Almost 50% of Company Network Traffic Comes From Bots!

Network traffic in companies is generated by bots almost as much as by humans, shows a recent study. As bots become more sophisticated, they bypass the security challenges in place.

While there are good bots, the bad ones are present in larger numbers and they can impact overall performance and metrics as well as security.

Plenty of automated traffic

Telemetry data from cybersecurity company Radware provides insight into the source of traffic on customer networks, identifying the automated threats as generating 45% of the traffic.

Not all came from bad bots, but the discrepancy is significant, as good bots accounted for just 17%, while bad ones covered the rest of 28%. This leaves 55% for the human-generated traffic.

Looking at the origin of the bot traffic, Radware observed that Amazon’s cloud service was the top, with 63%, followed by services from OVH with 23%, and from Microsoft with 6%.

Unwanted traffic

Radware observed bad bots of various sophistication levels running on its customers’ networks.

The most prevalent are bots from the “headless browser” category, representing the second generation in bot evolution. Their share of the bad traffic is 46% and they can store cookies and run JavaScript code.

Bots that try to mimic human interaction through simple mouse movement and keystrokes account for 23% of the unwanted traffic. These represent the third evolution step and “may fail to demonstrate humanlike randomness in their behavior,” Radware says.

Distributed bots, considered the most sophisticated of the bunch, adopt a more realistic human-like pattern movement of the mouse. They can also rotate through thousands of user agents, to imitate traffic from different users.

Their presence was the lowest on the networks of Radware customers, accounting for 15% of the bad bot traffic.

These automated threats target organizations in some industry verticals more than others and real estate, media and publishing, e-commerce, and classified advertising are among them.

Available below is a breakdown of the bad bot traffic seen in companies from these industries and the interest of the attacker. A constant for all of them, though, are login and signup pages.

Organizations fighting bad bots should distinguish them from the good bots. While executives and IT professionals in charge with network security may believe that their company can spot and classify bot-generated traffic, the reality seems to contradict them

These tools improve constantly to pass as humans using different devices. More, false positives from security solutions may pin good traffic to bad bots and vice-versa.

By Ionut Ilascu