Bot management isn’t about managing your array of bots; it is about blocking attacks from bots. A “bot” is a front for hackers. Rather than launching an attack from their assets, exposing their IP addresses and locations, hackers infect other computers and use those to launch attacks. Those infected computers are called bots. They are also known as zombie devices. The collection of devices that a hacker controls is called a botnet.
Here is our list of the six best bot management systems:
- Cloudflare Bot Manager EDITOR’S CHOICE A protection system for Web assets that can fine-tune responses to different types of bot by analyzing their functions. A Cloudflare subscription includes a proxy service that filters out DDoS attacks and other bad actors. This is a cloud-based service.
- DataDome This SaaS service assesses incoming requests and blocks them when it detects bot activity. This service acts as a gateway and will also operate as a Web application firewall. In addition, it blocks hacker attempts as bot-based automated attacks.
- Radware Bot Manager This protection service for Web applications, mobile devices, and APIs, operates as a plug-in or an API and assesses connection requests for validity. This is a cloud platform.
- SpamTitan This cloud-based system is an edge service that filters out malware, phishing links, and spam email in general. It also scans outgoing emails to prevent data disclosure.
- Zerospam A cloud-based edge service that receives all incoming mail for a business and filters it for signs of phishing or malware. This system will also monitor outgoing mail.
- Maliwasher An on-premises email previewer that intercepts mail between the server and the client. This package installs on Windows and is compatible with all of the major email clients.
A botnet is used to implement distributed denial of service (DDoS) attacks. A DDoS attack requires many computers. It is an act of overwhelming a Web server’s ability to process connection requests. When a server receives more requests than it can handle, it creates a queue and intends to get to those requests.
The connection requests sent by a botnet are malformed and will never lead to an actual connection. However, even those failed attempts take up Web server time and fill up queues. The browsers of Web surfers hoping to visit a site will only wait so long before timing out. This means that a DDoS attack effectively removes access to a site, making it no longer operational.
Although a DDoS attack might last only for a short time, the long-term effects can be very damaging. For example, a website that is uncontactable seems to be defunct. Anyone trying to access the site while under attack will go elsewhere, so that site has lost a potential customer, benefiting its rivals. A place sent offline also suffers reputational damage – a visitor finding a location is inaccessible will assume the business has shut down forever.
Bots are also used for email scams. Remember, an essential survival strategy of fraudsters is to be untraceable. There are two ways that a hacker can hide a valid location. One is to spoof the source address of an email. However, an analyst can still trace the IP address of the mail’s origin. So sending that fake email out from a bot computer hides the actual IP address of the hacker.
Spamhaus maintains a trace of bots used for email fraud, which is called “spam-bots.” India is currently at the top of that is with 726,984 live bots. China is in the second position with 686,023 bots, and the USA is in third place with 440,726 bots.
Although the Spamhaus system records the location of the bots, that is no indication of the location of the con artists that use those conduits to send emails. According to Statista, 306.4 billion emails are sent worldwide, and around half of those are spam. As all spam emails are issued from bots, these infected computers send approximately 153 billion emails per day.
A typical person will ask why doesn’t someone trace the sources of these fake connection requests and spam emails and shut down those computers? The answer is that botnets are constantly moving targets. The owners of those bot computers are not criminals; they are innocent victims. Of course, if more people installed proper software to prevent infections or block communication from the bot system to and command and control (C&C) server, the problem of bots should reduce. However, hackers are alive to that threat and now use IoT devices, such as intelligent domestic devices connected to the internet. Businesses that sell these devices are now also becoming aware of the need for more robust security.
Bots have been around for a long time, and they will likely be a threat for many years to come. Unfortunately, the only way to combat bots is to block them. The bot management sector is another name for bot blockers. Usually, these systems are implemented as a service rather than a software package.
As the attacks of bots are sent across the internet, the best services that block bot traffic are also based on the internet. So, when you are looking for a solution to the problems created by botnets, you are looking for bot management platforms.
Bot management systems that block DDoS attacks operate by absorbing large amounts of traffic. They immediately detect genuine traffic and forward that on to the customer. Most free spam bot management systems work on global blacklists.
Spam emails tend to use generated source addresses, and the combinations that they use can be spotted. Unfortunately, some spam filters also record the IP addresses of the senders and block those – which inconveniences the owners of the infected computers. More complex spam filters scan each email for keywords in the content.
The best bot management systems
DDoS bot management systems and email bot management systems called spam filters operate in different ways. Any business will need both types of bot management services.
What should you look for in a bot management system?
We reviewed the market for bot management tools and analyzed the options based on the following criteria:
- A system that operates as a proxy and channels all of your inbound traffic
- A reliable service that you can trust to hold the IP addresses of your business
- A rapid service that can forward genuine traffic to your Web servers
- Load balancing services
- A spam filter that won’t be over-zealous and block genuine customer emails
- A free system or a free trial for a no-cost assessment
- A seamless service that does not cause service disruptions and offers value for money
With these selection criteria in mind, we have some very reliable DDoS blockers and spam filters.
You can read more about each of these options in the following sections.
Cloudflare offers a range of proxy-based edge services to protect Web assets. The service assumes your website’s IP address, and you then get a secret address for your site. Effectively, from that point, anyone going to your site gets sent to Cloudflare instead by the DNS service. Finally, the Cloudflare system connects back to your Web server through a secure VPN connection.
The Cloudflare service first made its name with its DDoS protection service. This is the primary bot management service that you get with this package. The Cloudflare system has enormous capacity and just absorbs all of the fake connection requests that botnets throw at it. Thus, the system never gets overwhelmed.
