How to Map Your Bot Use Cases and Protect Your Brand
Bots are ubiquitous across the web. If your business has an online presence, it’s being targeted by automated attacks. So, it’s unsurprising to us at Netacea that in the Gartner Hype Cycle for Application Security 2023, bot management is classed as an early mainstream technology – less than two years from reaching full maturity.
The nature and purpose of bot attacks depends on many factors including industry, seasonality, and even the functionality of the target. In short, attackers look for any opportunity to automate attacks against a profitable victim.
For example, eCommerce and ticketing sites selling in-demand items from sneakers to concert tickets must be prepared to counter scalper bot activity from the moment such items become available. If a site offers a welcome bonus or discount for new members, bots are likely to automate the registration process with fake account creation. Existing user accounts are universally vulnerable to credential stuffing and account takeover attacks, exposing personally identifiable information, loyalty points and gift card balances to criminal marketplaces.
Leaving these malicious bots unchecked is not an option. The cumulative cost to the business across the year can easily dwarf a ransomware attack or even several GDPR fines. Bots affect not just security, but also fraud, UX, marketing and site reliability functions, which compounds the operational impact of bots.
Defining bot use cases to build better defenses
To help businesses address these impacts, in August 2023 Gartner published its first report dedicated to tackling the bot threat: “Innovation Insight: Bot Management for the IAM Leader”. As part of building effective defenses against these attacks, the Gartner report recommends to “select a bot management solution that meets current and anticipated requirements by mapping all bot use cases to internal stakeholders across different teams.”
In our opinion this makes perfect sense – bot attacks are varied in their tactics so no singular approach will block every use case. The first step must be formally mapping out the risks.
Defensive strategy guided by the BLADE Framework
For this purpose, the report goes on to introduce the Business Logic Attack Definition (BLADE) Framework, a MITRE-style framework which “describes a range of kill chains that give insight into the need for effective bot detection and mitigation.”
Now open source, the BLADE Framework was conceptualized and pioneered by the Netacea threat research team. At Netacea, we map every new customer’s use cases to BLADE kill chains at the start of each project, which allows us to focus our defensive strategy. No matter which bot management solution a business is using, we think it’s essential to align business logic vulnerabilities to BLADE.
Bot use cases impact different parts of the business at different points in the kill chain. For example, an initial high-volume scraping attack causes the most burden to infrastructure teams and site reliability engineers, and even marketing teams are affected by an influx of fake traffic skewing their reports. Later in the kill chain for the same attack, the attack could use the scraped data to launch a scalping attack, which creates poor UX for genuine customers, or hampers fraud teams by creating cloned versions of the website.
The Gartner report notes that “the buying persona for bot management tends to vary and lack consistency. Gartner observes bot management being owned by security teams, digital commerce teams, infrastructure teams and even UX teams. In this environment, it is critical that organizations ensure purchase and use of bot management is a genuinely cross-functional endeavor.”
Example: Mapping a typical eCommerce site’s bot use cases with BLADE
To use a generic example, a retail website can map bot use cases most simply by listing the functionality of their site, mobile apps and APIs, and the ways bots can exploit each.
Does the site have product information, rich content and pricing? Prepare for scraping bots.
Do you sell products that could become high demand? Be vigilant against scalper bots, spinner bots and inventory hoarding bots.
Is there a user login feature? List down credential stuffing bots and account takeover.
Do new users get a special offer, such as 10% off or free shipping on their first order? You will need protection from fake account creation bots.
Can customers check gift card balances? Watch out for gift card cracking bots.
Do you have an online checkout to make purchases? It will be vulnerable to carding (card cracking) bots.
The list goes on, but using the BLADE Framework will help you make sense of not only your points of vulnerability, but also the tactics and techniques you need to specifically defend against.
Have you mapped your bot use cases across each department?
The best way to assess your organization’s posture against bot attacks is to map potential use cases with the BLADE Framework. Learn about how this works in more detail using the guide “Getting Started with the BLADE Framework” and by exploring the open-source site.
As a dedicated bot management solution listed as a representative provider in the Gartner report “Innovation Insight: Bot Management for the IAM Leader”, Netacea offers protection against all use cases, and can adapt our machine learning algorithms to defend specific use cases for each client. We think this is an advantage over bundled bot management solutions that offer protection against generic threats but little support for more targeted attacks that cause the most harm.
Get in touch and we’ll be happy to talk to you about the bot use cases threatening all parts of your organization.