In a world where malicious robots roam the Internet like hungry lions in search of vulnerable applications to eat, application owners are forced to make difficult choices between streamlined, easy-to-use workflows and the need to disrupt the user experience with robot protection methods such as CAPTCHA. We are all tired of users having to do the extra work of filling in and sending out web forms. Who has time for that? However, malicious bots can cause real pain and damage to countless organizations, especially as attacks to replenish accounts and hijack accounts become increasingly sophisticated.
This reality makes it even more important to distinguish between real users and the hordes of robots constantly trying to penetrate the application. Unfortunately, this goal usually gets dirty in the front line. The CAPTCHA offers a way to distinguish robots from humans, but brings many problems with it. It creates friction with the real users and makes them bear all the responsibility for proving that they deserve to use the application or website. And since robots have become smarter, CAPTCHA is more difficult to solve for both robots and people, which requires more effort from the customer (CES), which reduces customer satisfaction (CSAT) and the user may eventually give up the application.
ThreatX offers companies a much more efficient and user-friendly approach to robot management. It extends the protection and tracking to the entire history of the visit, rather than just focusing on the pages of the form. It also uses a combination of the best detection techniques, including behavioural analysis, fingerprinting techniques, transparent interrogation techniques and various other factors that contribute to a common understanding of the risk for the visitor. It can also work with the CAPTCHA, transforming it from a blunt instrument used by all users into a surgical instrument that only uses part of the margins that can benefit from it. Let’s take a good look.
CAPTCHA armaments race
The CAPTCHA has existed for so long that it is easy to forget that it is an acronym. And in this age of technical acronyms, CAPTCHA is as scary as it sounds: Cubiquitous APubiquitous Thives test to say Cmputers and Humans Apart. However, this abbreviation reminds us that the CAPTCHA is a Turing test (technically a reverse Turing test) that distinguishes a person from artificial intelligence.
However, CAPTCHA, reCAPTCHA and its derivatives are less of an impediment to AI than a measure of its progress. As soon as CAPTCHA was introduced, the developers started creating programs and information to resolve them automatically. In mid-2010 AI was able to solve the CAPTCHA with an accuracy of 90-99%. And the smarter the machines got, the more difficult the tests became for the people. Instead of typing a few characters, users had to follow a few steps: click on the button, solve the puzzle, select all the pictures that contain the school bus, etc.
The biggest problem is that as AI gets smarter, people will have to do more to prove themselves. And although the robots never get tired, the customers do. ThreatX introduces a new technology that makes it possible to separate robots from people in a completely transparent way. And although the CAPTCHA can still play an important role, you can significantly reduce the number of attacks on your visitors by using ThreatX.
See the long tail of the risk
ThreatX offers a variety of diagnostic and detection capabilities to combat malicious robots and automation. Application behaviour analysis, intrusion analysis and profiling, active polling, CIOs, traditional signatures, etc. all contribute to a common real-time understanding of the risks.
However, it is equally important that this collection of methods works continuously in period. ThreatX’s algorithms allow you to take fingerprints and track the behavior and interaction of an object across multiple pages, sessions and visits. And this is very important when it comes to CAPTCHA and bots. CAPTCHAs are spot-checks that are most often used for login pages and forms. For example, the sun usually rises and sets on the form sheet, and there is no other context from which to work. The bot appears on the form page, and it’s a duel between two pieces of code to see which one is the smartest on a given day.
ThreatX can fundamentally change these dynamics. Because the fingerprints of each entity are taken and continuously analyzed for 90 days, ThreatX is much more contextual and generally determines whether the visitor is a robot or a person before it reaches its shape. The CAPTCHA can always be used when needed, but more exceptionally than usual, the total CAPTCHA usage can quickly be reduced by 90% or more. This reduction removes barriers for users and ultimately leads to an increase in WSIBs.
Transparent research
After all, the CAPTCHA is the interrogation of a user to prove that he is indeed a human being. ThreatX plays an important role by interrogating the visitor in a way that is completely transparent to humans, but that can detect the presence of robots. For example, ThreatX uses TLS fingerprints and can provide visitors with code such as Javascript to check if a real web browser works. Robots, headless browsers and various automated frameworks will have unique responses to these types of tests that can easily distinguish them from real human visitors.
These methods are, of course, constantly evolving in response to the situation of robots and automation, and they form an essential part of the overall risk picture. When other, more passive detection methods are not convincing on their own, the interrogation allows ThreatX to proactively find an answer. And by offering aggressive testing for robots, ThreatX reduces the need to re-test people.
Turning the CAPTCHA into a surgical instrument
The war between robots and applications certainly shows no signs of slowing down, and both sides will of course continue to evolve. In this battle, there are things that organizations can do to put material pressure on robots instead of users. Each application will of course be unique, and the CAPTCHA can always play a real role, depending on the specific needs and threats of the application. A unified approach from AppSec can help organizations ensure that CAPTCHA is the latest surgical tool and enables organizations to make that magical combination: protecting their users and applications and increasing user satisfaction.
If you would like to see a demonstration or learn more about the ThreatX solution, please contact the team at [email protected]
Related Tags:
csgo friendly fire command crosshair,csgo turn off team damage kick,friendly fire off means,csgo kill teammates,csgo enable tk,csgo friendly fire in casual,second gulf war,operation desert storm summary,why did iraq invade kuwait in 1990,desert storm casualties list,gulf war timeline,gulf war atrocities,friendly fire statistics,friendly fire pat tillman,tarnak farm incident,friendly fire podcast wiki,american a-10s attacking british convoy,gus kohntopp
