Detect and mitigate malicious bots

Put an end to business logic abuse on your web applications or API channels with our bot mitigation engine.

Why does this matter?

Bots account for more than half of the traffic in many web applications.

Account takeover fraud, credential stuffing, credential cracking, carding, price scraping, DDoS are just some of the attacks attackers use to automate bots.

Bot mitigation is therefore becoming increasingly important for all publicly accessible web applications, as malicious automated traffic can directly impact a company’s bottom line and cause potential brand erosion.

Our approach

Bot mitigation capability is built into our solutions – UBIKA WAAP Gateway / On Prem Edition, UBIKA WAAP Gateway / Cloud Edition, and UBIKA WAAP Container . With threat intelligence from Webroot’s real-time updated database, we can detect the human-like malicious bots that drive most web-based attacks. Our JavaScript-based bot mitigation challenges block unwanted automated activity, while ensuring legitimate bots.

Each challenge has an expiration date of a few seconds, so we can block the bot if the challenge is not resolved within the allotted time. The user must manage redirects, cookies and JavaScript to present a valid browser fingerprint. You also have several response options, such as rate limiting, blocking, captcha, etc.

The powerful results of our approach

Protection of web applications and APIs

by preventing sophisticated bots and large-scale automated attacks.

An up-to-date database of "good bots"

to ensure user experience for legitimate users and authorized bots.

Behavioral fingerprinting, scoring models

to distinguish real users from automated attacks.

Strong limitation of bot traffic

to your web applications or APIs.

IP reputation analysis

reputation analysis using threat intelligence provided by Webroot to block dangerous bot traffic.

User-friendly dashboard

providing information to proactively manage existing and upcoming threats.

Our bot mitigation system supports OWASP's automated threats for web applications

  • Account Aggregation
  • Account Creation
  • Ad Fraud
  • CAPTCHA Defeat
  • Card Cracking
  • Carding
  • Cashing Out
  • Credential Cracking
  • Credential Stuffing
  • Denial of Inventory
  • Denial of Service
  • Denial of Service
  • Expediting
  • Fingerprinting
  • Footprinting
  • Scalping
  • Scraping
  • Skewing
  • Sniping
  • Spamming
  • Token Cracking
  • Vulnerability Scanning