SlideShare a Scribd company logo

Fight bad bot on the internet

Download as PPTX, PDF
Cloudflare
Cloudflare

The advancement in deep and machine learning, natural language understanding, and big data processing are paving the way for the rise in AI-powered bots, that are faster, getting better at understanding human interaction and can even mimic human behavior. Cyber criminals are harnessing the latest tools available, and constantly changing their techniques to make their attacks more effective, faster and adaptable to safeguards. Join this webinar to learn about: - What type of workloads prone to bot attacks - Which industries heavily affected by Bot attacks - Learn about Cloudflare's Machine Learning and Behavioral Analysis driven approach to solving Bot menace.

1 of 22
Fight bad bots on the Internet
Today’s Speakers Krishna Zulkarnain Marketing Director APAC @ Cloudflare Anand Guruprasad Solutions Engineer @ Cloudflare
What you will learn today? 3 What type of workloads prone to bot attacks Challenges to a successful bot mitigation strategy How do you protect assets from bot menace?
We are helping build a better Internet 4
5 Cloudflare Security Vision Provide world-class visibility, controls, and guided configurations so that customers of any size and technical sophistication can keep their Internet property safe and secure without sacrificing speed and performance 5
A Global Anycast Network 193Cities and 90+ countries99% Of the Internet-connected population in the developed world population is located within 100 milliseconds of our network 44BCyber threats blocked each day in Q2’19 websites, apps & APIs 20M+
Anand Guruprasad Solutions Engineer @ Cloudflare
Evolution of Cloudflare Bot Management Next Gen Bot Management Mitigation at Scale Cloudflare released solutions that stopped most malicious automated attacks. Cloudflare launches next gen bot management that leverages machine learning on a curated subset of traffic across our network of 20M+ Internet properties. 8 Stop Bots for Customers Cloudflare developed advanced tools that enable customers to tailor solutions at scale
Common Use Cases Attempts to log into and take-over a user’s account by automatically applying previously stolen account credentials Stealing information from websites with malicious intent Bots click on your ads and register in your marketing analytics. Credential Stuffing Content Scraping/Spam Marketing Ad- click Fraud Fraudulently purchases goods to deprive legitimate customers or resell for a higher price Inventory Hoarding Credit Card Stuffing Tries to validate stolen credit cards to then make fraudulent purchases 9
What have you tried to date? ● Rate Limiting ● WAF ● Multi-Factor Authentication ● Homegrown solutions ● Javascript-based bot detection
Problems with Javascript ● Slow application performance because each request is evaluated at the vendor’s origin ● False negatives — failures to mitigate malicious bots that turn off Javascript ● Poor user experience by interfering with or breaking web applications ● Violation of user privacy and government non-compliance if sensitive data stored by Javascript in the browser is compromised ● Deployment headaches while managing and securing third-party Javascript libraries 11
Cloudflare Bot Management Detect and manage bad bots by leveraging intelligence from over 20M+ million internet properties. All in one click.
Rate Limiting SSL L3/4 DDoS Protection ` We secure traffic end-to-end, providing a layered defense Request Passed! Bot Management WAFDNS/DNSSEC Argo Tunnel 13 Orbit Spectrum EXTEND WorkersAccess CONTROL 13 L7 DDoS Protection
Why does Cloudflare scale matter? We ran the same machine learning model on the same features but using only 1% of the data set - potentially available to our competitors. Results: - 10% decrease in anomaly detection - 80% decrease in detecting SPAM + 400% increase in captchas shown
Cloudflare Bot Management Methods Machine Learning Cloudflare’s ML trains on a curated subset of 425 billion requests per day across 20M+ Internet properties, to create a reliable “bot score” for every request. Behavioral Analysis Behavioral analysis detects anomalies in site-specific traffic, scoring every request on how different it is from the baseline. Automatic Whitelist Because not all bots are bad, the solution automatically maintains and updates a white list of "good" bots, such as those belonging to search engines. Mobile Our mobile solution prevents attacks against mobile application APIs by impersonation and emulation bots and by hijacked mobile apps. 15 Detection Protection
How does our Machine Learning work? score Requests Bytes Request Useragent IP Country Solved Captchas 20 50 empty 162.245.21.30 Russia 0 40 300 Mozilla 162.245.21.24 France 1 60 2540 Firefox 182.245.21.30 Germany 1 80 2322 Chrome 162.5.21.30 US 1 … 200 MM ... 50 322 Chrome 162.5.21.30 Russia 0 we learn from the properties of the requests across trillions of data points e.g.
Mitigation Options All mitigations of Bot management on your website undergo three stages to insure compatibility and effectiveness with your traffic 1. Simulate/Log This mitigation is the least intrusive one and thus allows you to mitigate offline on your own time. You will receive a header to all your requests with our bot score. This is particularly relevant for spammed forums, online forms, or online voting platforms. 2. Captcha* This mitigation is the best first step for rolling out to production as it allows us/you to measure the amount of false positives without impacting the user experience. 3. Block This mitigation is the most effective and should only be used in production after careful trade-off evaluation. * might require integration on your side
Alternative Actions and Punishment: Slow- down and waste bandwidth if (pathnameParts[1] == 'jpg') { var req = new Request('https://d3hv8qdd474bjn.cloudfront .net/nyancat_large.jpg?r=12'); // var req = request; options.cf.resize = {}; options.cf.cacheTtl = 600; options.cf.resize.width = 9999; options.cf.cacheKey = 'nyan'; options.cf.resize.quality = 1; // slowRequest = false; if (clientTrustScore <= 30) { await sleep(1000); var options = { "cf" : { "cacheTtl" : 30 } };
Key Feature: Analytics and Reporting
ELS in SIEM Integration
Dogfooding Spam Protection at Cloudflare
Q&A

