedicated Akamai experts to monitor and offer proactive response recommendations, optimizing bot mitigation without burdening your internal team.