Bot attacks often use previously stolen user credentials to gain unauthorized access to the web, mobile and API application services that organizations rely on to support business processes and engage with their customers. However, a new report from Cequence Security highlights both the security and productivity challenges from the growing number of bot attacks targeting today’s hyper-connected organizations.
“Companies in our research have deployed an average of 482 different applications, on premise or in the cloud, and they are being targeted more than 500 times each day,” said Michael Osterman, CEO of Osterman Research, the firm that conducted the research. “The top three attack types most disruptive to their business are account takeover, application denial of service, and API/business logic abuse.”
The research revealed that 90 percent of these organizations have deployed a web application firewall (WAF) as an essential line of defense, and 85 percent have at least one full-time person focused on bot defense. Despite these investments, organizations reported that they spend an average of 48 hours to detect a bot attack, plus another 48 hours to effectively mitigate the event. Based on their reported labor costs, it means that enterprises are spending more than $177,000 annually on human capital to manage bot attacks.
“If you dig a little deeper, you discover that more than a third of these companies have also deployed first-generation both management tools in addition to their WAF,” said Franklyn Jones, chief marketing officer at Cequence. “That sounds like a smart move until you realize that 100 percent of those companies must continuously spend time modifying hundreds of web and mobile apps in an attempt to detect bot traffic. That’s a poor use of skilled labor and likely a big contributor to their labor costs.”
First generation bot management tools helped to reduce detection time to 10 hours on average, but the time required for bot mitigation remained unchanged at 48 hours.
The report also revealed the top three capabilities customers would like to have integrated into a bot management solution:
- Automatic discovery all web, mobile and API application assets deployed on premises and in the cloud.
- AI-based machine learning and behavioral analysis technologies that can accelerate the accurate detection of bot attacks.
- Automated mitigation options that enable security teams to quickly stop a bot attack before it can achieve its objectives.
“The data from this research report reveals to key requirements — large enterprises want innovative solutions that can strengthen the security posture of their organizations, and almost as important, they want automated solutions that will improve the productivity of their security teams,” said Osterman.