Are Bot Operators Eating Your Lunch?

When aggressive scrapers caused slowdowns on iCruise.com, Antoine Zammit, VP of technology at its parent company WMPH Vacations, said enough was enough.

Distil Networks is a bot detection and mitigation specialist. It works with some of travel’s biggest names such as Sabre, Skyscanner, Amadeus and Lufthansa as well as specialist operators of scale, such as WMPH.

In this Tnooz workshop, Elias Terman, Vice President of Marketing, Distil Networks gives a data-driven overview of the current state of the bad bot landscape, the recent shift of bad bot activity to mobile and new bot-driven scams such as spinning.

What are the odds that your gaming website is being compromised by automated bots?

Ten to one. With the incredible amount of money being transacted on gaming websites, cyber criminals and fraudsters have turned to sophisticated automation. Now more than ever, website defenders must remain vigilant in protecting user accounts and their account balances from hijacking and fraud.

Unscrupulous competitors and other nefarious actors also use bad bots. They scrape betting line data, which they then use to capitalize on your unique content, perform electronic arbitrage, and create an unfair playing field. Aggressive web scraping can also lead to application denial of service, and a poor user experience.

Watch this interactive webinar with Distil Networks to learn how to:

- Protect betting revenue
- Stop betting line web scrapers 

- Prevent account takeover 

- Reduce transaction fraud 

- Eliminate in play bots 

- Improve website performance

Forward thinking brands understand the importance of IT and business working together to solve the bad bot problem. Join a lively conversation with leaders from Build.com, SiteSpect, and Distil Networks to learn actionable ways to increase online revenue.

Blocking bad bots isn’t just the purview of the IT department. When nefarious competitors, hackers and fraudsters use bots for competitive intelligence, account takeover, and fraud, they also skew web analytics, and place a drag on marketing KPIs and the customer experience.

Key takeaways include:

- The downstream impact of bot activity on client-side and server-side testing
- The interplay between your pricing strategy and cart stuffing
- How to protect your competitive advantage, site security, SEO rankings, customer base, and brand
- Build.com’s journey to better site performance and funnel optimization

“Bots” first entered popular consciousness last year with the passing of the BOTS Act, and the proliferation of messaging bots. However, those of us in the ticketing industry have been dealing with bots for years.

Rami Essaid, CEO of Distil Networks, and Niels Sodemann, CEO of Queue-it enage in a lively conversation on the evolution of good and bad bots, their impact on the ticketing ecosystem, current and pending legislation, and innovative onsale bot mitigation strategies.

The notion of API management in which enterprise architects, app developers and IT security experts work in harmony is great in theory. The reality, according to new research from Ovum, is much more scattered.

Watch Ovum IT Security Analyst Rik Turner as he dives into new primary research on how companies are really managing API security. Then watch the lively conversation as Rami Essaid, CEO of Distil Networks, explains why APIs are becoming such an increasingly attractive target for hackers. Lastly, Shane Ward, Senior Director of Technology at GuideStar, will share best practices and pitfalls to avoid when managing both free and paid access to your APIs.

Key takeaways will include:

- How to benchmark your organization's API security and internal processes against your peers
- Why CIO and/or CISO visibility into how API security is managed across the enterprise is so critical
- How to map your business requirements to your API security strategy
- A primer on API security controls, including geo/org fencing, token governance, dynamic access control lists and advanced rate limiting
- Why heavy "application services governance" software suites are the wrong approach

The Drupal Association and Distil Networks would like to invite you to a webinar about how we teamed up to protect the home of one of the largest and longest standing open source projects from spam.

Learn the profile of a modern spammer, why they target a site like Drupal.org, and why the anti-spam measures of the past are no longer sufficient.

We'll walk you through Distil Networks unique approach to identifying bots and bad actors, and how we implemented this on Drupal.org.

Finally, we'll explain how other large scale Drupal sites can use similar techniques to protect themselves.

Did you know that 16.1% of bad bots now masquerade as mobile devices? Or that bad bot traffic is up 36.43% on the world’s largest site since 2015?

Distil Networks has produced their fourth annual Bad Bot Report. It's the IT Security Industry's most in-depth analysis on the sources, types, and sophistication levels of 2016’s bot attacks -- and there are serious implications for anyone responsible for securing websites and APIs.

Bad bots are expanding at an epidemic rate creating a scourge across the Internet. Bots are the primary culprits behind widespread attack vectors including web scraping, competitive data mining, account takeovers, transaction fraud, unauthorized vulnerability scans, spam, man-in-the-middle attacks, digital ad fraud, API abuse, and application denial of service.

