Building Cloudflare Bot Management platform is an exhilarating experience. It blends Distributed Systems, Web Development, Machine Learning, Security and Research (and every discipline in between) while fighting ever-adaptive and motivated adversaries at the same time.
This is the ongoing story of Bot Management at Cloudflare and also an introduction to a series of blog posts about the detection mechanisms powering it. I’ll start with several definitions from the Bot Management world, then introduce the product and technical requirements, leading to an overview of the platform we’ve built. Finally, I’ll share details about the detection mechanisms powering our platform.
Let’s start with Bot Management’s nomenclature.
Bot - an autonomous program on a network that can interact with computer systems or users, imitating or replacing a human user's behavior, performing repetitive tasks much faster than human users could.
Good bots - bots which are useful to businesses they interact with, e.g. search engine bots like Googlebot, Bingbot or bots that operate on social media platforms like Facebook Bot.
Bad bots - bots which are designed to perform malicious actions, ultimately hurting businesses, e.g. credential stuffing bots, third-party scraping bots, spam bots and sneakerbots.
Bot Management - blocking Continue reading
Open Systems’ customers liked the Sentinel technology, but wanted the threat detection and...
With the Series A round, in addition to $6.5 million in seed funding, Orca plans to double its team...
Cisco debunked security myths; Nvidia bought Cumulus; and T-Mobile claimed 5 standalone 5G firsts.
Complexities were abundant and corralling vendors for a virtualized, cloud-native, open radio...
Cisco’s latest security report, based on a survey of almost 500 SMBs, aims to debunk myths about...
AT&T selected Stankey as its new CEO; Google to slow hiring; Cisco vowed no job cuts; plus the...
Palo Alto networks purchased CloudGenix at the end of March for $420 million in a bid to bolster...
While Cisco says it is not aware of any malicious use of the vulnerability, with 20,000 customers...
“My advice to companies right now is to really think about what will happen next,” said...
Meanwhile the company only increased its virtual private network capacity 1.5 times to support all...
This blog will provide insights to help you on your journey by exploring key considerations...
The expansion will allow users to manage OpenShift clusters running on Azure or on...
Google eyeing a D2iQ purchase | Dell, Pluribus tackled video security; and AWS narrowly...
“As a result of COVID-19, we’re getting a glimpse of what the future for the internet is...
The new Azure confidential computing service allows companies to process data in hardware-based...
According to the vendor's latest annual survey, 37% of respondents named complexity as their No. 1...
The technology is designed to translate information from packet headers, out of band information,...
I have a Disney+ account. I have kids and I like Star Wars, so it made sense. I got it all set up the day it came out and started binge watching the Mandalorian. However, in my haste to get things up and running I reused an old password instead of practicing good hygiene. As the titular character might scold me, “This is not the way.” I didn’t think anything about it until I got a notification that someone from New Jersey logged into my account.
I panicked and reset my password like a good security person should have done in the first place. I waited for the usual complaints that people had been logged out of the app and prepared to log everyone in again and figure out how to remove my New Jersey interloper. Imagine my surprise when no one came to ask me to turn Phineas and Ferb back on. Imagine my further surprise when I looked in the app and on the Disney+ website and couldn’t find a way to see which devices were logged in to this account. Nor could I find a way to disconnect a rogue device as I could with Netflix Continue reading