Kasada’s bot solution called Polyform makes it uneconomical for attackers to target our customers websites. Polyform detects the presence of automated attack tools, including Sentry MBA, Selenium, and Burp.
While other bot solutions simply block bots, Polyform is focused on stopping them. We have a three-pronged approach to bot detection:
- advanced fingerprinting
- proof of work
- pattern analysis.
The proof of work enables you to fight back against attackers and inflict service outages on them.
Use cases for proof of works can be found in various different technology streams. The proof of work concept is a fundamental element of blockchain technology. It’s used to enforce a computation effort and, thereby, control the rate of block generation. Similarly, proof of works are used in email security solutions to slow down or prevent spammers.
Polyform’s proof of work is a cryptographic puzzle requiring additional computational resources to control the rate of successful form, AJAX and API data submissions. Polyform leverages a secure hashing algorithm to automatically generate a unique challenge for each request. The system passes the browser a hash of the answer and a seed with a series of missing elements in the answer.
What’s this mean for the legitimate user? They will browse and complete the challenge using a very small amount of available CPU capacity. It’s an asymmetric process, designed to occur in the background with no impact on user experience.
For the malicious user, things get interesting! The difficulty of the formulated response can be altered, in accordance with the perceived risk of an endpoint. Attackers will rapidly experience challenges with system availability as the complexity of the challenge escalates.