Bot defense with only server-side integration
Server-side integration options depend on parameters such as payload and HTTP headers to detect automated activity. After deployment of a bot mitigation solution, the server makes API calls to bot detection servers for every HTTP request. The only limitation that server-side detection technologies have is that they can’t collect client-side data points. Such data are helpful in identifying sophisticated non-human behavior that is difficult to detect using server-side bot detection solutions. Let’s take a closer look at this in the next section on how data collected from client-side integration helps in detecting sophisticated non-human traffic.
Furthermore, bots identified through JS/SDK can be studied further and their latent server-side patterns can be derived. Such patterns augment server-side-only detection, where JS integration is not possible. Fraudsters, who are incentivized to attack your property, can change the bots as soon as they get blocked at server-side. For example, they can change the HTTP headers of their bots several times per day. Deep learning-based detection engines which use a rich combination of device, browser, and user behavior-related data can detect such mutations early.
Scorecard of detection approaches
Combination of Server-side and JS tag (e.g. Radware Bot Manager)
Real-time Data Collection and Analysis
- Collects payload and HTTP requests
- Collect hundreds of additional parameters from the end user’s browser and device
- Data streams are sent back to the ML models to dynamically improve algorithms
No Impact On Genuine User Experience — False Positives
Accuracy of Detection — False Negatives