11 Feb 2022 • 10 min read
11 Feb 2022 • 10 min read
In January 2022, GeeTest launched a new bot management solution “3 Shields”. It is an innovative solution to growing malicious bot traffic that protects websites and apps from automated bot attacks and digital fraud. GeeTest severs over 320,000 websites and apps worldwide including Imperva, DataDome, miHoYo, Binance, Nike, etc, and issues over 1,400,000,000 requests every day.
While companies worldwide have moved more of their business online, cyber attackers have also increased their use of bots to automate and expand their attacks. According to a recent report from Imperva, in 2021, over a quarter of all traffic was bad bots which accounted for 25.6% of all website traffic. That is a 6.2% increase over the previous year, following a 41% growth in bot attacks in the first half of the year (LexisNexis Risk Solutions).
And these are just the tip of an iceberg. Cybercriminals and fraudsters have deployed all sorts of malicious bots all over the internet and are scaling up attacks across the whole customer journey from account creation to payment, and consequently, online businesses face both financial and reputational losses.
When it comes to "the battle against bots", most companies prepare inadequately. One of the main issues that enterprises face is not being able to identify bots accurately and smartly.
There are lots of bot detection tools available today. Some run strict rules to detect and block bad bot activities, resulting in false-positive problems and a horrible user experience. Some provide a relatively good user experience by compromising on security. In the end, it is companies that have to choose between user experience and security.
An ideal bot management solution is one that can achieve a balance between security and a good user experience.
GeeTest believes that the reason why cybercriminals use bad bots to attack online businesses is that they have three advantages that security vendors tend to neglect most of the time.
Firstly, attackers use automated tools to increase the efficiency of bots attacks, ensuring attacks happen day and night.
Secondly, they control dozens of mobile devices via group/cloud control platforms to help bots bypass device detection.
Thirdly, they have access to credential information to back up bot attacks that involve identity verification, like ATO.
In the light of the findings above, GeeTest developed their new bot management solution "3 Shields" which has three key strengths: ①behavior verification, ②identity verification, and ③device verification to decrease attacker's efficiency in three aspects.
To accurately identify bots while keeping legitimate users' experience uninterrupted, GeeTest made a major upgrade to their flagship product GeeTest CAPTCHA. The new upgrade is called Adaptive CAPTCHA which is the 4th generation of GeeTest CAPTCHAs. It ensures both ease of use and security in every step of the online customer journey.
Cloud and group control platforms allow cybercriminals to use different devices for different attacks which helps them bypass device-based verification. Device fingerprinting or machine fingerprinting used to be an efficient way to identify users' devices by checking their IP, cookie, etc. However, with the help of cloud/group control platforms, the devices that attackers use can have unique information which is harder to detect.
GeeTest built a network on their device-based verification product. Instead of combining certain attributes of one device to identify it as a unique device, GeeTest took one more step, adopting the GCN algorithm to create a network of all devices they've detected, and in turn, to use the network to analyze new devices.
(GeeTest device-based verification product is soon available for clients worldwide after the Beta test is finished.)
Identity verification ensures that there is a real person behind an online interaction. As cyber attackers use stolen credential information to back up automated bot attacks like scalping, it is necessary to verify each user's identity as long as online business owners want high-quality traffic.
(GeeTest identity verification is soon available for clients worldwide after the Beta test is finished.)
GeeTest claimed that "3 Shields" is a bot management solution that aims at three vital strengths of attackers and is a dynamically changed solution. After all, you can not defeat bot attacks once and for all, as they are also learning from us.
"Every website or app needs traffic for generating sales or business growth, but it is not 'the more, the better. Both quantity and quality of traffic are important for a high-performing online business. High-quality traffic means a higher conversion rate and sales volume, while malicious bot traffic only wastes your ad bill and holds up the development of your business. Bad bot traffic keeps taking up internet traffic, and it is urgent for online businesses to identify high-quality traffic. GeeTest provides '3 Shields' for companies to boost their business by helping them identify good traffic and block bad traffic." said Long Fang, GeeTest's VP.
Follow GeeTest on LinkedIn, Twitter, and Facebook for regular updates on bot attack research, case studies, and other news.
3 Shields is a bot management solution belonging to GeeTest, based on GeeTest's exclusive AI models and 9-year experience of defending bad bots. Focusing on the research of cyber attackers and bot attacks, GeeTest provides 3 Shields as a comprehensive solution to protect websites, apps, and APIs from bot attacks.
Founded in 2012, GeeTest is a leading bot management company that offers international bot mitigation solutions and services, including CAPTCHAs, with advanced AI and ML models. The company protects over 320,000 websites and apps worldwide including Imperva, DataDome, miHoYo, Binance, Nike, etc, and issues over 1,400,000,000 requests every day.
Content Marketing @ GeeTest
Subscribe to our newsletter