HUMAN Security launched HUMAN Bot Insights Services to help BotGuard for Applications customers take proactive measures against sophisticated bots.
Security teams are overwhelmed and understaffed – according to the Information Systems Security Association (ISSA), 67% of organizations are impacted by a cyber security skills shortage. Many organizations simply don’t have the personnel, time or tools to accelerate the web application security improvements required to defend critical internet platforms from today’s sophisticated bot attacks. Furthermore, sophisticated bots can easily evade bot detection features in conventional application security solutions like CDNs, WAFs or CAPTCHAs, leaving apps open to abuse.
“As organizations have shifted to more online-focused business operations, a trend further accelerated by the pandemic, attackers have doubled down on their efforts and increased the frequency of bot-driven fraud and logic abuse,” said John Grady, Senior Analyst at Enterprise Strategy Group.
To be effective, application vulnerabilities need to be identified and mitigation solutions deployed and configured to meet each customer’s unique infrastructure and requirements. Businesses need to choose a specialized bot management solution, but HUMAN knows it takes more than technology to win against attackers. HUMAN verifies the humanity of more than 15 trillion client-side interactions each week and observes more than 3 billion devices online each month, offering Bot Insights Services customers a visibility unmatched by any other organization.
“HUMAN Bot Insights Services are designed to help businesses reduce the impact of malicious bots. By enhancing their security program with dedicated bot experts from HUMAN, customers collaborate with analysts that focus 100 percent of their time on protecting businesses from sophisticated bot attacks and fraud,” said Gavin Hill, Vice President, Human Insights. “Our Human Insights analysts and data scientists act as an extension of your security team providing custom bot attack surface analysis and advanced policy configuration, event investigations, priority responses, and detailed threat intelligence so that customers can protect and respond more quickly to automated attacks.”
The Human Insights team has uncovered new findings of bot activity among customers protected by the Human Verification Engine based on the company’s observability and verification of 15 trillion digital interactions per week, including:
- Over the past six months, bots accounted for more than 45% of account login attempts, peaking in August 2021.
- Bots attempting payment or transaction fraud peaked in October 2021, accounting for more than 13% of transactions as witnessed by BotGuard for Applications.
- Across all attack vectors protected by BotGuard for Applications, bots accounted for 28% of all interactions.
Additionally, the Human Insights team is studying and tracking bot-related cyberattacks like exploit stuffing, most recently witnessed in the proliferation of the Log4j exploit.
At launch, HUMAN provides the following service deliverables to customers using Bot Insights Services:
- Custom bot attack surface analysis: Every Bot Insights engagement begins with an assessment of current bot defenses to establish a baseline and identify gaps to be addressed. This assessment ensures newly discovered threats are covered, and new gaps are identified quickly, before they can introduce significant risk to your business and customers.
- Custom policy engine rules: Following this initial assessment, the Human Insights team will work closely with you to develop custom policies for deployment in BotGuard.
- Event and transaction investigations: Every Bot Insights engagement includes monthly dedicated research hours for in-depth examination of suspected bot activity within your ecosystem.
- Quarterly Bot Impact Read out with threat investigation insights: Once a quarter, the Human Insights team will provide a Bot Impact Readout, delving into sophisticated bot activity both in your environment and worldwide. This report sets new guidance for investigation for the following quarter(s), custom bot policy updates, and is a key element of the engagement.