Bot Detection and Mitigation
Bot Defense as Sophisticated and Adaptable as the Threat Itself
Enterprises are fighting an endless war against a constant barrage of automated attacks. Fraudsters, hackers, and competitors use bots to commit online fraud, break into customer accounts, and gain an unfair competitive advantage.
Distil Helps Stop Web Scraping for Red Label Vacations
Catch more bots without impacting the flow of your business-critical traffic
Protection Everywhere. Stop Bad Bot Threats at All Possible Access Points — Website, Mobile, and API
Don’t lock your front door while leaving your back door wide open. Unlike other vendors that only protect your website, Distil Networks also blocks bad bots from accessing the API servers behind your website and mobile app.
And you don’t have to be an expert to defend like one. Choose passive management, fine-tune your settings, or outsource your entire bot detection and mitigation program to Distil. Rest easy knowing you’ve got the expertise and knowledge of the industry pioneer and leader on your side.
Getting Started is as easy as 1, 2, 3…
Deploy Your Way
Monitor & Learn
Gain powerful insights into your traffic, analyze and correlate threats, and view machine learning recommendations.
Turn On Protection
Decide the level of protection you want, and apply it to a specific path, domain, or your entire account.
Insight and Control Over Abusive Traffic
Distil Networks gives you the most visibility and control over human, good bot, and bad bot traffic. With Distil, you automatically mitigate 100% of OWASP Automated Threats without imposing friction on legitimate users. Simply create a content protection setting, then apply it to a specific path, domain, or your entire account.
- Path-specific settings let you get more aggressive in protecting vulnerable pages, such as those used for account signup and login
- Block bad bot traffic from your website to obtain pure human user traffic that’s well-shaped and predictable
- Evaluate how your traffic will be affected when dialing up machine learning thresholds and device-based rate limits
- View threats by country, organization, and traps, then block devices, IPs, and/or competitors
- Choose your bot response – Record traffic to Distil and/or your own server logs, serve the CAPTCHA or unblock verification form (in any location or language), or drop the page request outright via an access denied page.
With Distil you’ll see fewer false positives and have the confidence to not just throttle malicious traffic, but to CAPTCHA or block bad bot traffic outright. And Distil is the only vendor that proves its accuracy claims with a false positive report showing CAPTCHAs served, attempted, and failed.
Advanced Browser Validation Detects Sophisticated Scrapers and Browser Automation Tools
Our deep understanding of browser automation frameworks and human behavior can even distinguish between browser automation tools and your legitimate users.
Machine Learning and Biometric Validation Identifies Malicious Behavior
As each device roams your website, Distil collects and analyzes data about its behavior, then pinpoints anomalies specific to your site’s unique traffic patterns. Ensemble machine learning models identify bad bot behavior across all Distil-protected sites. Along with other real-time intelligence, this is fed through our database of known violators and shared with all Distil customers 24/7.
Biometric data validation, such as mouse movements, mobile swipe, and accelerometer data, catches botnets that use malware to hijack real devices.
Real-time Updates from the World’s Largest Known Violators Database
When one domain is under assault, Distil Networks gathers the attack information and distributes it to all Distil-protected sites. Distil has identified millions of malicious fingerprints to ensure that no offending user is ever let back in.
In addition, Distil curates threat intelligence feeds from third-party fraud, spam, malware and proxy lists — all of which is updated to protect you in real-time.
The Only Hi-Def Device Fingerprint in the Bot Mitigation Industry
The Distil Hi-Def Fingerprint goes well beyond IP- and header-centric identification by analyzing over 200 additional device attributes. Hi-def fingerprints stick to each bot—even if it attempts to reconnect from random IP addresses or hide behind peer-to-peer networks and anonymous proxies. This also enables you to set rate limits based on device fingerprints—not IPs—to govern pages per minute, pages per session, and session length.
Integrated CAPTCHA is Easier for Humans, but Harder for Bots
Distil partners with FunCaptcha to provide an easier test for humans than Google ReCAPTCHA, while being harder for bots to solve. It works in any language or country (even China), and defeats CAPTCHA bypass techniques such as OCR, brute force, machine learning, and human CAPTCHA farms.
By using a combination of custom-generated 3D models, gamification techniques, timed challenges, and escalating puzzles, the CAPTCHA defeats even the most sophisticated bad bot operators.
Easy-to-Manage Access Control Lists (ACLs)
ACL creation and updating has typically been time consuming and hard to manage, but the Distil Universal ACL makes it easy to create a policy and then apply it to a specific domain, path, API, or across your entire Distil account.
Unlike traditional ACLs that are limited to IP addresses and geolocations, the Distil Universal ACL enables whitelisting or blacklisting based on any combination of IPs, countries, organizations, tokens, Hi-Def fingerprints, user agents, and referrers. Distil also shields you from the tedious task of managing IP drift (e.g., for blocking bots and humans from a specific country or competitor).