Case Study

Top Five Global Retailer Defends Against Bad Bots

Download Case Study

Company

This Fortune 50 company is one of the five largest retailers in the world, with multiple large brands and thousands of physical stores globally. The total number of monthly visitors to the company’s websites and its mobile applications eclipses 400 million. The number of individual page and mobile application requests is more than 2 billion per month.

Challenge

As a leading global retail brand with multiple brand properties, the retailer found itself under constant attack from malicious bots and sophisticated botnets. The unpredictable and ever-changing attacks often came from tens of thousands of IP addresses and thousands of virtual and physical machines or browsers across the globe.

Previously, the retailer had used a solution that generated too many false positives, which prevented real customers from shopping. To make matters worse, the previous solution was tied to a specific content delivery network (CDN) and could only be deployed over a specific infrastructure. This prevented the retailer from creating a resilient and diversified CDN infrastructure. The CDN product provided basic filtering capabilities and effectively stopped volumetric attacks like DDoS, but fell short when it came to stopping sophisticated bots targeting business logic.

The retailer then attempted to use in-house tools to tackle the bot problem. As the scope and diversity of advanced bot attacks grew, this became too expensive, time-consuming and technically challenging.

Solution

The retailer’s e-commerce information security team selected Application Protection for several reasons:

Learn More
  • Simple sandbox testing: The retailer tested Application Protection in a sandbox before deploying live. This test process was simplified because Application Protection is easy to integrate and has simple configuration requirements. The solution works with any existing infrastructure, as well as website, CDN and middleware components.
  • Unparalleled accuracy: The retailer’s security team was impressed with the highly accurate and flexible nature of Application Protection’s detection and mitigation capabilities. The solution continually updates its pattern-matching algorithms based on all attacks experienced across the entire HUMAN network. This shared intelligence enables Application Protection to uniquely predict and proactively mitigate automated threats.
  • Gets smarter in real time: Application Protection’s machine learning capabilities also proved an important selling point. The retailer’s information security team wanted something that would future proof their business and catch entirely novel attacks. This was critical because botnet operators are constantly changing their approach.

RESULTS

Within a day of implementing Application Protection, the retailer experienced a major bot attack that targeted one of its largest brands. This was a sophisticated attack using bots that mimicked human user behaviors. Application Protection identified the anomalous behaviors, mapped the attack, and blocked the bots. Over the course of the attack, Application Protection maintained accuracy of over 99.996%, keeping false positives to the lowest level the retailer’s team had ever seen.

Based on this early success, the retailer deployed Application Protection to protect its brand websites and mobile apps, rolling it out in a phased approach. The company considers Application Protection to be a core part of their security and e-commerce solution stack and plans to utilize it on every brand property.

Connect with Us

to Learn More How HUMAN Can Mitigate Bad Bot Attacks for You

Related Resources

Solution Briefs

HUMAN Bot Defender Overview

DOWNLOAD NOW

Solution Briefs

Account Takeover Defense

DOWNLOAD NOW

Solution Briefs

Transaction Abuse Defense

DOWNLOAD NOW

Solution Briefs

HUMAN for Retail and E-commerce

DOWNLOAD NOW