Understanding Bot Threat Scores
To mitigate risk, you really have to understand the metrics behind the risk. This is easier said than done. What if the risk hasn't been seen before? What if the risk is very difficult to measure? For example, how do measure the percentage of companies that self report account take over breaches to the relevant privacy authorities?
Software tools report alerts and risks in completely different ways. It's easy to see why. The vendors are effectively selling risk. How are IT managers supposed to evaluate the relative risks produced from each platform? Is the risk from our pen test score more or less of a risk than the latest report from our SOC, or the output from our SIEM?
So how does VerifiedVisitors try and assess the actual risk?
First we identify the actual risky behaviour itself. It's one thing to understand that you are being visited by know botnet traffic, but is that traffic actually acting in a way that could prove malicious? Then we use a real world metric, showing how these actual threats from behavioural analysis compares to the industry average score, based on all the data we've seen across all our customers.
This method allows our customers to see the relative risk of potentially risky behaviour, and then compare your risk level to that seen in the industry in general.. Below you can how we identify a threat type by the actual behaviour on the site or API, and how your site compares to the industry average score seen for the same threat.
This methodology is not perfect, but at least it represents an attempt to baseline risky behaviour against the industry averages. If your web-estate is securely protected and difficult to breach - then many times, the hackers will just target a less secure site.