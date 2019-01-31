|
New Report: WAFs Fail to Protect Against Bot Attacks
Cequence Security today released a new report that highlights both the
security and productivity challenges resulting from the growing number
of bot attacks targeting today's hyper-connected organizations. The
research, commissioned by Cequence Security and conducted by Osterman
Research, is based on data from 211 large enterprises across the US. All
of these organizations have been the victim of automated bot attacks.
Bot attacks often use previously stolen user credentials to gain
unauthorized access to the web, mobile, and API application services
that organizations rely on to support business processes and engage with
their customers. "Companies in our research have deployed an average of
482 different applications, on premises or in the cloud, and they are
being targeted more than 500 times each day," explained Michael
Osterman, CEO of Osterman Research. "The top three attack types most
disruptive to their businesses are account takeover, application denial
of service, and API/business logic abuse."
The research revealed that 90% of these organizations have deployed a
web application firewall (WAF) as an essential line of defense, and 85%
have at least one full-time person focused on bot defense. Despite these
investments, organizations reported that they spend an average of 2,880
minutes (48 hours) to detect the bot attack, plus another 48 hours to
effectively mitigate the event. Based on their reported labor costs, it
means that enterprises are spending more than $177,000 annually on human
capital to manage bot attacks.
"If you dig a little deeper, you discover that more than a third of
these companieshave also deployed first-generation bot management tools
in addition to their WAF," explained Franklyn Jones, CMO at Cequence
Security. "That sounds like a smart move until you realize that 100% of
those companies must continuously spend time modifying hundreds of Web
and mobile apps in an attempt to detect bot traffic. That's a poor use
of skilled labor and likely a big contributor to their labor costs."
First-generation bot management tools helped to reduce detection time to
600 minutes (10 hours) on average, but the time required for bot
mitigation remained unchanged at 2,880 minutes.
The report also revealed the top three capabilities customers would like
to have integrated into a bot management solution:
-
Automatic discovery all web, mobile, and API application assets
deployed on premises and in the cloud.
-
AI-based machine learning and behavioral analysis technologies that
can accelerate the accurate detection of bot attacks.
-
Automated mitigation options that enable security teams to quickly
stop a bot attack before it can achieve its objectives.
"The data from this research report reveals two key requirements - large
enterprises want innovative solutions that can strengthen the security
posture of their organizations, and almost as important, they want
automated solutions that will improve the productivity of their security
teams," said Osterman.
Cequence Security and Michael Osterman will present more details from
this research during a live webinar scheduled for January 30, 2018. To
download the report and register for the event, please click
here.
