Learn all you need to know about email best practices, deliverability, and tools with email whitepapers and ebooks.

Issue link: https://hub.dyn.com/i/1119883

Contents of this Issue


Page 49 of 57

just you. They can even detect bot traffic that is operating in "low and slow" mode, avoiding detection by accessing the target web application infrequently and from a range of IP addresses designed to look innocuous. These services also have ways of challenging potentially suspicious traffic, while not disrupting service if the traffic is legitimate. One way that sites manage this type of behavior is through the use of CAPTCHAs, which are little challenges that are designed to distin‐ guish human from bot. If you have ever seen the question, "How many of these pictures have traffic lights?" or "How many images contain cars?" you have experienced a CAPTCHA challenge. Unfortunately, bots are getting very good at solving CAPTCHAs— some bots are better at it than a lot of people. Rather than relying on faulty CAPTCHAs to distinguish humans from bots, bot manage‐ ment services will try JavaScript challenges and other methods of querying the browser to make that distinction. Because bots don't have full browsers behind them, they almost always fail these types of challenges. Bot management services can significantly reduce the amount of malicious bot traffic that reaches your web application. Cloud-based bot management services can be quickly deployed across a multi‐ cloud architecture, and you can easily add or remove them as you scale up or scale down services within the multicloud environment. API Protection In Chapter 3, we discussed the importance of APIs in a multicloud architecture. APIs are used to connect all of the disparate services running in a multicloud environment and are critical for getting information from one source to another and presenting it in a uni‐ fied manner to an end user or client. This is why API protection is so important. Attackers have become wise to the fact that APIs can provide them with a treasure trove of sensitive information. As a result, these bad actors are constantly looking for ways to exploit APIs, including the use of bots. API protection technology encompasses a number of different areas: • Limiting who or what can access APIs • Limiting how much data can be retrieved at any one time 44 | Chapter 4: Multicloud Security Use Cases

Articles in this issue

view archives of eBooks - OreillyMultiCloudFinalEBOOK