More Related Content

Fight bad bot on the internet

  • 1. Fight bad bots on the Internet
  • 2. Today’s Speakers Krishna Zulkarnain Marketing Director APAC @ Cloudflare Anand Guruprasad Solutions Engineer @ Cloudflare
  • 3. What you will learn today? 3 What type of workloads prone to bot attacks Challenges to a successful bot mitigation strategy How do you protect assets from bot menace?
  • 4. We are helping build a better Internet 4
  • 5. 5 Cloudflare Security Vision Provide world-class visibility, controls, and guided configurations so that customers of any size and technical sophistication can keep their Internet property safe and secure without sacrificing speed and performance 5
  • 6. A Global Anycast Network 193Cities and 90+ countries99% Of the Internet-connected population in the developed world population is located within 100 milliseconds of our network 44BCyber threats blocked each day in Q2’19 websites, apps & APIs 20M+
  • 8. Evolution of Cloudflare Bot Management Next Gen Bot Management Mitigation at Scale Cloudflare released solutions that stopped most malicious automated attacks. Cloudflare launches next gen bot management that leverages machine learning on a curated subset of traffic across our network of 20M+ Internet properties. 8 Stop Bots for Customers Cloudflare developed advanced tools that enable customers to tailor solutions at scale
  • 9. Common Use Cases Attempts to log into and take-over a user’s account by automatically applying previously stolen account credentials Stealing information from websites with malicious intent Bots click on your ads and register in your marketing analytics. Credential Stuffing Content Scraping/Spam Marketing Ad- click Fraud Fraudulently purchases goods to deprive legitimate customers or resell for a higher price Inventory Hoarding Credit Card Stuffing Tries to validate stolen credit cards to then make fraudulent purchases 9
  • 10. What have you tried to date? ● Rate Limiting ● WAF ● Multi-Factor Authentication ● Homegrown solutions ● Javascript-based bot detection
  • 11. Problems with Javascript ● Slow application performance because each request is evaluated at the vendor’s origin ● False negatives — failures to mitigate malicious bots that turn off Javascript ● Poor user experience by interfering with or breaking web applications ● Violation of user privacy and government non-compliance if sensitive data stored by Javascript in the browser is compromised ● Deployment headaches while managing and securing third-party Javascript libraries 11
  • 12. Cloudflare Bot Management Detect and manage bad bots by leveraging intelligence from over 20M+ million internet properties. All in one click.
  • 13. Rate Limiting SSL L3/4 DDoS Protection ` We secure traffic end-to-end, providing a layered defense Request Passed! Bot Management WAFDNS/DNSSEC Argo Tunnel 13 Orbit Spectrum EXTEND WorkersAccess CONTROL 13 L7 DDoS Protection
  • 14. Why does Cloudflare scale matter? We ran the same machine learning model on the same features but using only 1% of the data set - potentially available to our competitors. Results: - 10% decrease in anomaly detection - 80% decrease in detecting SPAM + 400% increase in captchas shown
  • 15. Cloudflare Bot Management Methods Machine Learning Cloudflare’s ML trains on a curated subset of 425 billion requests per day across 20M+ Internet properties, to create a reliable “bot score” for every request. Behavioral Analysis Behavioral analysis detects anomalies in site-specific traffic, scoring every request on how different it is from the baseline. Automatic Whitelist Because not all bots are bad, the solution automatically maintains and updates a white list of "good" bots, such as those belonging to search engines. Mobile Our mobile solution prevents attacks against mobile application APIs by impersonation and emulation bots and by hijacked mobile apps. 15 Detection Protection
  • 16. How does our Machine Learning work? score Requests Bytes Request Useragent IP Country Solved Captchas 20 50 empty 162.245.21.30 Russia 0 40 300 Mozilla 162.245.21.24 France 1 60 2540 Firefox 182.245.21.30 Germany 1 80 2322 Chrome 162.5.21.30 US 1 … 200 MM ... 50 322 Chrome 162.5.21.30 Russia 0 we learn from the properties of the requests across trillions of data points e.g.
  • 17. Mitigation Options All mitigations of Bot management on your website undergo three stages to insure compatibility and effectiveness with your traffic 1. Simulate/Log This mitigation is the least intrusive one and thus allows you to mitigate offline on your own time. You will receive a header to all your requests with our bot score. This is particularly relevant for spammed forums, online forms, or online voting platforms. 2. Captcha* This mitigation is the best first step for rolling out to production as it allows us/you to measure the amount of false positives without impacting the user experience. 3. Block This mitigation is the most effective and should only be used in production after careful trade-off evaluation. * might require integration on your side
  • 18. Alternative Actions and Punishment: Slow- down and waste bandwidth if (pathnameParts[1] == 'jpg') { var req = new Request('https://d3hv8qdd474bjn.cloudfront .net/nyancat_large.jpg?r=12'); // var req = request; options.cf.resize = {}; options.cf.cacheTtl = 600; options.cf.resize.width = 9999; options.cf.cacheKey = 'nyan'; options.cf.resize.quality = 1; // slowRequest = false; if (clientTrustScore <= 30) { await sleep(1000); var options = { "cf" : { "cacheTtl" : 30 } };
  • 19. Key Feature: Analytics and Reporting
  • 20. ELS in SIEM Integration
  • 21. Dogfooding Spam Protection at Cloudflare
  • 22. Q&A

