Appdome upgrades MOBILEBot Defense for tailored WAF integration

Appdome has enhanced its MOBILEBot Defense solution to empower mobile brands to get more value and control from their existing web application firewall (WAF) infrastructures by adjusting the evaluation, detection, and defense policy to suit each WAF product and installation.

Cybercriminals have shifted their focus to mobile bot attacks, including weaponizing mobile apps, modified mobile apps, malware controlled mobile apps, fake mobile apps, as well as the common bot tactics like bot farms and scripts to perform brute force account takeovers, DDoS attacks and API abuse.

WAF vendors have responded by providing customers with anti-bot SDKs. However, anti-bot SDKs impose too much work and too many limits on mobile app developers with too heavy a performance penalty on mobile apps in production. In addition, using these anti-bot SDKs also require costly changes to WAF infrastructures. Appdome MOBILEBot Defense provides the way to avoid these complex challenges, making it easy for customers to deliver mobile anti-bot defense on top of any installed WAF.

The Appdome MOBILEBot Defense solution is fully portable across all new and old, on-premise and cloud WAFs. The new enhancements to MOBILEBot Defense provide adaptive evaluation, detection and defense rules that can ease and balance the compute burden on existing WAFs and infrastructures, enabling mobile brands to proactively identify and thwart bot attacks, all while reducing the strain on traditional WAFs, including those WAFs reaching their end-of-service horizons.

The new Appdome enhancements allow enterprises, network security teams and mobile brands to extend the useful life of WAFs and deliver more ROI from their existing WAF investments.

“Mobile brands need to stop bot attacks, but they also need to get the most out of their WAF infrastructures and avoid costly or unplanned WAF upgrades,” said Tom Tovar, CEO of Appdome. “Any mobile brand will likely have multiple WAFs, each with different performance characteristics. Our goal is to allow the brand to tailor the bot defense profile to meet the performance characteristics of each WAF.”

The new innovations in Appdome MOBILEBot Defense include:

Appdome DEVICETrust: DEVICETrust is an innovative way to set the evaluation mode for connection requests and screen bot traffic and attacks. With it, mobile brands have the power to set the trust level for each threat vector and, depending on the trust setting, determine where, when and how bot detection and defense is performed. This allows for customizable trust models based on the class and type of WAF used in the bot defense infrastructure. With the new trust model mobile brands can select and prioritize the security checks that are most important to their mobile app security project goals with the click of a button.

Three modes of DEVICETrust are available with Appdome MOBILEBot Defense:

• Adaptive Trust – uses the Appdome Bot Defense Framework intelligence to dynamically adjust the evaluation model based on the responsiveness of each WAF connected to MOBILEBot defense.
• Runtime-Trust – allows connection requests to proceed while threat assessment and checks are in process.
• Zero-Trust – holds connection requests until threat assessment and checks are complete.

Appdome Bot Source and BotID: Bot Source and BotID give mobile brands the ability to achieve continuous risk assessments by adding any data, such as business logic, to specific users and sessions in a mobile app, giving the WAF more granular rules and automated enforcement at the point of the attack, including on connection, at login, transaction, password reset, or other key application workflows.

Appdome Client Rate Limiting: Client rate limiting leverages the compute and processing power of the mobile device used in the attack, performing rate-limiting enforcement within the mobile app. Configurable limits on how frequently a user can perform an action, such as attempting to log in, within a defined timeframe. This approach is better than only relying solely on server-side rate limiting which can be susceptible to brute force and DDoS attacks.

“We’re working hard to ensure that our customers get the most out of their WAF infrastructure,” said Chris Roeckl, Appdome chief product officer. “WAFs are high performance, very capable, platforms. The antibot SDKs provided by WAF vendors are not. We’re trying to bridge the gap and give mobile brands something they can use to stop bots quickly, easily and efficiently.”