Kasada, provider of the most effective and easiest way to defend against advanced bot attacks, today announced platform advancements to address the growing prevalence of automated attacks, including “Solver Services,” which are API-as-a-service tools created to bypass the majority of bot management systems.
When people successfully reverse engineer (solve) a bot detection system’s defenses, this gives them the tools to trick and bypass the system. It also enables them to commercialize the bypass and sell it as a Solver Service to thousands for a profit. Attackers who purchase Solver Services are armed with the power to successfully conduct automated bot attacks without technical skills. This includes credential stuffing, inventory hoarding, web scraping and web reconnaissance.
Kasada’s enhanced platform disrupts this growing supply chain of Solver Services as well as other innovative ways attackers evade detection. The company’s modern, proactive approach to stopping bots adapts as fast as the attackers working against it. This is in contrast to reactive bot management systems that rely on static and poorly obfuscated defenses.
“In our industry, providing immediate and long-term efficacy is everything – yet very few solutions protect and regularly change their defenses to stay ahead of attackers’ speed of innovation,” said Jonathon Hope, head of product, Kasada. “Organizations using anti-bot solutions that remain static and don’t disguise their defense methods are hit the hardest by Solver Services. The majority of bot management solutions fail to detect sophisticated bots up to 90% of the time. The approach to stopping bad bots must evolve in order to remain effective.”
With this release, Kasada has fortified its architecture with new detections for modern bots, combined with the dynamic randomization of its defenses. Kasada’s platform will continuously change throughout an attackers’ attempt to reverse engineer it. This makes the development and upkeep of Solver Services even more time consuming and expensive than before.
These advancements are based on R&D since the launch of Defense V2 in Q1 2021 and include the following:
To deter the threat of Solver Services:
- Dynamic Defense Randomization – Kasada introduces dynamic defense randomization for its polymorphic scripts, detection logic and encrypted payloads. The solution strikes back at automated threats by maximizing how difficult it is to automate against. This disrupts the Solver Service supply chain by taking away the return on investment.
To detect the newest stealthiest bots:
- Advanced Detections – Kasada has increased its client interrogation sensors by more than 2x to identify the latest advancements in headless browser bots, custom mobile bots and switcher bots. Based on the latest threat research, these continually updated sensors identify the presence of automation and break the process when tampered with outside of a browser environment.
- Enhanced Anomaly Detection – Most machine learning (ML) systems and rate-limiting controls are too slow (minutes) or too narrowly focused to detect suspicious bad bot activity and respond to threats. Kasada’s server-side data platform now isolates and mitigates detected anomalies across Kasada’s customer base in less than 30 seconds, reducing the effective attack window.
“Our threat research has found that in the last 12 months, there’s been a more than 750% increase in solver bots being used for login abuse and Account Take Over (ATO) attacks. It’s unacceptable that attackers can easily circumvent the majority of bot management solutions for only a few hundred dollars. This has to change,” added Sam Crowther, founder and CEO of Kasada. “Our deep Red Team expertise gives us the unique perspective to quickly understand attackers’ latest approaches and counter them with our agile defense platform.”
For more information about the new threat presented by Solver Services, click here – and to learn more about how Kasada’s modern approach reimagines the bot management industry
For more such updates follow us on Google News ITsecuritywire News