Editor's Notes

  1. My name is Krishna Zulkarnain and I am the Head of Marketing in APAC.  Cloudflare is growing really fast in our region and I'm responsible for generating demand for our sales team across APAC via digital platforms and educational events such as this. On today’s webinar I’m Joined by Anand Guruprasad, our Solutions Engineer based in Singapore, Anand has been with Cloudflare for over a year and a half now. Anand, would you like to introduce yourself?  Thank you Anand for the introduction and we’re all looking forward to diving into your content. But before we start, I would like to go over some housekeeping items. Since there are so many of you on the call, we won’t be taking calls so if you have any questions, please ask them using the Q&A section in your console on the right hand side. We will go through these Questions at the end of the webcast. Also, a recording of this webinar will be available on the Cloudflare Channel and the slides will be shared with you. This session will take around 30 minutes of your time. Here we go!
  2. On today’s webinar we will cover these 3 main things What type of workloads prone to bot attacks - Here, we review the most common use cases of bot attacks Challenges to a successful bot mitigation strategy - Bot attacks are evolving and so should you How do you protect assets from bot menace? - Finally we will provide some practical insights on how to protect your web domains Of course we will end with the QA so please make sure you ask your questions on chat and we will answer them at the end.
  3. The next 30 minutes is packed with useful tips and insights but before we get into that, let me take a few steps back to talk about what Cloudflare does.  As you can see from our Mission Statement, Cloudflare is helping build a better internet. How do we do that? What is it that we do? In simple terms we help build a better internet by making your websites more secure, more reliable and faster. Why are these so important? Because if your website goes down or it’s slow to load, for any reason, it will have a negative impact to your business. And we make it our business that that will never happen
  4. So diving into Cybersecurity, In a nutshell, this is our philosophy on how we tackle this issue for our customers. world-class visibility, controls, and guided configurations We protect 20M+ Websites - huge variety - some tech some not Our approach is such that We will not sacrifice speed and performance for security. Complete but not complex
  5. So how can Cloudflare help to grow your business? Cloudflare’s network has the breadth and scale that organizations need to run their Internet applications What this means is that we have a very robust, holistic view on global security threats so that we can better help companies mitigate risks as they happen around the world. With this Global Anycast Network we will ensure that your websites always stays up and deliver faster content to your customers so that you can focus on what you do best and that is growing your business. Our network offers scale, performance that helps organizations like yours deliver superior application experience while keeping keeping their environments secure. I will now hand it over to Anand to talk about what you need to know about Cybersecurity
  6. Matthew often says that one of the things we do is patch the internet. If you step back and think about it, that is a hard thing to do - there is no one thing to put the bandaid on. We’ve designed a solution that does this patching - this securing - at the edge. The super cool thing about this is that as the internet changes - new apps, new use cases and new devices - it is relatively easy for us to secure them. If we can put them behind cloudflare, for the most part they are secure (I make it sound way easier than the engineering team likes…) This is the core of our security solution and what truly differentiates it is the depth of integration from DNS look-up all the way to the origin. But, what makes Cloudflare unique, is the innovation and scale we bring to our customers...
  7. Top 3 -4 things we are doing in - releasing…. Demonstrate the top things you will be interesting…. So this snapshot of some of the top things you would be interested in over the next few quarters Bot migatiation analytics - more stuff later this year