2019 State of Bot Protection

Web Traffic Composition

Robust bot management is essential for web security today. On average across different verticals, only 38 percent of incoming requests originate from human users. The remaining 62 percent have an automated source.

Not all bots are harmful. Some (such as search engine spiders) are often welcome, and some (such as content aggregators) are not overtly hostile. However, almost 40 percent of incoming requests come from malicious bots.

Consequences of Inadequate Protection

Threat actors use bots to wage a variety of web attacks. In fact, almost all attacks involve bots in one way or another. Hostile bots which are not identified and blocked can create a variety of problems for organizations with significant web assets (sites and web applications, microservices, and mobile/native API endpoints). Some of the potential problems are:

• Site downtime
  when DDoS attacks exhaust app/server resources.
• Data theft
  from scraping.
• Site breaches
  via vulnerability discovery bots.
• Loss of revenue
  from inventory hoarding.
• Bad business decisions
  from skewed analytics.
• Account theft
  from credential stuffing.
• Merchant account problems
  from credit card testing.
• Degraded customer experience
  from loss of bandwidth & resources.