In my new report, Now Tech: Bot Management, Q4 2021, I discuss the ongoing scourge of bad bots and define the vendor landscape for bot management solutions. I chatted with my research associate, Isabelle Raposo, about this report over the course of the research process. This is the first time we’ve worked on a report on this topic together, so I got to explain it to her as we went. Here’s a peek into our conversations over the past few months of research:

Isabelle: “I followed a bot on Twitter that alerted me when COVID-19 appointments were available in my area this spring. That really benefited me, but how else do people use bots?”

Sandy: “Automated programs, commonly known as bots, can be used for good, such as search engine crawlers that improve your search results or the vaccine appointment bot you followed. Bad bots can take over accounts by trying stolen credentials or beat legitimate customers to desired inventory. The humans orchestrating the bot attack can then resell the spoils for a profit. Dramatic supply-and-demand fluctuations caused by the pandemic have provided prime opportunities for malicious bot traffic. Bots have spread COVID-19 misinformation and booked prized vaccine slots for resale.”

Isabelle: “What is bot management software exactly?”

Sandy: “Bot management solutions look at the traffic coming into an application and sort through it, blocking and misdirecting bad bot traffic so that legitimate human traffic can get through. They also manage good bots (bots coming from a partner, for example).”

Isabelle: “How is this related to those puzzles where I have to select the pictures that include bicycles to prove I’m not a bot?”

Sandy: “Those are CAPTCHAs, one of the ways developers try to identify bot traffic. Traditional CAPTCHAs have a lot of drawbacks, since bots rise to the challenge and can pass the test, while end users can get frustrated and might leave the application in a huff. An effective bot management solution takes the responsibility for proving they’re human off the end user by blocking bots without cumbersome extra steps, limiting the number of end users that face challenges and making those challenges lower friction.”

Isabelle: “What do bot management solutions do, other than identify the different types of automated traffic?”

Sandy: “Bots range from simple scripts that are easily identified to sophisticated programs that try to elude detection. Bot management solutions will not only identify all these bots but implement defenses that frustrate bot operators. They increase the cost of attacking that application, so it’s a less appealing target for attackers.”

Isabelle: “What separates different bot management vendors from each other?”

Sandy: “In this report, I separate the vendors by market presence and functionality. There are four different functional segments based on the stakeholders the solutions target as well as how bot management fits into their offerings as a whole. For example, vendors that offer a WAF (web application firewall) are in a different category from standalone bot management solutions. There’s also overlap between the segments in terms of specific functions like protecting APIs.”

Isabelle: “Does a bot management solution just help the security and risk team?”

Sandy: “Definitely not. The range of bot attacks — including credential stuffing, inventory hoarding, web scraping, and ad fraud — affects the security, fraud, e-commerce, marketing, customer experience, and executive teams. Part of what buyers should look for in a bot management solution is the ability to generate metrics and reports that all these stakeholders will find value in.”

To answer more of your questions about bot management, read the new Forrester report Now Tech: Bot Management, Q4 2021, or schedule an inquiry with me.

Cowritten with Isabelle Raposo