Bot Management for a Web Portfolio

If you are managing many different web, API's or micro-sites, you will know what a security challenge managing this portfolio can be. At VerifiedVisitors we know how hard it can be juggling a portfolio of sites, all with different builds, configs and security setups, and this is the reason we've designed our new security console as shown below.

We've made your task so much easier, with our new Command & Control security centre - aimed at the busy webmaster, CISO or agency in mind.

From one console, you can see all the current threat types hitting your web and API endpoints. For each site we brake down by the automated traffic by type of attack and associated threat levels, not only that we also suggest dynamic rules for each threat type which you can enable in seconds.

command & Control

Account Take Over (ATO) is often the highest level threat for many endpoints. All it needs is one ATO attempt to succeed to leave you open to data theft, reputational damage as well as potential data protection / GDPR liabilties and exposure.

We show you the potential ATO attack paths and automated traffic hitting your sensitive login / admin paths. How real is the threat? We compare the ATO traffic hitting your paths with our industry average metrics, calculated from all our client traffic, to show you an aggregate score.

Industry Threat Average

For each attack type, clicking on the flip icon on the top right shows the detail of the bot activity, and why it matters. This allows you to assess the underling threat, and then choose to activate a dynamic rule to mitigate the potentially malicious bot activity.

Managing threats across multiple domains is easily using the VerifiedVisitors Command & Control center. In one view, you have the threats to each domain and the associated paths, in this example you can see potential account take-over logins. To mitigate this attack threat, all you need to do is select the domains as you want, select all the paths or choose just your specific admin and login paths, add a name and apply a dynamic rule.

Domains and Path Rules Management

The dynamic rule then looks for all Account Take Over (ATO) no matter what the IP, user agent or other parameters. Our account take over detector automates the identification and mitigation every hour of every day. No longer do you have to reactively play whack-a-mole by adding user agents and IPs in your WAF. You simply use the Command and Control Centre to identify all the threat areas, and use dynamic rules to enforce compliance.

With a range of mitigations available to you when creating your rule, select the action you'd like to be taken for the automated traffic before it hits your website, for example, you can block the traffic, or serve Captcha to seek additional verification that the traffic is actually automated before you hard block.

Dynamic Rule Generator

Once you start applying rules to each of the threat types, you will see that the amount of managed automated traffic goes up, and the actual threats start to go down as you mitigate the threats. All the incoming traffic that is mitigated is displayed in the mitigated traffic tab - showing you clearly which visits have been mitigated and why.

VerifiedVisitors has transparency at its core, your in full control and able to see exactly how we're protecting your estate.

On the right hand side of the Command and Control Centre you will see the Allowlist tab, which is where you manage and verify the commercial bot services you actually do want crawling your site. Increasingly, hackers are impersonating legitimate bots, knowing that it's only too easy to whitelist e.g. Googlebot - but instead let a malicious crawler cause havoc across every path on your endpoint.

Managed Bot Services

From the Allowlist tab you can use our recommendation engine to select the common legitimate bot services that most site owners allow and encourage, e.g search engines like Google, Yahoo and Bing. The bot database is split into 32 different categories, so you can easily decide on your policy for each category. For example, if you don't sell internationally, then you won't need to allow the Russian Yandex or the Chinese Badu crawlers on your website. We analyse all the bots currently circulating in the wild, and give you a breakdown and description of what they are doing and why, as well our recommendation.

Check more blogs

Get updates on the content