New Data from Distil Networks and Online Trust Alliance Reveals 97 Percent of Top Websites Lack Protection from Advanced Bots

Research Highlights Bot Defense Performance Across 1,000 Top Websites in Consumer Services, Financial, Government, News and Media and Retail Sectors

San Francisco, CADistil Networks, Inc., the global leader in bot detection and mitigation, announced the findings of a new study that evaluated how top websites performed when attacked by advanced, evasive, simple and crude bots. This data was revealed today as one criterial component of the Online Trust Alliance’s (OTA) Online Trust Audit. Now in its 8th year, the Audit and Honor Roll recognizes excellence in the adoption of best practices in consumer protection, security and responsible privacy practices. The audit evaluated the top websites in retail, financial services, consumer services, OTA members, news and media, and top U.S. government agencies. The data revealed a record 50 percent of sites have qualified for the Honor Roll, up from 30 percent just two years ago. At the same time, the audit identified concerning gaps in site security and data privacy practices.

Bots are used by competitors, hackers and fraudsters and are the key culprits behind web scraping, brute force attacks, competitive data mining, online fraud, account hijacking, data theft, unauthorized vulnerability scans, spam, man-in-the-middle attacks, digital ad fraud, and downtime. Bots vary in volume and sophistication, but all place an increasing burden on IT security and web infrastructure teams across the globe and wreak havoc across online operations big and small.

Advertisement

“Bots, especially Advanced Persistent Bots (APBs) are evolving in sophistication because of their polymorphic nature and quick deployment to access sensitive information and reap monetary benefits. Our 2016 Bad Bot Landscape Report found over 88 percent of all bad bot traffic last year was made up of APBs – bots that mimic human behavior,” said Rami Essaid, CEO and co-founder of Distil Networks. “OTA’s Trust Audit continues to set the bar for best practices, including evaluation of bot risk. We support OTA’s efforts to promote best practices in the industry and are troubled to find that most companies are failing to keep their defenses up to the sophistication level of today’s advanced and evasive bots. This is concerning, as bots can easily paralyze website infrastructure, pirate entire online directories and destroy a company’s competitive advantage.”

“The 2016 Online Trust Audit revealed record levels of sites qualifying for the Honor Roll, yet we are seeing increased threats which underscores the importance of taking a comprehensive view of sites’ security,” said Craig Spiezle, executive director of Online Trust Alliance. “A site is only as strong as its weakest link. Left unchecked, bad bots threaten the resilience and trust of the internet.”

Distil Networks tested each of the 1,000 websites included in the Online Trust Audit on their ability to defend against bot attacks of different sophistication levels. These included:

  • Browser automation bots (Advanced bots)
  • Hidden legitimate browser bots (Evasive bots)
  • Bots lacking well-formed web browsers (Simple bots)
  • Those bots acting as bots (Crude bots)

Detection rates by vertical

Vertical Crude Simple Evasive Advanced
Consumer Services 75 percent 18 percent 4 percent 1 percent
Government 70 percent 7 percent 0 percent 0 percent
Financial Services 65 percent 12 percent 0 percent 0 percent
News and Media 64 percent 7 percent .09 percent .09 percent
Retailers 78 percent 11 percent 1.6 percent .08 percent
Members 67 percent 13 percent 1 percent 1 percent

Additional Resources

About Distil Networks

Distil Networks, the global leader in bot detection and mitigation, is the first easy and accurate way to identify and police malicious website traffic, blocking 99.9% of bad bots without impacting legitimate users. Distil protects against web scraping, brute force attacks, competitive data mining, online fraud, account hijacking, unauthorized vulnerability scans, spam, man-in-the-middle attacks, digital ad fraud, and downtime. Slash the high tax that bots place on your internal teams and web infrastructure and make your online applications more secure with API security, real-time threat intelligence, a 24/7 security operations center, and complete visibility and control over human, good bot, and bad bot traffic. For more information on Distil Networks, visit us at www.distilnetworks.com or follow @DISTIL on Twitter.