SaaS / Enterprise

Threats: Vulnerability Scanning, Brute Force Attacks

Enterprise and consumer applications are often accessed via a public website. The web application is a largely unprotected attack surface with traditional network-based protection approaches that typically only look at velocity of access, source of traffic, or browser signatures contained in the HTTP headers. It is now relatively easy for attackers to bypass those protections which leaves your web application vulnerable to malicious damage and data theft.

Attacks are now often done at a slow rate so as not to trigger volumetric restrictions. Similarly, the attack traffic is spread over dozens or even hundreds of IP addresses via free proxies and anonymizing services like Tor in order to mask the scope of the effort. With no protection, attackers are free to brute-force stolen credentials to gain entry, or to test for vulnerabilities in order to control or damage your website.

PerimeterX Bot Defender runs within the web client. It evaluates tens to hundreds of indicators and can positively identify and stop the attacks before they cause damage. User behavior, application behavior, cookie access and browser fingerprints give PerimeterX Bot Defender a much higher resolution of risk when compared to older methods, as well as the ability to find zero-day threats.