Eliminating Malicious Bots for Optimal Application Performance
This leading, global online learning and teaching platform is used by 80% of Fortune 100 companies. It offers more than 150,000 courses in 65 languages and serves more than 50 million users worldwide.
Performance is key to the success of SaaS companies that deliver value to their customers entirely through online experiences. For this leading online learning company, application performance and site uptime was no exception — optimal performance was critical for its brand reputation, revenue growth and success. Initially, when the service was launched, the company encouraged users to consume as much content as possible to increase its popularity. The quest for hypergrowth and adoption led to users deploying bots to scrape and download content from the platform. The platform, which was primarily designed for streaming content, was unable to handle the flood of concurrent content downloads and was quickly overwhelmed, resulting in application downtime. Additionally, many users complained that their accounts were compromised. Users’ login and password combinations were being validated by brute force credential stuffing attacks on the login page, leading to malicious account takeover (ATO). As the team investigated, they also noticed a high number of bot-created fake accounts that were used to plagiarize content and post it on other platforms.
Bots were hurting both the user experience and the content publishers on the e-learning service, which ultimately slowed revenue growth. The company needed to resolve its application performance, user account security and content protection challenges quickly to ensure its continued leadership and growth in the e-learning market.
Bots were overloading our systems, negatively impacting application performance and causing unplanned downtime.
The company wanted a solution that could manage bot traffic at the edge before unwanted requests reached its infrastructure. PerimeterX Bot Defender® was recommended by one of its trusted web infrastructure providers and found to address the company’s application performance and bot attack challenges. Bot Defender is a behavior-based bot management solution that protects web and mobile applications and APIs from automated attacks safeguarding online revenue, competitive edge and brand reputation.
Application performance: The company’s application platform was being attacked by multiple types of bots that were overloading its systems, negatively impacting application performance and causing unplanned downtime. Its CPU resources were being taxed by the volume of automated attacks. With Bot Defender, the company was able to block malicious traffic at the edge, limit specific types of bots attacking the system and throttle traffic to keep its application running at its optimal level.
Scraping bots: As a site with a great deal of valuable content, it was no surprise that the company was under attack from scraping bots. Scraping bots were infiltrating its system to steal course content. Bot Defender was able to identify these scraping bots, often the most sophisticated in their ability to mimic human behavior, and found they were typically operated by competitors who continuously improved them to steal content.
ATO bots: Using fake accounts and credential stuffing, ATO bots were also attacking the company’s login pages and taking over valid user accounts to steal content. Over 80% of the traffic to its login pages was from ATO bots. Bot Defender was able to identify and defend against these credential stuffing attacks before user credentials were revealed or validated.
The ability to detect and mitigate bot activity with Bot Defender helped the company to protect its brand and maintain a competitive edge with its leading learning and teaching application platform.
Preserve brand reputation: The ability to keep the application platform performing at optimal levels and maintain better than 99.99% uptime helped the company to keep its brand reputation as a premier e-learning service. Improved application performance, secured user accounts and protected publisher content enabled the company to continue focusing on growing its user base and revenue.
Competitive edge: With the growing number of contributors and followers using the site, securing the content from scraping bots enabled the company to maintain its competitive edge. Bot Defender was able to detect and protect the application from competitors attacking and stealing core content to draw users away. Protection from scraping bots and account takeover attacks enabled the company to maintain and grow its competitive advantage.
Bot Defender was able to block all of the malicious traffic, rate limit at the edge and ease the load on our web infrastructure.
Using machine learning and behavior-based analytics, PerimeterX solutions detect and block automated bot attacks and client-side threats with unparalleled accuracy. Your online business is protected while preserving user experience and page response times.
PerimeterX is cloud-based and platform-agnostic. Using machine learning, we constantly update our library of attack patterns based on interactions with applications, fingerprints from devices and network characteristics to protect against the next new threat.
To keep watch over your web and mobile applications and APIs, PerimeterX functions as an extension of your team and provides responsive, best-in-class service and around-the-clock security analyst oversight.