Bot Defense Overview
Bot Defense protects your applications from automated attacks by identifying and mitigating malicious bots that target specific application endpoints. Bots are software programs that run automated tasks. Malicious bots cause harm through means such as:
- Credential stuffing
- Fake account creation
- Scraping
- Unauthorized selling, for example, sneaker bots (Requires Bot Defense Advanced)
- Stolen credit card number validation
- Gift card cracking
- Other automated threats identified by OWASP
For more information about the types of attacks that Bot Defense protects against, see Types of Attacks.
Bot activity accounts for about 50% of all internet traffic, and can negatively impact your users, your data and revenue for your organization.
Bot Defense uses JavaScript to collect telemetry from client browsers and uses a native Mobile SDK to collect telemetry from mobile devices. This telemetry is then attached in the form of HTTP headers or included in the POST body to the protected requests. The Bot Defense service examines the telemetry collected from requests before they are permitted to reach your application. You can configure Bot Defense to monitor automated traffic or to prevent automated traffic from reaching your application by blocking or redirecting the traffic.
Bot Defense provides integrated dashboard and reporting functionality to view detailed information about all analyzed traffic. For example, use the Bot Defense Dashboard to view and filter traffic and transaction statistics. You can also see which traffic is malicious and how that traffic was mitigated.
Figure: Bot Defense Dashboard
Configure Automated Threat Summaries to deliver insights to you automatically each month, while additional dashboards provide you with instant, detailed access to analysis of your data.
Figure: Automated Threat Summaries
Bot Defense is available in both Standard and Advanced versions.
Feature | Standard | Advanced |
---|---|---|
Mitigates advanced bots targeting your applications. | X | X |
Protects against OWASP automated threats. | X | X |
Uses sophisticated code obfuscation to prevent adversaries from reverse engineering and tampering with signal collection. | X | X |
Includes an SDK for securing mobile endpoints, with a no-code SDK integration option available. | X | X |
Offers pre-built connectors for many CDNs. | X | |
Aligned Technical Account Manager and Solutions Architect dedicated to guiding projects to completion, regardless of the complexity of the infrastructure. | X | |
Offers customized bot detection rules and signal collection to optimize efficacy and meet your business needs. | X | |
Enables addition of mobile endpoints to the protection on the fly without requiring a mobile app release. | X | |
Dedicated security specialists analyze attack traffic to develop targeted mitigation strategies. | X | |
Includes periodic threat briefings, where threat intelligence experts share industry insights and delve into attack vectors observed in your traffic. | X | |
Supports up to 500,000 transactions per day with additional capacity available at tiered pricing. | X | |
Supports up to one million transactions per day with additional capacity available at tiered pricing. | X |
Bot Defense Standard
Bot Defense Standard is natively integrated in F5 Distributed Cloud Console. If your applications already route traffic through an HTTP load balancer configured with F5 Distributed Cloud, this integration allows you to configure the Bot Defense service through your HTTP load balancer configuration.
Bot Defense Standard is also integrated with BIG-IP. You can configure Bot Defense natively in BIG-IP 17.0 or later. For BIG-IP versions 14.0-16.0, you can download a BIG-IP iApp template to configure Bot Defense.
Bot Defense Standard also provides prebuilt integrations with the following platforms:
For applications that do not have a prebuilt integration with Bot Defense, you can configure a custom integration.
Figure: Bot Defense Overview
To plan your Bot Defense Standard deployment, see Plan Your Bot Defense Standard Deployment.
Bot Defense Advanced
F5 Managed Services technical account managers and solution architects partner with your team to deploy and maintain Bot Defense Advanced, ensuring that all features of your apps are protected from bots with maximum efficacy and performance. This dedicated team of experts dynamically monitors traffic and makes updates to your policies in real time.
Important: Bot Defense Advanced Self-Service Policy Management is a beta feature.
Bot Defense is integrated with the F5 Distributed Cloud, which allows you to manage configurations on the Distributed Cloud Console or with APIs. You can use Bot Defense Advanced Self-Service Policy Management in the Distributed Cloud Console to perform the following tasks:
- Configure and deploy Bot Endpoint Policies, Bot Allowlist Policies, and Bot Network Policies.
- View bot policy status
- View details and status of your provisioned bot infrastructure. Your bot infrastructures view contains all of your bot inference engines that process telemetry to determine if a request is human or automation.
Bot Defense Advanced can be deployed inline or in API mode. In inline mode, traffic is proxied to Bot Defense Advanced where it is transparently evaluated to determine if traffic is human or automated. For human traffic, Bot Defense adds a custom HTTP request header to the request and allows the traffic to continue to the origin. For automated traffic (bots), Bot Defense applies the configured mitigation action and can block or redirect the traffic.
Note: To deploy Bot Defense Advanced in API mode, contact your F5 Operations team.
Figure: Bot Defense Advanced Traffic Routing
To plan your Bot Defense Advanced deployment, see Get Started with Bot Defense Advanced.