New Report: WAFs Fail to Protect Against Bot Attacks

Cequence Security and Osterman Research publish research revealing
the security challenges and productivity impact of bot attacks targeting
large enterprises

SUNNYVALE, Calif. (BUSINESS WIRE) Cequence Security today released a new report that highlights both the

security and productivity challenges resulting from the growing number

of bot attacks targeting today’s hyper-connected organizations. The

research, commissioned by Cequence Security and conducted by Osterman

Research, is based on data from 211 large enterprises across the US. All

of these organizations have been the victim of automated bot attacks.

New Report: WAFs Fail to Protect Against Bot Attacks

Bot attacks often use previously stolen user credentials to gain

unauthorized access to the web, mobile, and API application services

that organizations rely on to support business processes and engage with

their customers. “Companies in our research have deployed an average of

482 different applications, on premises or in the cloud, and they are

being targeted more than 500 times each day,” explained Michael

Osterman, CEO of Osterman Research. “The top three attack types most

disruptive to their businesses are account takeover, application denial

of service, and API/business logic abuse.”

The research revealed that 90% of these organizations have deployed a

web application firewall (WAF) as an essential line of defense, and 85%

have at least one full-time person focused on bot defense. Despite these

investments, organizations reported that they spend an average of 2,880

minutes (48 hours) to detect the bot attack, plus another 48 hours to

effectively mitigate the event. Based on their reported labor costs, it

means that enterprises are spending more than $177,000 annually on human

capital to manage bot attacks.

“If you dig a little deeper, you discover that more than a third of

these companies have also deployed first-generation bot management tools

in addition to their WAF,” explained Franklyn Jones, CMO at Cequence

Security. “That sounds like a smart move until you realize that 100% of

those companies must continuously spend time modifying hundreds of Web

and mobile apps in an attempt to detect bot traffic. That’s a poor use

of skilled labor and likely a big contributor to their labor costs.”

First-generation bot management tools helped to reduce detection time to

600 minutes (10 hours) on average, but the time required for bot

mitigation remained unchanged at 2,880 minutes.

The report also revealed the top three capabilities customers would like

to have integrated into a bot management solution:

Automatic discovery all web, mobile, and API application assets
deployed on premises and in the cloud. AI-based machine learning and behavioral analysis technologies that
can accelerate the accurate detection of bot attacks. Automated mitigation options that enable security teams to quickly
stop a bot attack before it can achieve its objectives.

“The data from this research report reveals two key requirements large

enterprises want innovative solutions that can strengthen the security

posture of their organizations, and almost as important, they want

automated solutions that will improve the productivity of their security

teams,” said Osterman.

Cequence Security and Michael Osterman will present more details from

this research during a live webinar scheduled for January 30, 2018. To

download the report and register for the event, please

click

here

About Cequence Security

Cequence Security delivers automated security software solutions for