Components of total protection

Based on the Active Bot Protection technology

What is a DDoS attack

Dishonest competitors and delinquents launch DDoS attacks via the Internet. Distributed DoS attacks create problems for the website by causing a denial of service. As a result, well-meaning visitors of Internet resources are denied access to information and commercial services, or may experience difficulties with the website functionality. DDoS attacks are extremely popular among hackers. They are an inexpensive but effective way to disrupt the work of online services while remaining unpunished.

According to the method of impact, the following attack techniques are distinguished:

Network layer DDoS attacks – restrict the functioning of server equipment as well as disrupt the operation of software due to the vulnerability of protocols.

Application layer DDoS attacks – target the “weak points” of the website, act specifically, are characterized by minimal consumption of resources, dominate in frequency of occurrence and require a complex as well as expensive “antidote”.

How active bot protection works :

  • We let all incoming traffic of the website pass through a distributed network of SYSTRON filtering nodes.
  • We analyze traffic in real time with regard to multiple characteristics.
  • By means of mathematical algorithms of our own development we filter automated traffic from queries of real users.
  • All requests are classified as either legitimate or illegitimate (real user or bot).
  • We divide traffic from a single IP address (mobile or wireless Internet, provider with NAT, public Wi-Fi).
  • Suspicious visitors are checked unnoticed; an expanded inspection is carried out based on the analysis of behavioral factors.
  • Upon detection of a DDoS attack or an automated scanning threat, Active Bot Protection immediately blocks malicious traffic (response time less than 50 ms).
  • Well-meaning users continue to enjoy the website’s functionality and services.

DDos protection

About web-scraping

Unique information is a target for competitors, intermediaries and intruders. The databases of online services for cartography and navigation systems, product characteristics in internet shops as well as advertisements on digital trading platforms are particularly popular. However, manual copying of content is costly, exhausting and unproductive. The automated download (exfiltration) systems of content are developed and used to save time and resources. The specifically configured software performs website crawling – it automatically downloads the web pages, analyses the content, finds the links to other sections and recursively copies the entire content of the website.

Problems generated by web-scraping :

  • Attacked websites are deprived of unique content and lose their positions in the organic search engine ranking;
  • Automatic correction of stolen texts makes it difficult to find duplicates even with the help of search engines;
  • Automatic downloading of data creates a serious parasitic load; it disrupts the stable operation of the website and may lead to a denial of service to legitimate visitors;
  • An automatically created copy of the website can be used for phishing attacks when by using authorization forms, intruders steal en masse users’ account data.

In its turn, legal methods of protection against web-scraping have limited abilities.

Copying of information from public sources is not as legally protected as copying and use of personal data by the Directive 95/46/EC is. For that reason, technological methods of protection of information from copying are also in demand.

With the help of Active Bot Protection, the Systron platform can filter out relevant requests, preventing unauthorized copying of content and reducing the load on the client’s infrastructure.

Smart migration of web scrappers on pages of goods in e-store exfiltrating current price list
DDos protection
Active Bot protection as a fraud preventing solution

About click fraud

Click fraud refers to one of the types of online scams. Interested parties, such as competitors or intruders, make false clicks on advertising links (Pay Per Click) and spend the advertising budget. There are manual and automatic click frauds, the latter occurs, when actions of clickers are imitated through special programs.

Examples of click fraud can be as follows :

  • Technical clicks – the search engines follow the links for indexing the website’s content;
  • Clicks from advertisers – the advertisers click on their own contextual ads to increase their click-through-rate (CTR);
  • Clicks from competitors – the competitors follow the links from contextual ads for reducing the advertising budget;
  • Clicks from unscrupulous webmasters – the users and automated programs follow the links to commercial ads to increase the profitability of their own advertising platforms;
  • Fraudulent clicks – network fraudsters alter the results of online voting systems and increase the counters on the website.

Protection from click fraud is required for :

  • Advertising and marketing agencies – the filtering of false clicks will help to collect reliable marketing information and reduce the reputational risks;
  • Advertising companies – the protection of ads from clickers saves the budget in the context-based advertising;
  • Website owners – the protection from automatic increase of votes guarantees exact results of voting systems on the website.

Bot traffic may reach 80-90% out of total infrastructure capacity or/and application perfomance :

DDos protection

Clickfraud e-commerce adds :

DDos protection

Prevention from periodical web-scraping of client’s media resource :

DDos protection

API definition

According to the Wikipedia: “In computer programming, an application programming interface (API) is a set of subroutine definitions, protocols, and tools for building application software. In general terms, it is a set of clearly defined methods of communication between various software components.”

