Under Attack?
Search
Menu

Minimizing False Positives with Radware Bot Manager

By Amrit TalapatraMay 24, 2023

A primary concern for most customers in search of an anti-bot product is how to keep false positives in check. A seamless experience is expected when using any application. The anti-bot product cannot negatively affect the user experience (UX). CAPTCHA/Block is one of the more common mitigation options anti-bot vendors provide. However, it often negatively affects UX, leading to a drop in traffic from authentic, legitimate users. That’s why it’s critically important to manage false positives. Being able to do it successfully is a key differentiator for bot management vendors.

The following provides details on what false positives are and how they are successfully managed by Radware Bot Manager.

What are False Positives?

False positive (FP) is commonly used terminology in the security industry. It means that legitimate entities are wrongly identified as malicious. For example:

  • A human is wrongly identified as a bad bot.
  • An important system file is wrongly identified as malware.
  • An important email is incorrectly added to the spam folder.

Causes of False Positives

A bot management solution identifies bots (good and bad) from actual humans accessing an application. The key differentiator of any bot management solution is accomplishing this quickly and accurately. Radware Bot Manager employs a robust detection engine that accurately identifies bots, which greatly minimizes false positives. But as with any bot management solution, false positives can happen. Here are some of the more common reasons for false positives:

  • Sophisticated, human-like behavior in bots. Bots have become extremely sophisticated and can mimic human-like behavior. For example, a bot can be created to scroll through a web page just like humans do, even replicating mouse movements and clicks. This makes it difficult to differentiate bots from humans.
  • Unrefined Policies. Unrefined policies in the rule engine may lead to erroneously flagging good users as potential threats. Conditions added to a policy need to be refined for accurate detection.
  • Aggressive detection settings. Security tools are sometimes configured to be overly aggressive if, for instance, the bot protection approach focuses more on reducing false negatives than false positives. Often detection settings are left in an aggressive state due to not understanding the anti-bot tool’s capabilities.

Handling False Positives with Radware Bot Manager

The Radware Bot Manager detection engine is highly robust and our continued focus on enhancing it ensures that the accuracy of detecting bots is very high. With our strong server-side and client-side detection capabilities, Radware Bot Manager closely tracks and identifies bad bot behavior from human behavior. With Radware’s strong focus on machine learning (ML)-based automated detection, the bot detection accuracy is very high and greatly minimizes false positives.

However — and as is the case with any anti-bot solution — false positives do occur. The key differences are how Radware Bot Manager handles these false positives and our continued refinement of the solution. It’s truly what makes Radware Bot Manager a game-changer in the market.

False positive feedback can be received from either the CAPTCHA/Block pages or by using the self-service options on the Radware Cloud Services Portal. Both feed intelligence into our engine, which makes it more accurate and minimizes false positives more and more over time. That’s the machine learning at work. Below are key elements that highlight this approach.

Automatic adjustment of thresholds based on false positive feedback

Radware Bot Manager incorporates several, self-learning ML modules in its technology stack that track the false positive feedback through the solved Captcha requests. It then automatically adjusts policy thresholds. This ensures the engine gets more accurate because it learns and incorporates feedback, which ultimately minimizes false positives and false negatives. And, of course, it keeps getting better and better at this over time.

False Positive limit breach and automated disabling of policy

The Radware Bot Manager engine automatically disables protection policies that are not performing well or have caused a sudden spike in false positives. An acceptable false positive limit is defined for each policy and breaching it means that the policy automatically gets disabled and all associated signatures are removed from the system. This illustrates how the use of automation handles false positives. This feedback makes the system considerably more robust, keeps false positives at a minimum and gets better at detecting them over time.

Automatic unblocking of end users due to a false positive incident

When a false positive is detected, legitimate users can unblock themselves by simply providing false positive feedback directly from the CAPTCHA/Block page. This option is available on all Radware Bot Manager-rendered CAPTCHA/Block pages. It ensures that the source signature is removed from the system and the end user can access the application. All of this happens without manual intervention from the Radware support team because false positive incidents are addressed immediately. This automatic unblocking also acts as a feedback loop for the bot detection engine, which helps ensure false positives are continually minimized over time.

Self-Service capabilities from the Radware portal

In addition to the previously listed features, customers can also take quick, self-service action(s) and address any false positive incidents reported by end users. All requests to Radware Bot Manager flagged as a bot are available for analysis on the Radware Cloud Services Portal. Customers can choose to drill down on the specifics of the event using several granular refinements to help identify the root cause of the security event. This helps customers analyze end-user intent on their application. If the intent is not deemed to be malicious, the specific signature can be unblocked from the portal without the need to reach out to Radware’s support team. This re-allows the end user to access the application.

Customers can also choose to go beyond the conventional method of signature deletion by creating their own custom policies to manage false positives. This capability is also available from the Radware Cloud Services Portal. It allows customers to add policies with different parameters and define actions to be taken if conditions are met. So, for example, bot manager customers can allow requests coming from a particular source if they don’t want it to be tagged as a bad bot in the system. It’s yet another way to ensure false positive incidents are minimized.

Conclusion

Radware Bot Manager is an extremely robust and flexible solution. Its key, industry-leading strength is the accuracy of the bot detection engine in determining false positives and keeping them at a minimum. Also, there are multiple ways to receive false positive feedback. And because Radware Bot Manager continually fine-tunes its bot detection engine, it gets better each and every day.

For More Information

If you’re wondering how prepared your organization is to fend off bad actors, take advantage of Radware’s free online security assessments. There are 2 assessments that will let you know how protected your organization is from malicious bots. And feel free to reach out to the talented and tenured Radware cybersecurity experts. They would love to hear from you.

Posted in: Application ProtectionTags:

Amrit Talapatra

Amrit Talapatra is a product manager at Radware, supporting its bot manager product line. He plays an integral role in helping define the product vision and strategy for the industry leading Radware Bot Manager. With over 10 years of experience in the security and telecom domain, he has helped clients in over 30 countries take advantage of offerings from the ground up. He holds bachelor’s and master’s degrees in computer applications.

Related Articles

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Contact Us Now

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Locations
Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

CyberPedia

An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

CyberPedia
What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Blog
Security Research Center
Close

What are you looking for?