Opens a new window
Over the past four weeks, Derek E. Brink has been sharing some projects from his work at Aberdeen Strategy and Research that illustrate how artificial intelligence (AI) and machine learning (ML) technologies have already been leveraged for several years now by leading cybersecurity providers. This is Part V of the six-part series and focuses attention on bad bot detection and mitigation by leveraging AI/ML tools.Â
To help demonstrate the widespread use of AI/ML-enabled cybersecurity capabilities, the focus of the six-part series has been to choose examples from a diverse mix of the following solution categories:
- Endpoint detection and response (EDR),Â
- Email security,
- Managed detection and response,
- Insider Risk
But why stop there? Our research and analysis on the business benefits of bad bot detection and mitigation services go back to July 2016 (see Bad Bots, Good Bots, and Humans: Quantifying the Risk of Bad BotsOpens a new window ). More recently, Aberdeen’s October 2021 project on Quantifying the Impact of Bad Bots on eCommerce Merchant ProfitabilityOpens a new window helps to illustrate why the application of AI/ML-enabled technologies has become an essential element of managing security risks for web-based applications:
- eCommerce merchants well understand that not all visitors to their websites are human. That is, they know that a significant percentage (more than half!) of their website traffic consists of bots — small, purpose-built software programs designed to perform automated, repetitive, well-defined tasks at Internet speed and scale.
- Many bots are considered essential to their success — for example, the web crawlers that find and index an eCommerce website’s content, making it easier for human visitors to discover and purchase the goods and services that interest them.
- Other bots, however, represent growing problems for eCommerce merchants, and their negative business impact has not been very well understood. For example:
-
- Credential stuffing and account takeovers as a means to execute fraudulent purchases and other types of financial fraud;
- Website scraping to automate the gathering of competitive data such as product descriptions, suppliers, pricing, and inventory levels; and
- Web browser extensions, particularly those that lead to lower conversion rates and lower order values for legitimate online shoppers. These negative outcomes can also be caused by bots that are designed to gobble up limited quantities of products or tickets being offered in a “hype sale,†for resale at high markup.
4. Based on its primary research in several popular retail categories involving physical goods, Aberdeen’s analysis estimated that 75 to 80% of eCommerce operational costs (e.g., the cost of website infrastructure, website marketing, and checkout fraud) are negatively impacted by malicious bots. In terms of overall eCommerce merchant profitability, this represents a material — and growing — business problem!
5. Aberdeen’s further analysis estimated that advanced bot detection and mitigation services — which leverage AI and ML technologies to detect, protect, and respond to bad bots more quickly — can reduce this negative impact by more than 50% at times of peak bad bot traffic, as shown in the following chart.
Advanced Bot Detection and Mitigation Services Can Significantly Reduce eCommerce Operational Costs
Â
Source: Monte Carlo analysis includes empirical data for blocked bot traffic and checkout attacks adapted from PerimeterX Automated Fraud Benchmark Report (E-Commerce Edition) 2020; Aberdeen, October 2021
The most important takeaway here is that modern AI/ML-enabled bot detection and mitigation services are providing the next level of technical capabilities for web application security — which in turn contribute directly to the ultimate business objective of preserving and protecting eCommerce merchant profitability. Said another way: We tend to get caught up in the technology enablers (the “what, and howâ€), but we should always keep our focus on the business outcomes (the all-important “so what, and whyâ€).
Next week, I’ll wrap up this six-part series on the natural fit between cybersecurity and AI/ML — after which my colleagues and I are eagerly looking forward to sharing our key findings and insights from Aberdeen’s new research study on AI in the Enterprise: The State of AI in 2023.Â
Are you enjoying this series on the undeniable codependence of cybersecurity and AI/ML? Share your thoughts with us on FacebookOpens a new window , TwitterOpens a new window , and LinkedInOpens a new window . We’d love to hear from you!
Image Source: Shutterstock