Cequence Security Joins the Anti-Bot Battle

[Image Credit: Any IP Ltd.] With malicious bots bombarding the Web, tech vendors are adding services to shield banks, retailers, and other firms with data behind login pages from the onslaught. The newest is Cequence ASP from Cequence Security, which the Silicon Valley firm says detects and ends attacks through a variety of automated techniques.

The targeted bots are malicious software programs that generate high-volume attempts to log in to customer accounts to make fraudulent purchases or otherwise steal funds. In a common attack, fraudsters load user names and passwords stolen in data breaches into their bots in the hope that some will prove valid and pass through the defenses in a process dubbed “credential stuffing.” Web-services provider Akamai Technologies estimates there were 8.3 billion malicious login attempts in both May and June. Cequence, citing various sources, claims malicious bots now account for nearly one-third of Internet traffic.

Sunnyvale, Calif.-based Cequence on Tuesday said its new Cequence ASP, for application security platform, uses artificial intelligence, machine learning, and other technology to first identify the Web assets that a client needs to protect. It then monitors the client’s Web and mobile applications, as well as its application programming interfaces (APIs), for signs of attack, Cequence president and chief executive Larry Link tells Digital Transactions News.

Once it confirms a bot attack, the system attempts to squelch it through blocking, limiting traffic, deception, and other techniques. Cequence has tested the new service in several deployments, including a Fortune 100 multinational financial-services provider and a Fortune 500 cosmetics retailer.

A point of differentiation for Cequence ASP from older anti-bot technology is its ability to work with clients’ existing Web applications, says Link. JavaScript, a popular Web-coding technology, requires cumbersome code injections and software development kit changes for each Web or mobile application, according to Cequence.  “We do this with absolutely no change to the application environment,” Link says.

Another differentiator, Link says, is an open architecture. That means the service can be deployed on-premise or in the cloud, and easily exchange data among other systems and devices.

The service is tailored for very high volumes—it comes with a tiered, subscription-based pricing model starting at $150,000 a year based on analyzing 10 million transactions per day.