Radware Employs Blockchain Technologies to Thwart Bots – Security Boulevard
The Home of the Security Bloggers Network
Home » Security Boulevard (Original) »
Radware this week revealed it added blockchain technologies to its Bot Manager platform to thwart attacks designed to evade completely automated public Turing tests to tell computers and humans apart—better known as CAPTCHA challenges.
Dr. David Aviv, CTO for Radware, said that while a CAPTCHA challenge can be an effective way to determine if an application is being accessed by humans, bots that access application programming interfaces (APIs) could easily circumvent that approach.
Radware’s blockchain technologies require any endpoint to establish a virtual identity by downloading a lightweight micro-cryptominer to access an application or API. Radware is then able to use algorithms to collect metrics between endpoints and applications via an Ethereum-based blockchain ledger deployed in the cloud. That ledger establishes intent by tracking legitimate “proof of work” on the endpoint created by the micro-crypto miner each time that endpoint interacts with an application or API and establishes a level of trust, said Aviv.
A zero-trust approach to security means that if an endpoint attempts to access resources outside the scope of policies defined by an IT team, that endpoint is deemed untrustworthy. Any additional access requests will be blocked by the Bot Manager platform, said Aviv.
In effect, Radware is using blockchain technologies to apply gamification techniques and track behavior to better thwart sophisticated bot attacks without impacting application experiences, he added.
Radware reported that between 2021 and 2022 its research showed a 144% increase in fourth-generation bot attacks that mimic human behavior; these bots can mimic mouse movements, keyboard strokes, clicking and scrolling. Cybercriminals have also been employing a variety of anti-CAPTCHA plugins and CAPTCHA-solving farms to evade such challenges altogether.
Bots adversely impact everything from application experiences—by consuming resources that could be allocated to real users—to enabling scalpers to harvest tickets to concerts and sporting events via API calls made to a Web application. Blockchain technologies present an opportunity to significantly minimize that activity without having to rely on CAPTCHA technologies that are increasingly ineffective, said Aviv.
In addition, there’s an opportunity to diminish cybercriminals’ return on investment in bots, making the cost of employing them far exceed any financial benefit, he added.
It’s too early to say what impact blockchain technologies might have on cybersecurity, but it’s apparent that there will soon be new classes of tools available to cybersecurity teams that leverage immutable ledgers to enforce zero-trust IT policies. Most organizations, however, are not likely to be able to set up and maintain a blockchain ledger on their own, so, in the meantime, these technologies will likely be consumed via some type of cloud service.
It’s not clear whether blockchain technologies will put an end to the bot mitigation arms race that has raged for years. Each time technologies are developed to mitigate them, the sophistication of the bots themselves has increased in response. But soon, employing bots with malicious intent will not be nearly as easy as it is today.
Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.
mike-vizard has 470 posts and counting.See all posts by mike-vizard