Getting Started with Bot Management

Learn the PerimeterX Best Practices for Onboarding

The award-winning PerimeterX Services and Support team works 24/7/365 to ensure that customers are protected from malicious bots, automated threats, client-side attacks and malicious injections. But before day-to-day operations can begin, the PerimeterX team moves through a series of steps to quickly and smoothly kickstart each customer relationship journey. That’s why it’s crucial to us that the onboarding process has our solutions installed and running in a matter of hours. The PerimeterX client services team consists of top solution architects with up to 25 years of experience supporting not just PerimeterX solutions, but the whole tech stack that’s relevant to your digital business’s needs. As a result, our team can integrate our security into unlimited technology stack combinations to protect your web and mobile apps. Here’s how our deployment process works.

The onboarding process described here applies to PerimeterX Bot Defender, and can vary slightly for other PerimeterX solutions.

How does PerimeterX step-by-step deployment work?

There are 5 main steps to onboarding. Step 1 is where we in Services and Support meet with the customer and figure out a working modality between us and the customer. We identify their pain points and their historical need for a bot management solution. If they have historically had a tool, we discuss their experience and how we can build upon it. We also discuss the technical stack that they have and how easily we can integrate with it. Lastly, we give them a walkthrough of what follows next and what kind of resources are needed to meet timelines. The onboarding process can vary based on customer needs and how complex or sophisticated they want it to be. After 2-4 weeks of conducting a proof of concept (POC), we are already showing value through our solution.

Next is Step 2: configuration. The two main setups that we need to perform are for the PerimeterX Sensor and PerimeterX Enforcer. For both of these sub-steps, we work closely with the customer to efficiently make any requisite changes under the hood on the customer end. By using a single, easy-to-deploy client-side Sensor, a cloud-based Detector, and an Enforcer that integrates with a wide range of server-side and edge technologies, customers can preserve their existing architecture without negatively impacting user experience.

Step 3 is deployment and tuning. Tuning is a step which is done by PerimeterX machine learning algorithms to fully customize the solution to your web application. The scope of tuning is to make sure that we are optimally set up to protect a customer against their use cases. If a customer needs to protect against account takeover (including brute force attacks and credential stuffing), scraping or carding, we make sure that our rules are well-tuned and optimal to take care of those needs. In parallel, we also look at other low hanging fruit, like if there are already account takeover attacks occurring or someone is trying to scrape, which we can also showcase in our tuning effort.

During the tuning phase, we also talk with customers to identify their office space, their known partners, vendors, bots and other tools that they may use for developmental purposes. By doing so, we ensure that PerimeterX solutions don't inadvertently impact any of that traffic. Knowing the difference between different types of bot activity—from innocuous Google SEO bots to malicious automated threats—is crucial. Our bot detection techniques involve the PerimeterX framework of threat intelligence, leveraging 120 machine learning algorithms and 165 machine learning models, which profile automated threats and JavaScript vulnerabilities in real time. The solution can include Human Challenge, the improved PerimeterX user verification built to reduce false positives, increase ease of use for legitimate users, and avoid the pitfalls of CAPTCHA. We secure your website, web and mobile applications, and APIs to allow good traffic and good bots while seamlessly blocking bad bot traffic.

At the end of tuning, we move to Step 4: validation. During validation, we show the customer our findings and also make sure that we show value against the initial problem statement with which we started.

Once validation is done, we then logically move to the last step, Step 5: mitigation. This is where we make the necessary changes to start protecting the customer against current and future attacks.

How is this process unique to PerimeterX?

Some vendors omit Step 1, the initial kickoff. They go directly into the integration phase. We perform this step to get a deeper understanding of what use cases are important for the customer so that they can experience value right away.

The other step that many vendors don't do is Step 3: tuning. The psychology between our approach versus other vendors' approaches is that we totally believe in the philosophy: “Do no harm.” This is ultimately a security solution where you will be blocking traffic. It’s important that the customer understands that we make sure we don't impact legitimate traffic at all. Many vendors do the tuning after mitigation, after they may have erroneously blocked something. We optimize your setup and then move you to mitigation so that you don’t have to worry about negatively impacting your traffic from the get-go.

The architecture-agnostic PerimeterX Platform deploys out-of-band, meaning it integrates with the customer’s current web technology stack and/or CDN and without the need for any additional tiers or layers.

PerimeterX was also recognized as a leader in The Forrester New Wave™: Bot Management, Q1 2020 report, which evaluated 13 vendors in the bot management market on criteria related to product offerings and business strategy. PerimeterX received differentiated ratings, the highest ratings possible, in the attack detection, attack response, threat research, feedback loops, performance metrics, vision, roadmap and market approach criteria. According to the report, PerimeterX “leads the pack with robust machine learning and attack response capabilities” and quotes a customer stating PerimeterX Bot Defender “was extremely easy to deploy in production and maintain.”

What part(s) of the onboarding process impact ease of use for the customer most?

The tuning phase is the most important phase for us, as well as the customer. This predominantly affects the customer’s ease of use. This period is when we go through an iterative process of engaging with the customer, discussing what we see and what they identify in their traffic as their known bots and vendors and partners. We stray away from impacting that traffic. We also use this period to train customers on their PerimeterX solution and the PerimeterX Portal. This will be the one-stop shop that the customer uses as a window, to look at what is happening via our platform.

This training is almost a daily conversation that we have with customers on our findings, how we recommend approaching protection, and how they want to approach it. This provides customers with the comfort of understanding the product and its capabilities. Many times during this phase, we have shown customers tricks that they can do themselves and which unfortunately they were not able to do with some other vendors. That way, they can easily self-service their needs rather than actually depending on professional services or customer operation center support. That being said, our award-winning customer operations will still be within reach 24/7/365 via Slack or whichever contact method you prefer.

Are there other aspects of the PerimeterX onboarding process that are worth noting?

Our product is very flexible. The feature set is very surgical, and it’s very important that we understand customer pain points very well. For example, you may have a carding problem, an account takeover problem or a scraping problem. Identifying this problem is paramount. And if you have all these problems, it’s important to identify which impacts you the most. The carding problem may be costing you money because you have to pay your third party vendors for every request. Content scraping may also be impacting you because your competitors are robbing your inventory numbers or your pricing numbers. Account takeover bot attacks could be costly to you as well. It’s important for the customer to correctly understand the economics of cyberattacks so that we can help them protect optimally.

It’s also important to understand how you want to operationalize your solution. How does this fit within your day-to-day activity? Our goal is to provide you with a platform where we set it up and you can forget about bot mitigation issues while all management and escalation is handled by the PerimeterX team. We want to maintain your functionality while working invisibly to keep you secure.

In summary, the PerimeterX Services and Support team offers fast deployment and functions as an extension of your team to provide proactive, best-in-class service and around-the-clock security analyst oversight. You benefit from proactive threat management with a dedicated Security Operations Center (SOC), delivered in real-time through your preferred communication channels such as phone, email or Slack. It’s because of this level of service and dedication that PerimeterX customer retention rates remain so high. Curious to see it in action? Talk to a PerimeterX representative about starting a proof of concept for your business and see for yourself!

For any questions about the onboarding process, contact your PerimeterX Customer Success representative.