Name: When Bots Attack! Stopping OWASP’s New Top 20 Automated Threats
Start: 2016-08-16T15:00:00Z
End: 2016-08-16T15:37:30.000Z
Location: BrightTALK
Rating: 3.71

Distil Networks, the global leader in bot detection and mitigation, offers the most automated and accurate way to identify and police malicious website traffic, blocking 99.9% of bad bots without impacting legitimate users. Distil protects against web scraping, competitive data mining, account hijacking, form spam and click fraud while slashing the high tax that bots place on your internal teams and web infrastructure.

Many posit that cloud architectures/business models will bring about a more patient, gradual availability model, where failures are either rendered unimportant because of mass replication or load shifting, or they are tolerated in exchange for cheaper services. Whatever the long term promise, the fact is that outages and performance degradation continue to dog the industry.

According to the 2017 Uptime Institute Survey, 92% of management are more concerned about outages than one year ago. As your website, mobile app, and the APIs that power them become more distributed, failures resonate outward and have an ever-greater impact on your business. You no longer can just worry about your own on-premise and cloud infrastructure, but must also be aware of your company’s third party SaaS vendors and THEIR infrastructure too.

Watch Andy Lawrence, Vice President at 451 Research, Engin Akyol, CTO of Distil Networks, and Scott Hilton, VP & GM Product Development of Oracle Dyn for a thought-provoking conversation about next-generation website resiliency.

Key takeaways include:

- Why you need to treat the risks of binary failures and degradations differently
- Resiliency architectures for cloud-optimized and cloud native applications
- The importance of software-defined components such as global traffic management, application synchronization, and guaranteed data consistency
- How Content Delivery Networks, DDoS protection, and Bot Mitigation complement each other to deliver increased website performance 
- How non-traditional disruptions like the recent hurricanes can affect your network resiliency
- Case Study: Distil Networks field guide for building out a global platform

The Website Resiliency Imperative

When aggressive scrapers caused slowdowns on iCruise.com, Antoine Zammit, VP of technology at its parent company WMPH Vacations, said enough was enough.

Distil Networks is a bot detection and mitigation specialist. It works with some of travel’s biggest names such as Sabre, Skyscanner, Amadeus and Lufthansa as well as specialist operators of scale, such as WMPH.

In this Tnooz workshop, Elias Terman, Vice President of Marketing, Distil Networks gives a data-driven overview of the current state of the bad bot landscape, the recent shift of bad bot activity to mobile and new bot-driven scams such as spinning.

Are Bad Bots Destroying Your Conversion Rate and Costing You Money?

What are the odds that your gaming website is being compromised by automated bots?

Ten to one. With the incredible amount of money being transacted on gaming websites, cyber criminals and fraudsters have turned to sophisticated automation. Now more than ever, website defenders must remain vigilant in protecting user accounts and their account balances from hijacking and fraud.

Unscrupulous competitors and other nefarious actors also use bad bots. They scrape betting line data, which they then use to capitalize on your unique content, perform electronic arbitrage, and create an unfair playing field. Aggressive web scraping can also lead to application denial of service, and a poor user experience.

Watch this interactive webinar with Distil Networks to learn how to:

- Protect betting revenue
- Stop betting line web scrapers  
- Prevent account takeover  
- Reduce transaction fraud  
- Eliminate in play bots  
- Improve website performance

Gamble on Your Website, not With Your Website

Forward thinking brands understand the importance of IT and business working together to solve the bad bot problem. Join a lively conversation with leaders from Build.com, SiteSpect, and Distil Networks to learn actionable ways to increase online revenue.

Blocking bad bots isn’t just the purview of the IT department. When nefarious competitors, hackers and fraudsters use bots for competitive intelligence, account takeover, and fraud, they also skew web analytics, and place a drag on marketing KPIs and the customer experience.

