Bot Management

Keeps your web apps up and fully responsive to your users

Exclude Hostile Bots From Your APIs and Web Applications

Get A Demo

Learn more about Bot Management 

Exclude Hostile Bots From Your APIs and Web Applications

Reblaze includes full bot mitigation in its comprehensive web security platform. Hostile traffic is blocked in the cloud, before it reaches the protected network.

Processing latency is minimal: ~0.5 ms.

Web applications and API servers receive only legitimate requests. They remain secure, responsive, and performant.

Multivariate Bot Detection

Incoming web traffic is subjected to a series of increasingly stringent challenges. Failure of any challenge results in that requestor being immediately blocked from network access.

Bot Management

Bot Mitigation

API Security

Step 1a: Profiling ACLs

Reblaze offers the most precise ACL capabilities in the industry. Requests can be filtered based on geolocation, network usage (VPN, proxy, TOR, cloud platform, etc.), and more.

Out of the box, this detects 75-80 percent of bot traffic. (The rate improves further once Reblaze is customized for the web app or API it is protecting.)

Reblaze’s ACL eliminates the majority of bot traffic with minimal processing workload, before deep packet inspection begins.

Step 1b: Profiling Browser Environments

Incoming HTTP requests must pass a full stack of inspections and challenges in order to be validated.

Then, headless browsers are detected. Reblaze goes beyond legacy techniques such as agent validation or javascript injection.

The platform subjects the requestor to a battery of advanced challenges, enabling Reblaze to detect even the most sophisticated headless environments.

Step 2: Primary Filtering

Primary traffic filtering begins with blacklisting, rate limiting, and signature detection. (These traditional methods cannot detect the newest bots, but they eliminate another tranche of older bots with minimal workload.)

The platform then continues with more stringent tests. Data integrity is ensured by Layer 7 inspection, including JSON payloads.

Reblaze also includes a full positive security model, and ingests web and API schemas for enforcement. A full API provides programmatic control, allowing rapid schema additions or revisions in DevOps and DevSecOps environments.

Step 3: Dynamic Filtering

Reblaze blocks requestors that display anomalous usage patterns over time, by monitoring consumption of resources in terms of quantity, pace, rhythm, types & methods, etc.

Most platforms track requests only by IP address. Reblaze identifies attackers using multiple identifiers: IP, headers, cookies, even POST body arguments. Thus, Reblaze can detect and block abuse even when an attack is performed simultaneously across multiple addresses.

The platform’s ruleset capabilities provide powerful, flexible, and granular filtering. Examples:

Dynamic rate limiting. (Example: too-frequent calls to a login URL.)

Network anomaly tracking. (Example: excessive per-request data consumption in a specified time.)

Layer 7 anomaly detection. (Example: number of requests per MIME type per minute.)

Step 4: Biometric Behavioral Analysis

For each application it protects, Reblaze builds a sophisticated, comprehensive behavioral profile of legitimate users.

It learns and understands how legitimate users interact with each app: their device and browser statistics, the typical analytics and metrics of each session, the interface events (mouse clicks, screen taps, zooms, scrolls, etc.) they usually generate, and much more.

By definition, every hostile user (whether bot or human) must, at some point, deviate from legitimate user behavior.

As soon as it does, Reblaze detects it and blocks it from further network access.

Want to learn more?

Sign up for a free Demo

Get your price quote

Fill out your email below, and we will send you a price quote tailored to your needs

This website uses cookies to ensure you get the best experience on our website.