Appdome, the mobile app economy’s one-stop shop for mobile app defense, has officially announced the launch of three new enhancements for its MOBILEBotâ„¢ Defense solution, each one designed to help mobile brands get more value and control from their existing web application firewall (WAF) infrastructures. According to certain reports, this the solution achieves by adjusting the evaluation, detection, and defense policy to suit every WAF product and installation. To understand the significance of such a development, we must acknowledge that, while WAF vendors have turned towards anti-bot SDKs to take on against the emerging threat of mobile bot attacks, the stated strategy has proven itself as too tedious, suffering from too many limits on mobile app developers, as well as from too heavy a performance penalty on mobile apps in production. In case this wasn’t enough, using these anti-bot SDKs also require costly changes to WAF infrastructures. Fortunately, the Appdome MOBILEBot Defense solution solves that problem big time by simplifying the very act of delivering mobile anti-bot defense on top of any installed WAF. But how exactly the enhancements in question will improve on our current situation? Well, the answer to that resides in their promise of providing adaptive evaluation, and detection and defense rules that can ease and balance the compute burden on existing WAFs and infrastructures. Not just that, it also resides in enabling mobile brands to proactively identify and thwart bot attacks, all while reducing the strain on traditional WAFs.
Talk about the same on a slightly deeper level, the platform can be expected to do its overarching job through features like, for instance, Appdome DEVICETrustâ„¢, which enables us to set the evaluation mode for connection requests and screen bot traffic and attacks. You see, mobile brands can set the trust level for each threat vector and, depending on the trust setting, determine where, when, and how bot detection and defense is performed. Furthermore, the stated feature allows for us to select and prioritize the security checks that are most important to our mobile app security project goals, and we can realize with just a click of a button. Appdome DEVICETrustâ„¢ will be available in three different modes i.e. adaptive trust, runtime trust, and zero trust. Anyway, next up, we have Appdome Bot Source and BotID. This particular feature provides mobile brands the ability to achieve continuous risk assessments through integration of any data, such as business logic. The given ability translates to how the feature can provide WAF more granular rules and automated enforcement at the point of the attack, including connection, at login, transaction, password reset, or other key application workflows.
Then, there is Appdome Client Rate Limiting, which basically banks upon the compute and processing power of a mobile device used in the attack to conceive rate-limiting enforcement within the mobile app. Complimenting the same would be these configurable limits for user’s efficiency when it comes to performing an action like attempting to log in within a defined timeframe.
“Mobile brands need to stop bot attacks, but they also need to get the most out of their WAF infrastructures and avoid costly or unplanned WAF upgrades,” said Tom Tovar, CEO and co-creator of Appdome. “Any mobile brand will likely have multiple WAFs, each with different performance characteristics. Our goal is to allow the brand to tailor the bot defense profile to meet the performance characteristics of each WAF.”