Key takeaways include:

- The downstream impact of bot activity on client-side and server-side testing
- The interplay between your pricing strategy and cart stuffing
- How to protect your competitive advantage, site security, SEO rankings, customer base, and brand 
- Build.com’s journey to better site performance and funnel optimization

Don't Let Bots Pollute Don’t Let Bots Pollute Your Conversion Metrics and Brand

“Bots” first entered popular consciousness last year with the passing of the BOTS Act, and the proliferation of messaging bots. However, those of us in the ticketing industry have been dealing with bots for years.

Rami Essaid, CEO of Distil Networks, and Niels Sodemann, CEO of Queue-it enage in a lively conversation on the evolution of good and bad bots, their impact on the ticketing ecosystem, current and pending legislation, and innovative onsale bot mitigation strategies.

How the BOTS Act Impacts Premium Onsales and the Ticketing Industry Ecosystem

The notion of API management in which enterprise architects, app developers and IT security experts work in harmony is great in theory. The reality, according to new research from Ovum, is much more scattered.

Watch Ovum IT Security Analyst Rik Turner as he dives into new primary research on how companies are really managing API security. Then watch the lively conversation as Rami Essaid, CEO of Distil Networks, explains why APIs are becoming such an increasingly attractive target for hackers. Lastly, Shane Ward, Senior Director of Technology at GuideStar, will share best practices and pitfalls to avoid when managing both free and paid access to your APIs.

Key takeaways will include:

- How to benchmark your organization's API security and internal processes against your peers
- Why CIO and/or CISO visibility into how API security is managed across the enterprise is so critical
- How to map your business requirements to your API security strategy
- A primer on API security controls, including geo/org fencing, token governance, dynamic access control lists and advanced rate limiting
- Why heavy "application services governance" software suites are the wrong approach

The Inconvenient Truth About API Security

The Drupal Association and Distil Networks would like to invite you to a webinar about how we teamed up to protect the home of one of the largest and longest standing open source projects from spam.

Learn the profile of a modern spammer, why they target a site like Drupal.org, and why the anti-spam measures of the past are no longer sufficient.

We'll walk you through Distil Networks unique approach to identifying bots and bad actors, and how we implemented this on Drupal.org.

Finally, we'll explain how other large scale Drupal sites can use similar techniques to protect themselves.

How Drupal Fights Spam Using Distil Networks

Did you know that 16.1% of bad bots now masquerade as mobile devices? Or that bad bot traffic is up 36.43% on the world’s largest site since 2015?

Distil Networks has produced their fourth annual Bad Bot Report. It's the IT Security Industry's most in-depth analysis on the sources, types, and sophistication levels of 2016’s bot attacks -- and there are serious implications for anyone responsible for securing websites and APIs.

Bad bots are expanding at an epidemic rate creating a scourge across the Internet. Bots are the primary culprits behind widespread attack vectors including web scraping, competitive data mining, account takeovers, transaction fraud, unauthorized vulnerability scans, spam, man-in-the-middle attacks, digital ad fraud, API abuse, and application denial of service. 

Register today to gain actionable insights on how to defend your websites and APIs for the coming year of automated threats.

Join David Monahan, Research Director, Security and Risk Management at Enterprise Management Associates, and Rami Essaid, CEO of Distil Networks as they dive into the data to reveal:

- 6 high-risk threats every IT security pro must protect against
- The top OWASP Automated Threats you need to start tracking right now
- How bad bot activity varies based on your industry and your vulnerability profile
- The worst offending bad bot countries, ISPs, mobile operators, and hosting providers 

Register today to gain actionable insights on how to defend your websites and APIs for the coming year’s onslaught of automated threats.

Bonus: All registrants will receive a copy of Distil Networks 2017 Bad Bot Landscape Report,  presentation slides, and a copy of the EMA White Paper: Bot Defense: Insights Into Basic and Advanced Techniques for Thwarting Automated Threats (a $99 value).

Bad Bots on the Rise: 6 Lessons for Website Defenders

Malicious bots, or what OWASP calls Automated Threats, are more sophisticated than ever and fast becoming the biggest threat to web application security. Join Tin Zaw, Director of Security Solutions at Verizon Digital Media Services and Edward Roberts, Director of Product Marketing at Distil Networks, for a lively conversation about the new automated threat and how enterprises can protect themselves with a proactive and layered approach to web application security and performance.

