We’ve all been stuck clicking traffic lights or typing distorted words just to prove we’re human. It’s frustrating, unnecessary, and getting worse as bots become harder to detect. Take this real example of a CAPTCHA our team saw while checking out an e-commerce site recently:
Businesses are scrambling to limit malicious bot traffic, but many have resorted to a blunt solution: forcing every visitor through a CAPTCHA like what’s pictured above. In the pursuit of security, they’ve sacrificed user experience, losing real customers that inevitably fail the challenge – damaging their brand, and ultimately, hurting their bottom line.
We're taking the next steps to dismantle this outdated status quo and are excited to release updates to let you end CAPTCHA for your end users, detect more bots, and reduce Account Takeover.
Fastly Bot Management’s major update delivers 3 new capabilities:
Dynamic Challenges
Advanced Client-side Detection
Compromised Credential Checking
Dynamic Challenges
Businesses are often faced with a difficult decision to uncover the legitimacy of traffic:
Non-interactive challenges: Invisible to users, but bots can often crack them.
Interactive challenges (aka CAPTCHAs): Tougher for bots, but they make users want to throw their keyboards out the window.
Unfortunately, when faced with an ultimatum between the two, many choose option two, but not anymore! We’re excited to introduce Dynamic Challenges, a new adaptive security feature that intelligently adjusts protection based on real-time analysis of incoming traffic, regardless of whether it’s hitting your web applications or mobile experiences. Best of all, it’s fully integrated with Private Access Tokens (PATs), so those users get frictionless access with invisible automatic verification behind the scenes. This enables Dynamic Challenges to automatically validate the legitimacy of traffic with PATs whenever possible, serve non-interactive challenges to traffic that looks legitimate, or use interactive challenges to thwart malicious bots.
Your real users will never need to solve a CAPTCHA again!
Advanced Client-Side Detection
Developers use headless browsers to test and debug their web apps -- a good thing for UX. But cybercriminals use that same dev tooling to mirror legitimate traffic. In doing so, they avoid common server-side bot detection methods that only inspect static user agents, browser fingerprints, and other readily available information in a request’s metadata -- very much a bad thing. Fastly’s Advanced client-side Detection (not to be confused with our latest Client-Side Protection product that recently launched for script inventory and management), automatically uncovers this category of sophisticated bots. With just one line of code, organizations gain detection of automated browsers and headless bots on the client side so they can stop even the most sophisticated attackers.
Compromised Credential Checking
In the wake of frequent data breaches, attackers often exploit leaked databases to test stolen credentials across other sites, targeting users who reuse passwords (e.g., using the same password for Home Depot and Amazon). To combat this, we’re releasing a new Bot Management signal that automatically flags login attempts using compromised credentials. The Compromised Credential signal provides an extra layer of defense, helping our customers protect accounts from credential stuffing and account takeover attacks.
Explore the Fastly Bot Management update
It’s time we end CAPTCHA for our real users, and Fastly is leading the way! With enhanced detection and dynamic responses, your web applications, APIs, and mobile experiences will be protected without impacting end-user experiences. The update is included at no additional cost for Fastly Bot Management customers, and you can contact us to see it in action.