As we see rapid development of mobile Internet access networks and the growth of the number of smartphones, many companies whose business is connected to the Internet, are developing and supporting their own mobile applications.

This allows them to make their services accessible to as many users as possible. A home computer is no longer required to purchase services or to consume content.

Most mobile applications use a client-server architecture where the application is installed on the user’s device and the service content is delivered via a centralized API.

Major threats to APIs :

As all mobile services are interested in reaching their maximum audience, users should be able to use the application around the world. An API is often a great resource and therefore attracts hackers as well as legitimate users. A weakness of APIs is that they can be subject to service failure attacks. This type of attack makes it impossible for the user to access the mobile application and faced by the fact that the service is unavailable, forces them to turn to alternative options. There are many ways to address these types of attacks. However, blocking the offending addresses is usually not the best method. The historical approach of blocking IP addresses could lead to restricting access for legitimate users of the application on the same shared WIFI or public access point at a hotel, airport or train. This leads to a negative impact on brand and revenue.

Another type of abuse of mobile and public APIs is automated scraping and/or publishing of data to the service by bot accounts.

An optimal solution could be systron’s Active Bot Protection (ABP), which is able to filter-out non-legitimate requests. The application backend will receive web-traffic that is cleaned from undesirable requests. ABP is based on a multifactorial analysis of each Internet session. The method includes both statistical and technical data analysis. Apart from these, Systron uses behavioral analysis which enables to distinguish bots and humans with a high level of confidence.

What Systron recommends :

API protection service extends systron’s Active Bot Protection to all applications including mobile, mitigating low-frequency bot attacks that are normally missed.

With systron’s Always-On API protection, companies notice a decrease in load and increase in capacity due to filtering unwanted bot traffic.

Detection of password bruteforce attacks Human traffic is variable / Bot traffic is constant
DDos protection
Smart detection and mitigation of DDoS attacks not only on infrastructure or web but also on mobile application APIs
DDos protection

About stress test

Upon request, Systron provides personalized DDoS Simulation tests, to identify how a company would fare under a range of automated attacks. Systron has found that majority of the time, companies are vulnerable against modern attacks, which are bypassing traditional methods of detection.

The scope of the test :

  • Determine the threshold of the load on the customer’s web-services;
  • Determine the ability of current means of protection to withstand modern threats, including high-frequent and low-frequent loads at levels L3, L4, L7;
  • Prepare a report indicating the identified bottlenecks, as well as recommendations for their removal increase in traffic leads to overload and, respectively, to denial of service for some users.
DDos protection

Systron’s innovative technology – Intelligent Active Bot Protection©

Systron’s Intelligent Active Bot Protection© technology is focused on threats on application level, where the threats are more sophisticated and modern.

Systron currently uses this technology for DDoS mitigation (with focus on L7), anti-click fraud, protecting API of mobile applications and serve clients in the segments of media, e-commerce, financial, hosting providers. Our platform has been designed and developed by highly skilled engineers who have vast experience in DDoS mitigation and bot detection.

Services are provided based on its own software and infrastructure. Systron cleans the traffic of its customers and protects them against different types of network attacks, such as DDoS and various types of hacking attacks, thereby making its customers Internet services more accessible and safer for their users.

The total duration of testing does not exceed three hours. Date-time of test start and peak stress test load is determined with the client in advance.

To coordinate the parameters of the various stages of testing for the entire time of the tests, the client allocates technical specialists with the appropriate authority.

For operational coordination, the presence of at least one client specialist in the group created before testing is mandatory.

Testing is carried out in several stages. The start of each stage and the initial parameters of the load are coordinated with the dedicated specialists of the customer.

Phase 1 – Layer 7 testing

During this phase, the processing by the web resource of requests at the application level is checked :

  • low-frequency testing;
  • testing of statics;
  • testing the dynamics of GET requests;
  • testing the dynamics of POST requests;
  • combined testing methods.

During the testing, parameters of using keep-alive, timeouts and other available variables can change.

Phase 2 – Layer 3-4 testing

During this phase, the processing by the web resource of requests on the network and protocol level is checked:
  • UDP flood;
  • TCP flood (SYN / SYN + ACK / ACK, etc);
  • Generic TCP flood;
During testing, the flags of packages and other available variables can change.

Phase 3 – analysis of the data obtained, report preparation, demonstration of Systron platform

The specialists agree on the parameters of connection of the Systron service to the tested resource. Upon completion, the obtained parameters of availability, delays, the number of resource responses with error codes, etc. are compared.

Within three working days upon test run, Systron experts provide a list of infrastructural weak-points and improvement recommendations, based on gathered data analysis.

Get protection

Thanks for showing your interest. Please fill your contact details below.

Need Help? To get support 24x7 contact