Register today to gain actionable insights on how to defend your websites and APIs for the coming year of automated threats.

Join David Monahan, Research Director, Security and Risk Management at Enterprise Management Associates, and Rami Essaid, CEO of Distil Networks as they dive into the data to reveal:

- 6 high-risk threats every IT security pro must protect against
- The top OWASP Automated Threats you need to start tracking right now
- How bad bot activity varies based on your industry and your vulnerability profile
- The worst offending bad bot countries, ISPs, mobile operators, and hosting providers

Register today to gain actionable insights on how to defend your websites and APIs for the coming year’s onslaught of automated threats.

Bonus: All registrants will receive a copy of Distil Networks 2017 Bad Bot Landscape Report, presentation slides, and a copy of the EMA White Paper: Bot Defense: Insights Into Basic and Advanced Techniques for Thwarting Automated Threats (a $99 value).

Malicious bots, or what OWASP calls Automated Threats, are more sophisticated than ever and fast becoming the biggest threat to web application security. Join Tin Zaw, Director of Security Solutions at Verizon Digital Media Services and Edward Roberts, Director of Product Marketing at Distil Networks, for a lively conversation about the new automated threat and how enterprises can protect themselves with a proactive and layered approach to web application security and performance.

About the Presenters:

Tin Zaw, Director of Security Solutions, Verizon Digital Media Services
Elias Terman, VP of Marketing, Distil Networks
Edward Roberts, Director of Product Marketing, Distil Networks

Did you know 30% of travel industry website visitors are unsavory competitors, hackers, spammers, and fraudsters?

Worse yet, unwanted traffic from web-scraping bots can negatively impact revenue management targets and yields across multiple distribution channels. Join Anthony Drury, Director, Head of Business, at easyJet, as he takes you through his strategy to ensure easyJet customers -- wherever they are booking -- get price and availability content through approved API channels. The approach of easyJet ensures that all bookings are screened for fraudulent activity and blocks are added to restrict screen scraping.

Watch the reply to learn how to:

- Eliminate the cascading negative effects of screen-scraping bots
- Optimize revenue while simultaneously improving the customer experience
- Strengthen travel industry partnerships by creating a level playing field
- Improve website KPIs like look-to-book ratios, SEO page rank, cross-selling/up-selling, site speed and conversion rates

The digital advertising marketplace is under sustained attack from increasingly sophisticated Non Human Traffic (NHT) (aka Bots) that divert, steal, and defraud billions of dollars a year. According to a new study by The 614 Group, 78% of digital publishers identify NHT post campaign, and 39% proactively block it outright--just one of many revelations collected from surveying over forty digital publishers’ about their daily battle to combat digital ad fraud.

Watch our discussion led by The 614 Group and Distil Networks with commentary from industry luminaries.

Key Takeaways include:

- Insights from top digital publishers on the impact of NHT on their businesses, NHT countermeasures, and the impact of these countermeasures on their bottom line
- Understand why the impact of the even 3% or 5% of NHT that lands on a site is even greater than that amount
- Watch a conversation on how we can understand the impact of NHT at a campaign level or in other words how does NHT actually affect your clients
- The differences between NHT “blocking” and “auditing”, and key use cases for each

Automated threats are bad bots and are being used by hackers and fraudsters to exploit your web applications. Whether it's account takeovers, unauthorized vulnerability scan, testing stolen credit cards, DDoS attacks bringing down your site, bots are being leveraged by the bad guys to attack you at scale.

Did you know 30% of Ecommerce website visitors are unsavory competitors, hackers, and fraudsters?

Fact is, online retailers are particularly susceptible to the effects of advanced bot threats, including competitive tactics like price scraping, product matching, variation tracking and availability targeting. Even worse, security breaches such as transaction fraud and account takeovers endanger the overall security of your website, customer base, and brand.

When aggressive scrapers caused repeated site slowdowns, Brian Gress, Director of IT Systems & Governance at Hayneedle, said enough was enough.

Key takeaways include how to:

- Stop competitors from scraping your prices and monitoring your inventory
- Reduce chargeback fees due to transaction fraud, carding and account hijacking
- Optimize your conversion funnel and enjoy clean analytics and KPIs
- Protect your brand image, reputation and SEO rankings

Brian Gress is Director of IT Systems & Governance at Hayneedle where he leads the network and infrastructure, IT security and compliance, quality assurance, and change management functions and teams. Mr. Gress holds undergraduate and graduate degrees in information systems, is a certified chief information security officer and auditor, as well as a licensed PCI internal security assessor. Mr. Gress also spent several years teaching as an adjunct professor at the University of Nebraska College of Information, Science and Technology.

