We develop systems with built-in capacity to protect from illegitimate use and help companies defend against targeted bot attacks that slip through third-party AI security tools.
The difference between having own protection and using a third-party solution is that the latter identifies the attacker by common patterns of bot behavior from an accumulated knowledge base. While it does to a certain extent protect against nonspecific attacks, it cannot identify an attack that is tailored to a specific system.
If the ill-wisher hires a group of developers, they can create a well-masked bot that simulates the behavior of a real user by exploiting unique characteristics of your system.
To protect the system from a targeted attack you need to build on its inherent properties, analyze the patterns of behavior of real users and attacking bots, and develop countermeasures that can render the attack being economically impractical.
The systems developed by Axmor have been successfully tested for compliance with the US healthcare system standards (HIPAA), PCI DSS 2.0 Level 1 certification of payment gateways.
Limiting the number of requests from a single IP address does not work if the attacker uses a distributed attack (DDoS) that is carried out simultaneously from a large number of IP addresses.
Indeed, most of the cheap and widespread bots are quite primitive and easy to detect. The situation changes when someone is motivated to write a well-thought-out bot that can mimic a real user. Dealing with this type of attack is a competition not unlike a chess game between highly professional programmers both on the side of the attacker and the defender, where each tries to outsmart the other in the short and the long game alike.
Services that use machine learning rely on the accumulated knowledge base of the behavior patterns of attackers on a wide variety of different systems. The problem is that each system has unique user scenarios that the bot can adapt to in order to bypass such protection. While these services do detect attacks, their competencies are inherently limited by the uniqueness of the systems and the attackers.