Instart Bot Management

Protect your web apps against advanced bots

Instart Bot Management analyzes bot intent and blocks attacks by bad bots to prevent fraud and protect your brand.

Detailed fingerprinting to differentiate bots from humans

Instart Bot Management takes a unique approach to defeat sophisticated bot attacks like credential stuffing and inventory holding, by collecting signals across both the client and server to validate users and browsers. This coordination allows Bot Management to develop low-level fingerprints about the environment, browser, user input, and more to differentiate humans from even the most sophisticated bots. The result is unmatched defense against extremely human-looking bot attacks.

Use cases

Credential stuffing attacks

Credential stuffing attacks are automated attempts to gain access to accounts by repeatedly trying stolen credentials over and over again until access is gained. Once inside, attackers can steal personal information, make fraudulent purchases, or compromise other systems. Instart Bot Management provides protection against credential stuffing attacks by collecting and understanding the signals associated with the automated attempted logins. If repeated attempts are seen from automated environments, Bot Management can prevent them from accessing the log-in or sign-in page.

Inventory holding attacks

Inventory holding attacks occur when automated bots add a product to a shopping cart without actually purchasing the item, otherwise known as inventory holding. These attacks are used to prevent real customers from buying inventory, or give attackers time to scalp the inventory on other sites. Instart Bot Management prevents inventory holding attacks by detecting the signals associated with automated bot attacks and comparing them to signals of real human checkout behavior. Once detected, this automated bots can be blocked from accessing pages where they are attempting to hold inventory, like a shopping cart page or checkout page.

Bot DDoS attacks

Bot DDoS attacks are generally high volume, automated attacks that target high-value payloads on websites in an attempt to take down a service by overloading constrained backend resources. These might be specific requests for product search, inventory check, or anything dynamic that needs to be generated on the origin. Since these are valid requests on your website, they are not stopped by traditional WAF or DDoS methods. Instart Bot Management is able to detect the automated environments where these attacks are running and prevent access to these dynamic resources by blocking traffic at the edge.

Gift card fraud

Gift card fraud is very similar to credential stuffing, except that automated attempts are made to guess or crack gift cards, rather than trying stolen sets of credentials over and over again. Attackers will attempt to crack gift card numbers by trying random numbers against the website form used to check the balance of a card. Bot Management is able to detect the synthetic environments used by attackers to automate these attacks and prevent them from accessing the validation service. Instart can also silently flag these requests as they are sent to your origin so you can respond back rather than directly blocking traffic.

See how cloud-based security and performance services will benefit your web apps