Innovative Approach to Anti-Automation
As WAFs traditional functionality is being absorbed in other solutions such as IPS and Load Balancers, WAFs are looking for future direction. One feature that seems to appear in many WAFs and show promise is anti-automation. Anti-automation is a complex feature not the least since automation itself is multifaceted and ill-defined. The attached presentation provides insight into automation applications from auction sniping to data scraping.
Most WAF vendors including Imperva, F5 and Trustwave have added anti-automation features to their products focusing usually on anti-scraping or protecting from denial of service. However automation is not always hostile (just think “Google crawler”). Moreover, the level of maliciousness is not always clear and may defer between geographies and over time. Price comparison sites were the enemy of e-Commerce until they became the segment darlings. Auction sniping is banned by law in some countries and suggested by auction sites in others. As a result protecting from malicious automation is challenging.
This challenge calls for more flexibility than offered by regular WAFs. An interesting direction to provide such flexibility is SaaS based approach, similar to WhiteHat Security Sentinel scanning service and Commtouch GlobalView Web Security service. One promising company which offers such a service for fighting automation is Site Black Box. The company’s Bot Black Box service combines an agent integrated in the protected application and an in the cloud server for analysis and detection. Since automation mitigation does not require blocking the first offending request the cloud server cane perform asynchronous deeper analysis and provide response instructions when ready. The company’s elaborate rules language used for analysis and detection enables flexibility in addressing emerging or customer specific threats. Bundle this with good rate based detection and source identification technologies and you got a company worth watching.