how do you prevent competitive online price scraping, stop ... · how do you prevent competitive...
TRANSCRIPT
How do you prevent competitive online price scraping, stop fraud and clean up skewed data with bot detection?
Bad Bots Cause the Majority of Website Problems
19% of Traffic Causes the Following Problems
What Sorts of Problems Are We Solving for Travel Organizations?
Skewed Analytics
Page Views
Unique Visitors
Bounce Rate
Look to Book
Campaign ROI
Web Traffic Data Drives Business Decisions
Web Scraping
Web scrapers use advanced persistent bots to
Perform Competitive Intelligence
Steal Unique content and intellectual property
Damage SEO Rankings
Web Scraping Causes Content Theft and Loss of Intellectual Property
Bots and Competitive Data Mining
Duplicating your Product PortfolioBots can easily gather product and supplier listsfor replication elsewhere
Undermining your PricesBots monitor your prices, ensuring competitorscan undercut with lower price listings
Availability TrackingIdentifying when your supply has been exhausted provides competitors a unique opportunity to raise the price of their goods.
Your Website
Brute Force Account Takeover and Online Fraud
Major Brand Breaches in the News
Home DepotData Hack impacts 56 million Payment Cards
Kohl’sFraudsters Change
Gift Cards Into Cash
Highlights from Neiman Marcus Article● “comprised an estimated 5,200 accounts”● "Mitigating these types of account takeovers is critical to maintaining
customer loyalty” ● “one in four fraud victims in 2015 avoided merchants post-fraud"
Sources: krebsonsecurity.com, bankinfosecurity.com, bloomberg.com, & privacyandsecuritymatters.com
Target Data Breach Costs
$252 Million
Bots Make Large Scale Account Takeover Possible
Billions of username, password combinations exist in the wild
Bot operators create bots to test millions of username/password combinations from breaches at other websites to find the credentials that also work on your site
Newly compromised accounts are then used for various forms of fraud/theft
http://krebsonsecurity.com/2016/08/united-airlines-sets-minimum-bar-on-security/
Security
Versus
User Experience
United Airlines Account Protection
47% of fraudulent transactions are successful based on
2012-2015 data
Virtually no improvement preventing fraud over past
four years
200% growth in Volume of Fraudulent Transactions
from 2012 to 2015
No Improvement in Fraud Prevention
SOURCE: 2015 True Cost of Fraud Study - LexisNexis
• Site Performance / Reliability
• Form Spam
• Infrastructure Costs
• Unauthorized Vulnerability Scans
• Denial of Service Attacks
• Ad Fraud
Other Areas of Impact
The Distil Solution
Travel Customer Case Studies
Ecommerce
Travel
Publishers
Directories
Marketplace
Services/Finance
Homegrown Solutions Are Ineffective
Creates a poor user experience Bots appear human in logs Defeated by distributed IP attacks
Defeated by advanced bots Labor intensive Defeated by low and slow crawlers
Defeated by CAPTCHA farms Distributed attacks hard to pinpoint Defeated by peer-to-peer / proxies
Reduces conversions by up to 27% Reactive in nature Reactive in nature
Majority of Bots are Advanced Persistent Bots (APBs)
APBs have one or more of the following abilities:
AdvancedMimic human behaviorLoad JavaScriptLoad external resourcesSupport cookiesBrowser automation (Selenium, PhantomJS)
PersistentDynamic IP rotationDistribute attacks across IP addressesHide behind anonymous and peer-to-peer proxies
2016 Distil Bad Bot Report
Web App Security Requires Complementary Solutions
l
DDoS Mitigation Firewall WAF Distil Bot Protection
Core Competency
Volumetric attacks on infrastructure Network layer attacks Application coding exploits Automated abuse, misuse, and attacks
(scraping, fraud, account takeover, etc.)
Techniques Scrubbing centers,Large pipes
Access Control Lists (ACLs),
Rules-Based
App layer understanding, ACLs, Rules-Based
Real-time Analysis, Fingerprinting, Honeypotting, Machine learning,
Behavioral modeling
The Most Accurate Device Fingerprint in the Bot Mitigation Industry
IP Address
Header & User Agent Information
Cookie Browser
200+ Attributes of data Navigator, WebGL, Plugins, Audio, Video, etc.
Tamper proofing layer
Distil Hi-Def Fingerprint
How the Distil Bot Detection Solution Works
As web traffic passes through Distil, the system
1. Fingerprints each incoming connection and compares it to our Known Violators Database
1. If it’s a new fingerprint, validates the browser to determine if it’s a Bot or Not
1. Based on your preferences, automatically tags, challenges, or blocks the bot
Threat Intelligence From All Distil-Protected Sites
Known Violators DatabaseReal-time updates from the world’s largest Known Violators Database, which is based on the collective intelligence of all Distil-protected sites
Distil customers are automatically protected against new threats discovered anywhere on the network
Browser ValidationDetects all known browser automation tools, such as Selenium and Phantom JS
Protects against browser spoofing by validating each incoming request as self reported
Advanced Bot Detection Increases Accuracy
Behavioral Modeling and Machine LearningMachine-learning algorithms pinpoint behavioral anomalies specific to your site’s unique traffic patterns
Self optimizing algorithms improve bot detection and mitigation without manual configuration
Distil API Security Protects APIs from Automated Attackers
l
Leverages your existing authentication methods for easy deployment
Inspects each client connection in real-time
Detects API clients masquerading as legitimate browsers
Works across web, mobile browser, and mobile native applications
Distil Analyst Managed Service
“Distil Analyst Managed Service helps keep our site fast and responsive and helps ensure our customers - wherever they are booking - get our price and availability content through our approved API channels.”
Anthony Drury, Head of Business
Bringing Human Intelligence to the Science of Bot Mitigation
○ Install on virtualized or bare metal appliance(s)○ High availability configurations with failover monitoring○ Heartbeat up to Distil Cloud ○ Deploys in days
Flexible Deployment Options
○ Automatically compresses and optimizes content for faster delivery○ 17 global datacenters automatically fail over when a primary location goes
offline○ Automatically increases infrastructure and bandwidth to accommodate
spikes○ Deploys in hours
Physical or Virtual Appliances
Content Delivery Network
www.distilnetworks.com
QUESTIONS….COMMENTS?KELLEY@ D I S T I L N E T W O R K S . C O M
1.866.423.0606OR CALL US ON