While Cloudflare takes on all malicious traffic, it lets through all genuine connection requests to your Web server. Traffic doesn’t always go to your host because Cloudflare also includes a content delivery network. It takes a copy of your entire site and stores it on servers located strategically around the globe. This enables your site to transfer to faraway browsers much faster.
As well as blocking DDoS bots, the Cloudflare system can spot spam email, inventory hoarding, content scraping, and credentials stuffing bots. Cloudflare is available in four plans, and the first of these is Free. The other three offer more traffic throughput capacity and extra features, such as a Web application firewall, a failover service, image optimization, and transfer speed enhancement.
- Outstanding service even in the Free package
- Sufficient capacity to block all DDoS attacks
- Identification and blocking of spam email
- A detection system that blocks a range of business threats
- A content delivery network (CDN)
- Can sometimes delay access to your site
Cloudflare Bot Management is our top pick for a bot management service because it is delivered by a leading provider that offers DDoS protection, among other benefits. The first plan from Cloudflare is free, including up to 90 Tbps capacity for DDoS protection. Other services in this plan include a content delivery network to speed up your Web page transfers and a free SSL certificate.
Get started for free: cloudflare.com/plans/free/
Operating system: Cloud-based
DataDome is a Web application firewall that works as an advisory service rather than as a proxy. This system examines each incoming transaction and uses AI processes to decide whether the request should be served. In addition, it detects hacker activity as well as automated botnet attacks.
The DataDome system constantly analyzes traffic for all of its clients, and so spots sources that are contacting many different destinations, indicating bot activity. Whenever new attack strategies are detected, the traffic assessment algorithms used by the traffic manager are updated automatically. As it is a hosted service, all software updates are applied centrally and immediately serve all clients.
The bot systems that this tool can detect include scaping, account takeover, and click fraud, as well as DDoS attacks. It can protect mobile apps as well as websites. The system is hosted and is implemented by loading in a plug-in.
- Detection and blocks for malicious bot activity
- Processes to identify hacker actions
- Full logging and all detected bot-related events
- Doesn’t filter out fake transactions before they get to your server
The DataDome system is offered in three plans: Starter, Business, and Corporate. The difference between these plans lies in the throughput capacity and data retention offered. You can get any of these plans on a 30-day free trial.
Radware Bot Manager is a cloud service that assesses incoming connection requests and identifies malicious bot traffic. The service simply gives the Web server an accept or reject message for each incoming connection request.
The Radware system monitors activity on a site to work out what constitutes a valid transaction. It also offers the option of sending back fake data to confound bots. The service also provides a reCAPTCHA challenge for Web visitors to filter out automated bot traffic easily.
Radware hosts the service, and you access it by loading a plug-in into your Web server or cloud platform. It is also available through an API that you can call from a custom process. Another deployment option is to set it up as a virtual appliance that will filter all of your incoming traffic.
- Adaptable behavior tracking
- Traffic assessment to identify bots
- The options to sends back fake data to confound bots
- It would be nice to have a complete independent front-end for the service.
Radware also offers a Web application firewall, and the Bot Manager can be taken as an additional service integrated into that product. Radware Bot Manager is available on a 15-day free trial.
SpamTitan is a gateway service that acts as a channel for both incoming and outgoing emails. It works as both a firewall and a reverse firewall, controlling the contents of emails that it processes.
This service scans contents for malicious activity, such as damaging links or specific keywords, when dealing with incoming mail. Emails are also blocked according to a universal blacklist that the owner of SpamTitan, TitanHQ, maintains for all of its customers.
Incoming mail can be sandboxed to prevent infection from attachments, and it is also possible to block emails that contain specific texts. In addition, the system uses behavior analytics to prevent false-positive detection from hampering regular business activity.
- Integrates with Office 365
- Includes data loss prevention
- Uses AI methods to analyze regular email activity
- Can slow down email management
Outgoing mail can be scanned as part of a data loss prevention strategy. It asses the destination addresses of both incoming and outgoing emails to spot address spoofing. SpamTitan is available for a free trial.
Zerospam, from HornetSecurity, is an email manager that is offered as an edge service. All of your incoming and outgoing email traffic is channeled through the Zerospam system for inspection. The cloud service can also substitute for your cloud server if it goes offline. In addition, this system blocks bot activity such as DDoS attacks and spam email campaigns.
Incoming emails are scanned for contents with the bot blocker looking for specific text patterns, phishing links, and infected attachments. Outgoing emails are scanned to prevent data theft. The service can also impose encryption on outgoing emails to protect sensitive data in transit.
- Easy to implement as an edge service
- Uses behavior analytics to reduce false-positive detection
- Can block data loss
- The interface makes the system a little difficult to manage
You can assess Zerospam on a 30-day free trial.
Mailwasher operates as a companion to email clients. It will work with Outlook, Outlook Express, Incredimail, Thunderbird, Windows Live Mail, Gmail, Hotmail, EM Client, and Yahoo. The client version needs to be installed on each computer that accesses email. There is also a server version that will pre-filter all email traffic before it reaches each endpoint.
There are three editions of Mailwasher. The Mailwasher Free and Mailwasher Pro versions work with the email client and install on Windows. The Mailwasher Server edition accepts all emails coming through your email server, and that version is available for Windows and Linux.
The server version is more comprehensive and removes extra processing from being needed on endpoints. Whichever version you go for, Mailwasher can spot spam bot emails and scan for specified test strings. The service will also build up its email address blacklist.
- Offer administrators or individuals the opportunity to control email policies
- Has a mobile companion for use in conjunction with Mailwasher Pro
- Includes a preview option to see emails before they touch the endpoint
- The last update was in November 2018