Todays comprehensive monitoring capabilities in Security Center provide great insight into bot activity and countermeasures applied across your valuable web properties. Filter options allow you to focus on almost any desired detail. However, understanding what is happening on specific protected endpoints requires an understanding of not only Web Security Analytics, but also how you should translate a specific question into a sequence of filters. This can be tedious for a task that you might do often, so making this easier is the target of a new report.
What is Bot Endpoint Protection report?
For Bot Manager Premier customers, Bot Endpoint Protection is a new report that will be released in October. The report is available in the Analysis section of the Security Center, and it is intended to help users focus on the the detection and management of bot activity in connection with specific, protected URLs.
How does it help you?
This report will help you quickly understand how the Bot Manager Premier product benefits you. For the critical parts of your site, you can easily monitor human vs. bot activity and gain insights into the breadth of attacks as well as whether the attacks were alerted or mitigated. Additionally, for any given attack period, you can quickly identify the key attack characteristics. The report also provides key details like origin of the attack (top countries and AS Numbers) and characteristics of the attacker (top IP address, user agents and botnet IDs). In summary, Akamai built this report to help save you time in understanding what your critical endpoints are experiencing.
What is included?
The Bot Endpoint Protection report can show activity across all your endpoints, or the report can be filtered to a particular subset of activity. Besides a general overview with a representation of human and bot traffic over time, there are a total of 11 predefined widgets that include:
Origin reported failures (was your origin reporting high levels of unsuccessful logins?)
Actions applied to bots
Detection by behavioral anomaly reason
Bot and human requests by resource name
Top 50 Bot countries
Top 50 Bot AS Numbers
Top 50 Bot Botnet IDs
Top 50 Bot User Agents
Top 50 Bot IPs
The analysis time frame can be freely customized within the last 90 days, and all represented information is downloadable in CSV format.
The following is a selection of widget views from the Bot Endpoint Protection report for a group of endpoints and a specified time frame.
The Overview widget provides basic traffic information at a glance. When following these numbers on a regular basis, you can become aware of unusual events especially quickly.
The traffic timeline allows you to compare bot and human traffic over time and can also help you to identify abnormal deviations. Here, two spikes in human and bot traffic stand out - one for each of two different high traffic sale events during this period. An increase of bot traffic during a 2 hour-period can also be seen, and the increase significantly exceeds human traffic at the same time.
Showing actions applied to bot traffic helps you understand the effectiveness of the protection applied to this endpoint. Here, the widget shows that bots get denied and the amount of actions triggered correlate with the bot traffic volume shown in the traffic timeline.
A further widget allows you to examine top anomalies that result in traffic being flagged as bot traffic. Here, the line chart makes readily apparent the top two reasons behind bot traffic detected during both the two sharp spikes (Session Cookie Replay) and the two-hour plateau (Known Bad Bot Detected) of bot traffic .
As mentioned above, additional widgets allow users to further detail identified bot traffic, e.g. in terms of most frequent countries, AS numbers and botnet IDs.
What you need to do
Nothing - the Bot Endpoint Protection report will be available, at no additional cost, to any Bot Manager Premier customer as part of Security Center.