FortiWeb’s Biometrics-Based Bot Detection is a sophisticated feature designed to differentiate between human users and bots by analyzing client-side interactions, such as mouse movements, keyboard inputs, screen touches, and scrolling behavior. This method provides a more nuanced approach to bot detection, particularly useful for mitigating advanced bots that can bypass simpler detection mechanisms like IP blocking or user-agent validation.

Watch the video on Biometrics-Based Bot Detection by clicking this link or accessing it via the right sidebar.

FortiWeb’s Threshold-Based Bot Detection is a feature that helps distinguish between human users and automated bots by monitoring for suspicious behaviors that occur at abnormal rates, such as the frequency of 403 and 404 response codes, attack signatures, slow attack activities, content scraping activities, and illegal user scan.

Watch the video on Threshold-Based Bot Detection by clicking this link or accessing it via the right sidebar.

FortiWeb’s Bot Deception feature is a proactive defense mechanism designed to detect and trap malicious bots, such as web crawlers, by inserting hidden links into the HTML response pages. Legitimate users, such as human visitors using a browser, will not interact with these invisible links, but bots (especially web crawlers) may inadvertently follow these links, exposing their automated behavior. Once identified, FortiWeb can take action against these bots, such as blocking their requests or logging the activity for further investigation.

Watch the video on Bot Deception by clicking this link or accessing it via the right sidebar.

FortiWeb’s Known Bots feature is designed to help manage and differentiate between legitimate bot traffic (such as search engine crawlers) and malicious bots (such as DDoS bots, spammers, or content scrapers). By doing so, it helps protect your websites, mobile applications, and APIs from unwanted bot attacks without disrupting the flow of critical and beneficial traffic.

Watch the video on Known Bots by clicking this link or accessing it via the right sidebar.

FortiWeb's AI-based machine learning bot detection enhances traditional signature and threshold-based methods by identifying sophisticated bots that might otherwise evade detection.

• It analyzes user behavior across thirteen dimensions, such as the frequency of HTTP requests and the use of illegal HTTP versions, without requiring manual threshold configuration.

• Using a Support Vector Machine (SVM) algorithm, FortiWeb automatically learns the behavior patterns of regular users, comparing incoming traffic to these patterns to identify anomalies.

• If user behavior changes significantly—due to application updates, for example—FortiWeb adapts by refreshing its model to maintain accurate detection. This automated, adaptive approach reduces the need for manual adjustments and experimentation, ensuring more effective and efficient bot detection.

Watch the video on Machine Learning Based Bot Detection by clicking this link or accessing it via the right sidebar.

FortiWeb has integrated the FortiAppSec Cloud’s Advanced Bot Protection (ABP) service. It is a Fortinet SaaS advanced bot mitigation solution designed to detect and protect against sophisticated bots.

To detect bot activity, the ABP service injects a lightweight JavaScript into the client’s browser. This script collects behavioral data and request samples, which are then used to train a machine learning model capable of identifying patterns associated with normal user interactions.

All communication between FortiWeb and the ABP service is encrypted using TLS. To ensure authenticity and integrity, both FortiWeb and ABP present certificates to establish mutual TLS authentication. This safeguards the attack query process from potential interception or tampering by malicious actors.

Watch the video on Advanced Bot Protection by clicking this link or accessing it via the right sidebar.