The Big, Bad Bot Problem Q1 2019 Report is Published. Download Now
At ShieldSquare, our primary goal is to ensure that malicious bots are denied access with a 0% false-positive assurance. We are glad to announce our latest update which enhances the experience of genuine users! We will recognize the genuine user traffic on your website and ensure that their experience is not hindered. Which essentially means that your users will no longer have to perform any troublesome activities like solve CAPTCHA repetitively, answer multiple questions or wait until they are white-listed.
A strategy followed most commonly by the online business giants is to throw the CAPTCHA challenge to all the requests originating from a suspected IP address. The problem with this approach is that it might require genuine users to tolerate with repetitive CAPTCHA. While the bot’s IP address can serve as an indicator, it fails to act as a solid identifier. The IP may be shared by multiple client machines on it’s LAN. A security mechanism such as above might affect other genuine users on the same IP.
Have you ever been asked to solve CAPTCHA by Google before you could proceed to their search results page? If yes, it was probably because of some malicious activity from your IP address. This could have been caused by a bot on your LAN using the same public IP address or by some malware on your computer. We ensure that the users on your website will never experience the same.
The below highlighted scenario attempts to provide a real life example of this problem. Consider the following scenario:
Tommy and John share the same IP address. So, is Tommy blocked or is John allowed?
Both! Tommy is blocked and John is allowed to access xyz.com. Here’s how:
We identify malicious activity by analyzing a bot’s behavioral pattern on the website. This analysis is powered by the various parameters which are collected about the bot’s execution state and environment. The result of such an analysis is a bot fingerprint UUID (Universally Unique Identifier). This UUID is used to identify the bot.
Since a bot is identified using a UUID and not the IP, this approach guarantees zero false-positives. When the bot returns, it is recognized by ShieldSquare and blocked. What happens next?
And oh – John remained happy the whole time!