The OWASP Top 10 Vulnerabilities, last published in 2013, has been a valuable list of criteria by which any Web Application Firewall (WAF) is evaluated, but has a glaring flaw, it only focuses on vulnerabilities in the code, and ignores automated threats. In late 2015, this flaw was addressed and OWASP released the first Automated Threat Handbook specifically to help organizations better understand and respond to the notable worldwide increase of automated threats from bots. This presentation discusses these new bot threats, bot evolution, and how to fight back.
Keypoints:

- How malicious bots attack and cause problems

- Why homegrown IT solutions have troubles keeping up with bots, threats

- See Distil Networks in action finding, fighting bots

This webinar discusses how the biggest problems to your web site aren’t cross-site scripting and SQL injection attacks. The biggest problems are the ones you don’t see; automated bots masquerading as real people browsing through web sites and mobile interfaces.

Traditional web security products directed towards exploits, vulnerabilities and software coding defects don’t look to tell if an automated bot is driving a session meant for people. Only Web Behavior Analytics can determine this.

Attend this webinar for what promises to be a spirited web application security conversation between Eric Ogren, Senior Security Analyst at 451 Research, and Rami Essaid, CEO of Distil Networks.

You will learn:

– The new threat landscape of Advanced Persistent Bots (APBs)
– How Web Application Firewalls (WAFs) and Web Behavior Analytics solve different problems
– The impact bots have on your security results
– How applied Web Behavior Analytics can protect your business

Web scraping - the process of using bots to systematically lift content from a website - is either loved or hated. Startups love it because it’s a cheap and powerful way to gather data without the need for partnerships. Large companies use web scraping to gain competitive intelligence, but try to block others from doing the same. However, new legislation and high profile court cases have called into question the legality of web scraping.

In this lively conversation, diverse panelists will discuss the origin of web scraping, the changing legal landscape, and the legal and technical best practices for protecting your website content.

For centuries mankind’s greatest innovations came about through careful examination of natural systems. Information Security is no different. This presentation will explore how information security professionals can use the agricultural concept of “permaculture” (the practice of using design principles observed in natural ecosystems) to cultivate a sustainable, data-driven security program.

In this fast-paced, thought-provoking session you’ll learn:

- The basic tenets of permaculture and how they apply to information security strategy
- How to build a security program that fosters collaboration, coupled with feedback loops and metrics
- How embracing differences within an organization can lead to increases in productivity and security
- Effective policy and control designs that enhance business objections as opposed to stifling them

About the Speaker

Chris Nelson has a passion for security, especially building security programs and teams in incredibly dynamic organizations. Chris is currently the Vice President of ISSA’s Denver Chapter, and Director of Security for Distil Networks, where he continues to expand his theories on using Permaculture in the design and implementation of security programs and controls. Chris held a similar role at Rally Software after working with Aetna as a security, compliance and privacy lead. Previously, he held similar roles with Return Path and has served multiple Fortune 500 clients in a consulting capacity.

For many of today’s businesses, web applications are their lifeline. The growing complexity involved in keeping these applications fast, secure, and available can be seen as a byproduct of shifts in how these apps are developed, deployed, and attacked. This discussion will explore how high level trends in today’s web environments and the cyber attack landscape are shaping tomorrow’s application security solutions.

In session you’ll learn about:
- Trends in contemporary web applications that are forcing security evolution
- How today’s cyber attack landscape impacts cybersecurity
- What modern IT security solutions look like
- Distil Networks Overview

30 percent of travel industry website visitors are unsavory competitors, hackers, spammers, and fraudsters. Fact is, travel suppliers, OTAs, and meta search sites are all being scraped by bots which hurts their marketing metrics, SEO, website performance, and customer loyalty.

To help travel technologists and marketers better understand the keys to web security, Skift and Distil Networks hosted this webinar.

Preventing Competitor Price Scraping, Unwanted Transactions, Brute Force Attacks, and Click Fraud

Like most ecommerce sites, StubHub’s competitors try to scrape their prices, and monitor inventory and customer behavior. Meanwhile, other nefarious actors attempt brute force attacks and transaction fraud. Learn advanced website security and web infrastructure management strategies from StubHub, the world’s largest ticket marketplace, and Distil Networks, the global leader in bot detection and mitigation.

Learn how to:
•Protect prices and product listings from being scraped or monitored by competitors
•Defend your site against brute force login attacks and carding
•Ensure brand secrets and pricing schedules are kept safe
•Increase revenues by ensuring traffic is from legitimate sources
•Protect your brand image, reputation and SEO rankings