How do you prevent competitive online price scraping, stop fraud and clean up skewed data with bot detection?

Bad Bots Cause the Majority of Website Problems

19% of Traffic Causes the Following Problems

What Sorts of Problems Are We Solving for Travel Organizations?

Skewed Analytics

Page Views

Unique Visitors

Bounce Rate

Look to Book

Campaign ROI

Web Traffic Data Drives Business Decisions

Web Scraping

Web scrapers use advanced persistent bots to

Perform Competitive Intelligence

Steal Unique content and intellectual property

Damage SEO Rankings

Web Scraping Causes Content Theft and Loss of Intellectual Property

Bots and Competitive Data Mining

Duplicating your Product PortfolioBots can easily gather product and supplier listsfor replication elsewhere

Undermining your PricesBots monitor your prices, ensuring competitorscan undercut with lower price listings

Availability TrackingIdentifying when your supply has been exhausted provides competitors a unique opportunity to raise the price of their goods.

Your Website

Brute Force Account Takeover and Online Fraud

Major Brand Breaches in the News

Home DepotData Hack impacts 56 million Payment Cards

Kohl’sFraudsters Change

Gift Cards Into Cash

Highlights from Neiman Marcus Article● “comprised an estimated 5,200 accounts”● "Mitigating these types of account takeovers is critical to maintaining

customer loyalty” ● “one in four fraud victims in 2015 avoided merchants post-fraud"

Sources: krebsonsecurity.com, bankinfosecurity.com, bloomberg.com, & privacyandsecuritymatters.com

Target Data Breach Costs

$252 Million

Bots Make Large Scale Account Takeover Possible

Billions of username, password combinations exist in the wild

Bot operators create bots to test millions of username/password combinations from breaches at other websites to find the credentials that also work on your site

Newly compromised accounts are then used for various forms of fraud/theft

http://krebsonsecurity.com/2016/08/united-airlines-sets-minimum-bar-on-security/

Security

Versus

User Experience

United Airlines Account Protection

47% of fraudulent transactions are successful based on

2012-2015 data

Virtually no improvement preventing fraud over past

four years

200% growth in Volume of Fraudulent Transactions

from 2012 to 2015

No Improvement in Fraud Prevention

SOURCE: 2015 True Cost of Fraud Study - LexisNexis

• Site Performance / Reliability

• Form Spam

• Infrastructure Costs

• Unauthorized Vulnerability Scans

• Denial of Service Attacks

• Ad Fraud

Other Areas of Impact

The Distil Solution

Travel Customer Case Studies

Ecommerce

Travel

Publishers

Directories

Marketplace

Services/Finance

Homegrown Solutions Are Ineffective

Creates a poor user experience Bots appear human in logs Defeated by distributed IP attacks

Defeated by advanced bots Labor intensive Defeated by low and slow crawlers

Defeated by CAPTCHA farms Distributed attacks hard to pinpoint Defeated by peer-to-peer / proxies

Reduces conversions by up to 27% Reactive in nature Reactive in nature

Majority of Bots are Advanced Persistent Bots (APBs)

APBs have one or more of the following abilities:

AdvancedMimic human behaviorLoad JavaScriptLoad external resourcesSupport cookiesBrowser automation (Selenium, PhantomJS)

PersistentDynamic IP rotationDistribute attacks across IP addressesHide behind anonymous and peer-to-peer proxies

2016 Distil Bad Bot Report

Web App Security Requires Complementary Solutions

l

DDoS Mitigation Firewall WAF Distil Bot Protection

Core Competency

Volumetric attacks on infrastructure Network layer attacks Application coding exploits Automated abuse, misuse, and attacks

(scraping, fraud, account takeover, etc.)

Techniques Scrubbing centers,Large pipes

Access Control Lists (ACLs),

Rules-Based

App layer understanding, ACLs, Rules-Based

Real-time Analysis, Fingerprinting, Honeypotting, Machine learning,

Behavioral modeling

The Most Accurate Device Fingerprint in the Bot Mitigation Industry

IP Address

Header & User Agent Information

Cookie Browser

200+ Attributes of data Navigator, WebGL, Plugins, Audio, Video, etc.

Tamper proofing layer

Distil Hi-Def Fingerprint

How the Distil Bot Detection Solution Works

As web traffic passes through Distil, the system

1. Fingerprints each incoming connection and compares it to our Known Violators Database

1. If it’s a new fingerprint, validates the browser to determine if it’s a Bot or Not

1. Based on your preferences, automatically tags, challenges, or blocks the bot

Threat Intelligence From All Distil-Protected Sites

Known Violators DatabaseReal-time updates from the world’s largest Known Violators Database, which is based on the collective intelligence of all Distil-protected sites

Distil customers are automatically protected against new threats discovered anywhere on the network

Browser ValidationDetects all known browser automation tools, such as Selenium and Phantom JS

Protects against browser spoofing by validating each incoming request as self reported

Advanced Bot Detection Increases Accuracy

Behavioral Modeling and Machine LearningMachine-learning algorithms pinpoint behavioral anomalies specific to your site’s unique traffic patterns

Self optimizing algorithms improve bot detection and mitigation without manual configuration

Distil API Security Protects APIs from Automated Attackers

l

Leverages your existing authentication methods for easy deployment

Inspects each client connection in real-time

Detects API clients masquerading as legitimate browsers

Works across web, mobile browser, and mobile native applications

Distil Analyst Managed Service

“Distil Analyst Managed Service helps keep our site fast and responsive and helps ensure our customers - wherever they are booking - get our price and availability content through our approved API channels.”

Anthony Drury, Head of Business

Bringing Human Intelligence to the Science of Bot Mitigation

○ Install on virtualized or bare metal appliance(s)○ High availability configurations with failover monitoring○ Heartbeat up to Distil Cloud ○ Deploys in days

Flexible Deployment Options

○ Automatically compresses and optimizes content for faster delivery○ 17 global datacenters automatically fail over when a primary location goes

offline○ Automatically increases infrastructure and bandwidth to accommodate

spikes○ Deploys in hours

Physical or Virtual Appliances

Content Delivery Network

www.distilnetworks.com

QUESTIONS….COMMENTS?KELLEY@ D I S T I L N E T W O R K S . C O M

1.866.423.0606OR CALL US ON