Unified threat intelligence for bot management

Instart Bot Management enables you to confidently detect and block bot attacks based on the data collected from our customers, third-party feeds, and our network of honeypots.

Stop attacks before you even know about them

Instart Threat Intelligence works to increase the confidence of all Instart Bot Management rules to ensure only real bot attacks are being blocked or rate limited. Threat Intelligence leverages internal and external data feeds as well as security experts to understand what bot signatures are needed to confidently block attacks. Third-party attack data and honeypot intelligence are correlated against attack data collected from all Instart customers such as user agent, cookies, headers, geolocation, and more. This combined data set greatly reduces false positives and increases the detection capability of Bot Management. Threat Intelligence ensures new, sophisticated bot attacks are detected and stopped before they can impact your business.

Cross-customer intelligence

Instart protects thousands of web apps across the entire globe, enabling our team to understand the types of bot attacks that websecurity must be able to protect against today. Intelligence is collected from every Instart customer's security signals and combined with industry, location, and more to build a deeper understanding of the automated bot threats our customers are facing, or might face soon.

Third-party operational security intelligence

In addition to the intelligence that Instart collects, Threat Intelligence also leverages signals from third-party data feeds in order to increase the depth and breadth of our analysis. Signatures for niche attacks, zero-days, and industry-specific attacks are layered into our proprietary signals to give us full confidence in our attack detection capabilities.


Threat Intelligence deploys a massive network of honeypots across the web to enable Instart to collect bot attack signatures from automated, high-volume attacks that crawl the public internet looking for web apps. The data collected from these Instart honeypots reduces false positives.

Attack signature correlation

All of the data feeds from Threat Intelligence are combined into a central warehouse, scored, and then correlated to inform custom security rules that are deployed by Managed Security Services to protect every Instart customer against new threats as they appear. This correlation ensures that attacks are stopped as soon as possible, even before your web app is targeted.

See how cloud-based security and performance services will benefit your web apps