Skip to content Skip to navigation Skip to footer

Overview

FortiGuard Advanced Bot Protection employs continuous machine learning and behavioral analysis to protect applications from account takeover attempts, data theft, and service disruption. A continuous feedback loop allows the creation and then detection of emerging attack patterns and bot behaviors. The service is able to distinguish between human users, legitimate bots (chatbots), and dangerous bots.

FortiGuard Advanced Bot Protection distinguishes between human users and bots accessing your site by looking at behavioral patterns such as multiple login attempts, rapid character typing, and rotating IPs or devices.

Browser Fingerprinting Detection

FortiGuard Advanced Bot Protection can block or limit simple bots by IP or signature. To detect more sophisticated bots, the service analyzes crawler-specific attributes and checks for inconsistencies in the browser and operating system. Not only does it follow every unique user agent that transacts with the application, but it also feeds the algorithm with new patterns. 

FortiABP GUI

Biometric-Based Detection

For more sophisticated bot threats, FortiGuard Advanced Bot Protection monitors, collects, and analyzes client events. These include mouse movements and keyboard clicks to cross-validate with identification and intent-based parameters. It also looks for CAPTCHA bypasses and challenges these bots, to eventually provide a risk score for the organization to act upon. 

The evolution of bot types and defense techniques. Simple bots are checked by IP reputation, IP agnostic bots are stopped by threshold detection, bots that mimic human behavior are stopped by biometric detection, and bots that can solve captchas are countered by artificial intelligence.

Continuous, Adaptive Learning

As bots continuously evolve to bypass security mechanisms, new bot behaviors and evasion techniques must be learned and applied to defenses. Our solution uses deep learning and data correlation between multiple dimensions, challenging and probing variations over time to provide accurate risk evaluation. It also accurately classifies good bots.

Features and Benefits

Automated threats have grown in sophistication and scale, increasing the risk to data integrity and confidentiality. To protect network availability and applications across environments, FortiGuard Advanced Bot Protection accurately distinguishes between good and bad bots, and between bots and humans. 

Comprehensive bot detection

Defends against account takeover,
web-scraping, inventory depletion, fraud, and DDoS attacks

Resiliency over time

Continuously learns about and analyzes suspicious behaviors to create a risk score to act upon

Consolidated Application Security

Boosts application security when attached to FortiWeb or FortiADC

Cost savings

Eliminates consumption by bots to deliver cost savings of cloud computing resources

Quick Time to Value

Deploys in minutes to immediately monitor bot traffic

Security fabric integration

Integrates into the Fortinet Security Fabric as part of FortiWeb or FortiADC

FortiGuard Advanced Bot Protection Defends Against:

icon account takeover
Account Takeover
Brute force, credential dumping, and account creation are all methods bots use to bypass authentication and gain access to customer data.
icon webscraping
Webscraping
Copying website data such as text, files, images, prices, and even screen captures can be used to clone a website or divert business.
icon inventory depletion
Inventory Depletion
Bots hoard online stock such as products, tickets, and hotel rooms, to either resell them or simply diminish online revenue.
icon fortiddos
Denial of Service
A coordinated attack by a network of compromised machines (botnets) can overwhelm a network or application servers, knocking them offline.
icon spam
Spam
Mass distribution of malicious content (text, advertisements, trackers, or malware) via email or SMS, can be done by bots. Sometimes this is used to degrade SEO rankings.
icon fraud
Fraud
Bots use different ways to trick applications to allow using a resource via false requests. Examples are ad fraud, click fraud, and payment fraud.

Resources

eBooks
Solution Briefs
White Papers
Data Sheet
Videos