About the Presenters: 

Tin Zaw, Director of Security Solutions, Verizon Digital Media Services
Elias Terman, VP of Marketing, Distil Networks
Edward Roberts, Director of Product Marketing, Distil Networks

Better Together - A Partnership for Mitigating Bad Bots

Did you know 30% of travel industry website visitors are unsavory competitors, hackers, spammers, and fraudsters?

Worse yet, unwanted traffic from web-scraping bots can negatively impact revenue management targets and yields across multiple distribution channels. Join Anthony Drury, Director, Head of Business, at easyJet, as he takes you through his strategy to ensure easyJet customers -- wherever they are booking -- get price and availability content through approved API channels. The approach of easyJet ensures that all bookings are screened for fraudulent activity and blocks are added to restrict screen scraping.

Watch the reply to learn how to:

- Eliminate the cascading negative effects of screen-scraping bots
- Optimize revenue while simultaneously improving the customer experience
- Strengthen travel industry partnerships by creating a level playing field
- Improve website KPIs like look-to-book ratios, SEO page rank, cross-selling/up-selling, site speed and conversion rates

easyJet’s Journey to Protect Their Booking Engine from Unwanted Traffic

The digital advertising marketplace is under sustained attack from increasingly sophisticated Non Human Traffic (NHT) (aka Bots) that divert, steal, and defraud billions of dollars a year. According to a new study by The 614 Group, 78% of digital publishers identify NHT post campaign, and 39% proactively block it outright--just one of many revelations collected from surveying over forty digital publishers’ about their daily battle to combat digital ad fraud.

Watch our discussion led by The 614 Group and Distil Networks with commentary from industry luminaries.

Key Takeaways include:

- Insights from top digital publishers on the impact of NHT on their businesses, NHT countermeasures, and the impact of these countermeasures on their bottom line
- Understand why the impact of the even 3% or 5% of NHT that lands on a site is even greater than that amount
- Watch a conversation on how we can understand the impact of NHT at a campaign level or in other words how does NHT actually affect your clients
- The differences between NHT “blocking” and “auditing”, and key use cases for each

2017 State of Digital Publishers' Fight Against NHT

Automated threats are bad bots and are being used by hackers and fraudsters to exploit your web applications. Whether it's account takeovers, unauthorized vulnerability scan, testing stolen credit cards, DDoS attacks bringing down your site, bots are being leveraged by the bad guys to attack you at scale.

How Distil Networks Protects Your Apps from Bad Bots and API Abuse

Did you know 30% of Ecommerce website visitors are unsavory competitors, hackers, and fraudsters?

Fact is, online retailers are particularly susceptible to the effects of advanced bot threats, including competitive tactics like price scraping, product matching, variation tracking and availability targeting. Even worse, security breaches such as transaction fraud and account takeovers endanger the overall security of your website, customer base, and brand.

When aggressive scrapers caused repeated site slowdowns, Brian Gress, Director of IT Systems & Governance at Hayneedle, said enough was enough. 

Key takeaways include how to:

- Stop competitors from scraping your prices and monitoring your inventory
- Reduce chargeback fees due to transaction fraud, carding and account hijacking
- Optimize your conversion funnel and enjoy clean analytics and KPIs
- Protect your brand image, reputation and SEO rankings

Brian Gress is Director of IT Systems & Governance at Hayneedle where he leads the network and infrastructure, IT security and compliance, quality assurance, and change management functions and teams. Mr. Gress holds undergraduate and graduate degrees in information systems, is a certified chief information security officer and auditor, as well as a licensed PCI internal security assessor. Mr. Gress also spent several years teaching as an adjunct professor at the University of Nebraska College of Information, Science and Technology.

Are Bot Operators Eating Your Lunch?

