New solution prevents bots from accessing API servers
Bots are often the culprits behind web scraping, brute force attacks, online fraud, account hijacking, data theft, and more. Often these attacks are made through the API servers that power public-facing websites and mobile applications.
A new solution from bot detection specialist Distil Networks is aimed at protecting these servers by determining whether a human is using a verified browser or mobile device to gain access.
Capabilities of Bot Defense for Mobile App APIs include what is called 'Hi-Def Fingerprint' identification, based on over 200 unique markers present in the OS and browser (things like plugins, screen, interface, fonts, WebGL, audio and video). API requests that lack a valid fingerprint are blocked.
It also checks against Distil's known violator reputation list, and uses machine learning to identify behavioral anomalies specific to a site’s unique patterns, as well as bad bot behavior across all protected sites.
There's a mobile SDK to place bot mitigation directly into mobile apps, and emulation detection which prevents API access from mobile device emulators and testing systems that mimic human users. Reverse engineering detection stops debugging software from tampering with the SDK.
"While usage of API's to drive web and mobile apps is exploding, the security of those APIs remains a grave concern, with 21 percent of APIs going live without any input from security professionals," says Rami Essaid, CEO and co-founder of Distil Networks. "Distil believes that the benefits of APIs shouldn't come at the expense of security, which is why we have released Bot Defense for API and Mobile Apps. Now, the API server that powers your website or mobile app is also protected against advanced persistent bots."
More information is available on the Distil website.
Image Credit: totallyPic.com / Shutterstock