7. Dezember 2018 - Preventing automated abuse of data

Bot managers: recognising dangerous attackers on the internet


When access details are stolen and misused, it is not necessarily human attackers that are the perpetrators: bots can access user data automatically, and then abuse them. Protective measures against such bots should be able to distinguish between authorised users and malicious bots. There are intelligent solutions available to help with this, known as “bot managers”.

Bot-Manager können Mensch und Maschine unterscheiden Bots can be distinguished from humans because they interact differently with apps. The pattern that humans leave when using apps is much less “linear” (image: Akamai)

Bot managers as part of online data security

Bot managers are special protective solutions used to prevent bot attacks. Reliable detection of malicious bots requires that the bot manager

  • is able to differentiate between access by a human and by a bot,
  • has a database that lists harmless bots (such as those used by search engines), and
  • supports every form of possible access to the online service, i.e. access via a mobile browser or an app as well as through a desktop browser.

One example of a bot manager is the Akamai Bot Manager. This solution uses things like bot reputation, browser fingerprinting, automatic browser detection and a database comprising over 1,400 known bots.

In order to be able to distinguish between humans, harmless bots and malicious bots, the solution analyses anomalies in behaviour, detects device anomalies and works with technologies involving machine learning with algorithms to identify previously unknown bots.

User companies can set their own guidelines for allowing or blocking identified bots.

In order to be able to detect human behaviour as compared with the automated behaviour of a bot, the bot manager analyses information such as

  • how a user holds his mobile device,
  • how he uses the touchscreen when using the app,
  • how he operates the keyboard,
  • how he uses the computer’s mouse, etc.

It is not about identifying individual users, but about classifying the behaviour as human or automated.

If the bot manager identifies a bot from its behaviour, it then checks whether it is a known, harmless bot or not.

Bot attacks on online shops

When you hear terms such as “botnet”, you generally think of spam attacks or distributed denial-of-service (DDoS) attacks on websites.

The term “botnet” means a group of captured IT devices that criminals are controlling remotely and using to criminal ends, for example to mass-send spam e-mails or mass-access an online shop to slow it down and paralyse it.

Such attacks are a risk to the availability and resilience of IT systems and IT services. As the General Data Protection Regulation (GDPR) shows in Article 32 (Security of processing), companies must implement measures to protect themselves from such risks.

With this in mind, botnets are a matter of data protection.

Bots dominate the internet

However, there are further reasons why companies must arm themselves against malicious bots for the sake of data protection: the internet is now full of bots – or web robots. Around half of worldwide internet traffic is generated by bots, which perform tasks automatically.

These can be both good and bad tasks: bots can automatically misuse access details and confidential data such as credit card information, making online purchases at the cost of the victim using their stolen identity.

Bots may also pretend to be real users and buy up an entire stock so that the products can then be sold on the black market.

Online services must be able to identify differences upon access

The prevention of bots should, of course, not lead to the blockage of genuine customer transactions.

Equally, unlike malicious bots, a company often has to allow good bots, such as those used by search engines (e.g. Googlebot) to find websites.

This requires protective measures that carefully classify access to online services. These identify whether it is a human user or the bot of a search engine, or whether it is a botnet aimed at attacking the online service.

Solutions such as the aforementioned bot managers are helpful in this regard.

Detecting human use, not individual users

However, for the purposes of data protection it is important that the bot management does not identify the user. Instead, it should focus on the difference between man and machine, in order to identify and prevent attacks and abuse of data.

Oliver Schonschek
Oliver Schonschek holds a degree in physics and is an analyst and special journalist in the fields of IT security and data protection.