This webinar discusses how the biggest problems to your web site aren’t cross-site scripting and SQL injection attacks. The biggest problems are the ones you don’t see; automated bots masquerading as real people browsing through web sites and mobile interfaces.

Traditional web security products directed towards exploits, vulnerabilities and software coding defects don’t look to tell if an automated bot is driving a session meant for people. Only Web Behavior Analytics can determine this.

Attend this webinar for what promises to be a spirited web application security conversation between Eric Ogren, Senior Security Analyst at 451 Research, and Rami Essaid, CEO of Distil Networks.

You will learn:

– The new threat landscape of Advanced Persistent Bots (APBs)
– How Web Application Firewalls (WAFs) and Web Behavior Analytics solve different problems
– The impact bots have on your security results
– How applied Web Behavior Analytics can protect your business

Web Application Firewalls (WAFs) vs. Web Behavior Analytics

For centuries mankind’s greatest innovations came about through careful examination of natural systems. Information Security is no different. This presentation will explore how information security professionals can use the agricultural concept of “permaculture” (the practice of using design principles observed in natural ecosystems) to cultivate a sustainable, data-driven security program. 

In this fast-paced, thought-provoking session you’ll learn:

- The basic tenets of permaculture and how they apply to information security strategy
- How to build a security program that fosters collaboration, coupled with feedback loops and metrics 
- How embracing differences within an organization can lead to increases in productivity and security
- Effective policy and control designs that enhance business objections as opposed to stifling them

About the Speaker

Chris Nelson has a passion for security, especially building security programs and teams in incredibly dynamic organizations. Chris is currently the Vice President of ISSA’s Denver Chapter, and Director of Security for Distil Networks, where he continues to expand his theories on using Permaculture in the design and implementation of security programs and controls. Chris held a similar role at Rally Software after working with Aetna as a security, compliance and privacy lead. Previously, he held similar roles with Return Path and has served multiple Fortune 500 clients in a consulting capacity.

Using Permaculture to Cultivate a Sustainable Security Program

Active Hunting Revealed: How vSOC Identifies Threats in Your Environment

2016 Webroot Quarterly Threat Update

Intelligent Endpoint Security: Why Taking A Modern Approach Matters

Thwarting Cybercrime in Healthcare with Continuous AppSec Testing

Threat Intel - All Hype or Big Help

Ignorance Isn’t Bliss: Why Hunting Attackers Is Critical to Network Security

Cyber Intelligence Exchange: It's Possible and Absolutely Necessary

Using Endpoints to Accelerate Threat Detection, Protection and Response

The Three Axes of Evaluating Security Analytics Solutions

Intel & Threat Analysis – The Defensive Duo

Protecting Online Games from In-Game Threats

True Detective: Detecting Insider Threats and Compromised Accounts in Office 365

Threat Hunters in Action

The OWASP Top 10 Vulnerabilities, last published in 2013, has been a valuable list of criteria by which any Web Application Firewall (WAF) is evaluated, but has a glaring flaw, it only focuses on vulnerabilities in the code, and ignores automated threats. In late 2015, this flaw was addressed and OWASP released the first Automated Threat Handbook specifically to help organizations better understand and respond to the notable worldwide increase of automated threats from bots. This presentation discusses these new bot threats, bot evolution, and how to fight back. 
Keypoints: 

- How malicious bots attack and cause problems

- Why homegrown IT solutions have troubles keeping up with bots, threats

- See Distil Networks in action finding, fighting bots

When Bots Attack! Stopping OWASP’s New Top 20 Automated Threats

malicious

bots

threat

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Get powerful insights to run your business. CEOs, CFOs, CMOs, COOs, CTOs and CIOs are among the leaders in this community who connect with peers and experts to grow their businesses.

CxO Strategy

In the business management community, commercial experts will be sharing webinars and videos on an array of subjects. From sales and marketing, to finance, productivity and growth, this content will help you stay up-to-date with the current economic environment and provide timely management insight to drive business growth.

When Bots Attack! Stopping OWASP’s New Top 20 Automated Threats

Presented by

About this talk

More from this channel