When’s the last time that you met with your bot management vendor?

For the last few years, I have written about bots and bot management during the holiday season. I ask the above question because I’ve noticed a pattern that goes something like this:

  1. Organization realizes that it has a bot problem.
  2. Organization acquires bot management solution.
  3. Bot attacks decrease; organization is happy.
  4. Confident that it has solved the bot problem, the organization keeps the solution running but neglects to regularly tune it.
  5. Meanwhile, bot operators learn, improve, and update their bots.
  6. Slowly, bot traffic begins to increase again.
  7. Organization realizes that it has a bot problem.

It’s true: You can get away with configuring some application security tools once and then simply rely on periodic rule updates and zero-day responses from the vendors to address new threats. For example, web application firewalls (WAFs) are initially tuned to address the OWASP Top 10, various industry regulations, and policies developed by a particular organization. WAF vendors will then push out new rules, and this method has proven to be quite responsive to attacks such as Log4Shell. This does not mean that WAF is a “set it and forget it” tool, but standard web application attacks like SQL injection are well understood, and the protections and mitigations haven’t really changed.

Bot operators constantly learn and adapt to the latest protections. The upshot: What worked during Thanksgiving might not work come Christmas. Each bot is typically custom-built to meet a particular goal against a particular website (e.g., the bot that targets PS5s at Walmart will be different from the bot that targets graphics cards at Best Buy). Bot developers use their knowledge of each site’s bot protections to continuously tune their bots and evade detection. Therefore, a good, proactive bot management vendor must have a strong threat intelligence team and constantly update its rules and detections to account for the latest bot evolutions.

If you haven’t met with your bot management vendor recently, ask them now about attacks that they are seeing, the latest evolutions in bots, new rules and detections that they have pushed to your system, and any additional tuning that they recommend you enact. To paraphrase Kermit the Frog, there are only 31 more sleeps until Black Friday. Now is not the time to sleep on your bot management strategy.

For more information, check out Stop Bad Bots From Killing Customer Experience, or set up an inquiry or guidance session with me.