Somewhere around half of all internet traffic is generated by bots, automated software and scripts that behave very much like real users. There are good bots, like search engine spiders and copyright bots seeking pirated IP. But the bots that keep CISOs up at night are the bad bots: highly sophisticated attackers that steal proprietary data, take over user accounts, and disrupt operations across industries as diverse as e-commerce, travel, hospitality, financial services, real estate, and media.
The bad bot problem isn’t going away. Practically every new data breach releases personal data that fuels future bot attacks. New approaches are needed to protect against them. And at the vanguard of bot defense is San Mateo-based PerimeterX, which has developed machine learning-powered behavioral analytics software that keeps enterprises one step ahead of the bot threat.
Today we’re pleased to announce our investment in the company’s Series C funding round.
The challenge of distinguishing bot from legitimate user
Detecting and deterring malicious bots is extremely difficult for companies operating high-traffic websites and mobile apps. There are four forces at work:
- The increasing sophistication of bots and botnets. Modern bots use malware to infect user devices, either by injecting malicious extensions into browsers or by creating browser sessions in hidden windows. From the perspective of a high-traffic website, legitimate traffic and attack bots look almost exactly the same.
- The increasing complexity of enterprise IT infrastructure. A modern enterprise with a public-facing website likely uses cloud services, APIs, and third-party integrations while managing countless device endpoints. Any of these points of vulnerability are subject to constant bot attack. The days of building a cyberdefense moat around on-prem servers are long past.
- Mistakes with bot defense create unhappy users. Bot detection software that generates false positives (where a legitimate user session is flagged as a bot) will negatively impact user experience. Think of a shopper on an e-commerce site who is forced to take additional steps to prove their identity. The competitor’s site is just a click away.
- Bot traffic is expensive. When around half of a website’s traffic is generated by bots, it follows that companies are spending far more on infrastructure costs than they need to. This points to an important secondary benefit for PerimeterX customers: they are introduced to the product as a security tool then discover ancillary benefits around reducing infrastructure costs and improving their product roadmaps through better analytics.
The stakes are very real for high-traffic websites. Bots can shut down sites for hours and days through distributed denial of service (DDoS) attacks. Bots can create fake users and take over legitimate accounts. They can spam on a massive scale. They can steal content and scrape prices.
How does an online business keep the doors open for customers without letting in the bad bots? PerimeterX made a simple yet powerful observation: while bad bots can pass as human users, they are not in fact real people, making it possible to identify the behavioral patterns that distinguish a person from a bot. It’s a major win for the good guys.
Machine learning that powers behavioral analytics
PerimeterX Bot Defender uses machine learning-based behavioral analytics to deliver the highest levels of detection, accuracy, and scalability. The technology “fingerprints” legitimate user behavior in order to more easily flag even the most sophisticated real-time bot attacks.
With a comprehensive set of integrations, PX Bot Defender allows a business to seamlessly deploy bot defense throughout its infrastructure, providing visibility and protection for websites, mobile apps, and APIs. The company’s technology can monitor web properties across multiple points of integration, including CDNs, load balancers, web servers, middleware, and serverless platforms. These integrations give PX Bot Defender additional data that lets its machine learning create a stronger security footprint across multiple points of access.
All of which means PerimeterX customers like Puma, Zillow, and Wix can rely on a virtual perimeter around their online infrastructure that shuts down bots without interrupting real users trying to do business.
Keeping online businesses two steps ahead of the bad bots
The PerimeterX leadership team has a deep bench of experience in cybersecurity. Before founding the company, CEO Omri Iluz and CTO Ido Safruti worked together at Cotendo, which was acquired by Akamai for $268 million in 2012. Other executives bring experience from senior roles at Verisign and Proofpoint.
PerimeterX offers the modern enterprise the freedom to deploy complex and heterogeneous infrastructure without being restricted by the needs of its security solution. PerimeterX can be deployed almost anywhere–in line with the growing trend of engineering as the buyer of infrastructure and security solutions. The freedom to choose the best bot security solution without limitation is a powerful differentiator for PX Bot Defender.
It’s estimated that there will be 20 billion internet-connected IoT devices by 2020, increasing the volume of devices that can be conscripted into botnets, aimed at commercial websites, and set loose. We’re excited to join PerimeterX on the journey to help companies defend against the bot threat.