SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Kasada launches new defenses against bot attacks
Thu, 18th Mar 2021
FYI, this story is more than a year old

Kasada has announced the general availability of its new V2 platform in a bid to address the increasing sophistication of bot attacks.

Kasada has upgraded its platform to provide real-time defense against advanced bots that are left undetected by traditional methods. In its V2 release, Kasada has made several improvements that provide customers with an immediate and long-term approach to bot mitigation, without the need for burdensome maintenance.

These include a 15x increase in client interrogation sensors, ensuring the stealthiest automation tools are detected; new proprietary obfuscation which deters reverse engineering attempts, making it extremely difficult and expensive for attackers to retool; and an enhanced cryptographic challenge, wrecking the ROI of bot operations and helping to eliminate the need for CAPTCHAs.

"Intruders continue to stay a step ahead of defenses - constantly evolving their tactics to create new bots that look and act like humans," says Sam Crowther, founder and CEO of Kasada.

"Stopping a bot attack and trying to prevent the next one with behavioural analysis is not effective. What is needed is a proactive approach, one that is constantly adapting alongside attackers, requiring automated bots to prove they are from a source controlled by a human," he says.

Kasada's new V2 defense platform is a modern anti-bot solution that stops attacks by preventing them from entering an organisations infrastructure in the first place - and does so without reliance on rules, heuristics, or risk scoring. Legacy detection systems let automated requests in first to look for suspicious activity - but, by then, it's already too late. By adhering to a zero-trust philosophy, Kasada detects and stops malicious automation from the very first request, before it can do any damage. As bot operators evolve their tactics, including the use of new bots never seen before, Kasada detects with precision in real-time.

"A different approach to bot mitigation is long overdue," says Ed Amoroso, CEO at TAG Cyber.

"To stay one step ahead of bots, you need to immediately prevent new stealthy tactics from doing damage - while also halting their long-term attempts to reverse engineer and bypass your defenses. Kasada frustrates, deceives, and makes attacks too costly to conduct."

The economics and ease with which bots can be used make it highly profitable to conduct automated attacks at scale. Through Kasada's use of mitigative actions and exponentially difficult cryptographic challenges, attackers are frustrated, and their financial incentive is destroyed as the cost to conduct an attack increases.

Kasadas V2 improvements include:

Increase in Interrogation Sensors for Advanced Bot Detection- Kasada has increased its client interrogation sensors by 15x, accurately detecting the use of Puppeteer and Playwright, stealth plugins, and other similar headless browser automation tools.

For mobile apps, it has also incorporated new detections for Android emulators and iOS simulators. These developer tools help attackers fly under the radar of traditional bot mitigation approaches that look for known suspicious behaviours first, instead of identifying the presence of bot-driven automation itself.

Unique Obfuscation Method Resistant to Retooling- Instead of relying on weak obfuscation methods or open source JavaScript tools that can be deciphered easily, Kasada pioneered its own patented technology that dramatically slows any retooling or reverse-engineering attempts. Kasada's lightweight software obfuscates its defenses by using its own proprietary interpreter.

Traditional bot mitigation solutions lose their efficacy over time because the motivated adversaries - the humans behind the bots - are able to reverse engineer defenses. Kasada retains its efficacy by making retooling time-consuming and frustrating, encouraging bot operators to move on to more profitable ventures.

Enhanced Ability to Strike Back -Kasada uses sophisticated cryptographic challenges to further impede bots. Designed to wreck the ROI of bot operations, the challenge has been enhanced and now uses new advanced mathematical models to prevent bot attacks. This process also eliminates the need for CAPTCHAs, which have been shown to be an ineffective tool for validating humans.

More Efficient and Cost-Effective Data Storage for Threat Intelligence- By exporting its data into any observability platform or SIEM, organisations can combine Kasada data with other sources to comprehensively analyse the human, good bot, and bad bot traffic, providing real-time threat intelligence and business insight. Aggregate data volume has been decreased by up to 70%, without losing any information, greatly reducing the cost to store granular log data.