Netacea Helps Sneaker Retailer Stop Bot Attacks Missed by CDN Based Solution

Category: Scalper Bots


More bots detected than previous solution

Article Contents

    The Challenge

    The client is a trend-setting footwear retailer operating two brands, selling some of the most sought-after shoes for labels such as Nike, Adidas and UGG.

    Due to the high-demand nature of their products, the retail group is besieged by automated attacks on their eCommerce platforms, as scalpers aim to scoop up the entire inventory in rapid succession to resell at a profit. Bots aggressively scrape product availability information, putting considerable strain on the service at peak times, which caused outages and slowdown whilst incurring significant overage charges for their infrastructure.

    Bots then automate the add-to-cart and checkout process, purchasing the whole stock allocation from under the noses of genuine customers in seconds. The scalper groups responsible were boasting online about snatching the hottest releases from the client causing significant reputational damage for the business, from both angry customers and suppliers who had to undertake costly investigations into fraudulent orders.

    Although the retailer’s CDN had bundled a bot management solution in with their security package, they were fighting a losing battle. This left them frustrated by the need to constantly update blocking rules that were quickly bypassed, and disappointed in their solution’s inability to detect and mitigate attacks.

    The Solution

    In an offline proof of value exercise analyzing 28 days’ worth of web logs, Netacea identified six times more malicious bots than the CDN’s solution had spotted.

    In response, the incumbent bot protection supplier upgraded the client’s package to their highest tier, but Netacea was still able to detect three times as many bad bots than the incumbent’s enhanced solution.

    Comparison of Netacea sneaker bot detection vs competitor

    How Netacea Beat the Existing Bot Protection Solution

    Netacea is proven to detect as much as 600% higher levels of malicious traffic than competitors due to our unique bot protection technology and methodology.

    The retailer’s previous supplier used rate limiting to block IP addresses making a suspicious number of requests over time. However, sophisticated bot users can bypass rate limiting by distributing the attack across multiple origins.

    To combat this, Netacea uses behavioral analysis of all traffic simultaneously. Even when an attack is dispersed across different data centers, countries, IP addresses and using many different user agents, Netacea’s machine learning based detection engine can identify and block the bad traffic.

    The old supplier also used fixed lists of origins that are either blocked or allowed. As new attackers emerge and old attackers retool, these lists need to be changed constantly, which took hours or sometimes days to implement, leaving the client exposed to zero days whilst requiring complex change control to manage.

    With Netacea, changes in attacks are blocked proactively and automatically, with no input required from the client thanks to our machine learning approach and integration at the edge. This saves time and always delivers up-to-date protection.

    Integrating with Netacea

    The client was able to integrate Netacea Bot Management with their existing CDN very quickly using a ready-made plugin. This allows the client to still benefit from their CDN’s WAF and DDoS protection, whilst adding Netacea’s superior bot detection capability, adding close to zero latency to the platform with seamless integration.

    The Outcome

    Once the client deployed Netacea’s mitigations inline and switched off their previous bot protection supplier, they saw an immediate drop in requests to their platform, with no impact on orders or conversions, indicating a high level of blocking accuracy and very low false positives.

    Netacea has managed to pick up bot threats that other competitors don’t even notice due to a great threat detection system.

    eCommerce Operations Manager

    This has reduced the strain on their infrastructure, resulting in a more stable platform with less risk of outages. Netacea’s deployment at the edge also means the client doesn’t have to spend time updating policies anymore, as detection modules are automatically kept up to date, allowing for faster mitigation of zero days and new bot attacks.

    Blocking bad bot traffic also prevents scalpers from snatching popular items for resale, removing frustration for customers and suppliers. Netacea’s bot expert team provide actionable insights after product drops, saving time in manual investigations that keep the retailer’s suppliers happy too.


    • Reduced strain on infrastructure
    • Scalping prevented during hot drops
    • No more slow, manual policy updates to stay protected
    • Faster detection of zero days and new bot attacks

    Block Bots Effortlessly with Netacea

    Book a demo and see how Netacea autonomously prevents sophisticated automated attacks.

    Related Case Studies

    US American Football cover art photo
    Case Study

    “The Big Game” Streamed Seamlessly to Millions Thanks to Netacea

    Netacea protected a major streaming service from outages during a major livestreaming event, mitigating huge credential stuffing attacks.
    Case Study

    Netacea Keeps an Online Pharmacy Safe from Scraping Attacks

    Aggressive scalper bots were threatening the availability of a major online pharmacy at peak times. Find out how Netacea protects them against malicious automation.
    Case Study

    Netacea Detects 11x More Bots Than Previous Bot Solution for Luxury Shoe Retailer

    Learn how Netacea helped a retailer of luxury shoe brands spot 11 times more bad bots than their previous solution, resulting in a 73% reduction in web traffic.

    Block Bots Effortlessly with Netacea

    Demo Netacea and see how our bot protection software autonomously prevents the most sophisticated and dynamic automated attacks across websites, apps and APIs.
    • Agentless, self managing spots up to 33x more threats
    • Automated, trusted defensive AI. Real-time detection and response
    • Invisible to attackers. Operates at the edge, deters persistent threats
    Book a Demo