Distil Networks: when bad bots feed on API endpoints

Can we make our mind up about the bots please?


One day we’re all about the good bots… and then we’re straight back to bad bot detection on the next.

Distil Networks, Inc. is a player in the (bad) bot detection and mitigation market.

The firm’s Distil API Security service is designed to protect vulnerable Application Programming Interface (API) endpoints from malicious traffic.

Distil API Security claims to be able to defend against developer errors and automated API scraping, as well as web and mobile API hijacking.

The software offered here is designed to protects all types of APIs such as:

• APIs serving web browsers,

• APIs serving mobile applications

• APIs serving Internet of Things (IoT) connected devices.

THE TECHNICAL CHALLENGE — According to Distil Networks, the technical problem here is due in large part to a rise in API-centric development, an approach in which web, IoT and mobile applications are designed to pull data from backend services via API calls, APIs are becoming an increasingly integral part of the digital world — however, many organisations struggle to manage the security of APIs, relying on simple authentication tokens or basic IP rate limiting to guard these critical attack vectors.

According to a recent Ovum survey of 100 IT and security professionals, 30 percent of APIs are designed without any input from the security team, and 27 percent of APIs proceed through the development stage without the security team weighing in.

“Unlike competing solutions that only track usage based on IP addresses, Distil API Security also tracks API usage based on ID tokens, which is important as recent findings from the 2016 Distil Networks Bad Bot Landscape Report shows that 73 percent of automated attackers spread their attacks across multiple IP addresses,” said Rami Essaid, co-founder and CEO of Distil Networks.

Distil API Security tracks API usage across both identification tokens and IP addresses to detect and block malicious activity, developer errors and abuse.