Threat Intelligence

Battling Bots Brings Big-Budget Blow to Businesses

Fighting off bot attacks on Web applications extracts a heavy cost in human resources and technology, according to a just-released report.

A new report carries the unsurprising news that battling botnet attacks is a way of life for modern business security teams — a way of life that carries heavy costs in both technology and personnel.

"The Critical Need to Deal with Bot Attacks," published by Osterman Research, surveyed more than 200 large organizations with a mean employee count of just over 16,000. All had externally facing Web applications with login pages and were actively working to prevent, detect, and remediate attacks against those applications.

According to the report, the average company surveyed suffers 530 botnet attacks each day, though some organizations see thousands of attacks each day, with some attacks probing millions of potential victim accounts every hour.

The numbers in the Osterman Research report broadly mirror those seen in other security reports issued in 2018. One example is Akamai's "Summer 2018 State of the Internet/Security: Web Attacks Report," which noted that many botnets follow a "low and slow" tactic of probing accounts in at attempt to remain undetected by automated systems, while others floor victims with probes in a strategy of overwhelming defenses and retrieving valued information.

In the face of recent attacks, such as that against Starwood/Marriott, in which the attack's "dwell time" inside the database was roughly four years, the average time to detect a botnet attack reported in the Osterman Research survey — 48 hours — may seem remarkably fast. Add in another 48 hours for remediation, and first attack to remediation is four days. In a public-facing Web application, though, that can mean four days of data exfiltration or four days of reduced application access due to a denial-of-service attack, depending on the nature of the botnet.

And keeping the response time as short as it is requires an organization to devote expensive, precarious resources to the battle. According to Osterman Research, most organizations — three in five — have no more than two staff members devoted to a botnet response, while only one in five devotes four or more staff members to the fight.

Each of those staff members is expensive, with the fully burdened cost of a bot-fighting security specialist averaging more than $141,000 each year. Each of those staff members is kept busy working with multiple pieces of equipment, as 91% report using a Web application firewall, 49% an IPS/IDS, 40% a SIEM, and lower percentages other technology in combination to combat Web attacks.

According to the report, the average organization now has 482 potential applications vulnerable to bot attacks and spends an average of 2,600 person-hours per year managing the threat. In the report's final section, on dealing with the threat, the No. 1 recommended activity is for an organization to understand the full cost of responding to bot-based threats to Web security so that appropriate steps can be taken to battle the automated attackers.

Related Content:

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Government Shutdown Brings Certificate Lapse Woes
Curtis Franklin Jr., Senior Editor at Dark Reading,  1/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: On the SS7 network, nobody knows you're a dog.
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6455
PUBLISHED: 2019-01-16
An issue was discovered in GNU Recutils 1.8. There is a double-free problem in the function rec_mset_elem_destroy() in the file rec-mset.c.
CVE-2019-6456
PUBLISHED: 2019-01-16
An issue was discovered in GNU Recutils 1.8. There is a NULL pointer dereference in the function rec_fex_size() in the file rec-fex.c of librec.a.
CVE-2019-6457
PUBLISHED: 2019-01-16
An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_aggregate_reg_new in rec-aggregate.c in librec.a.
CVE-2019-6458
PUBLISHED: 2019-01-16
An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_buf_new in rec-buf.c when called from rec_parse_rset in rec-parser.c in librec.a.
CVE-2019-6459
PUBLISHED: 2019-01-16
An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_extract_type in rec-utils.c in librec.a.