Imperva Cyber Community

communities_1.jpg
 View Only
Back to discussions
Expand all | Collapse all

LIVE - Ask Me Anything Advanced Bot Protection (ABP) on Community

  • 1.  LIVE - Ask Me Anything Advanced Bot Protection (ABP) on Community

    Posted 30 days ago
    Edited by Sarah Lamont 17 days ago

    Hello All,

    We are excited to announce that we will be running our first ever live Community Ask Me Anything (AMA) on Thursday May 29 at 16:00- 17:00 BST.

    The event will take place right here on the Imperva Cyber Community with our Security Analyst Services Experts, Atul and Stephen answering your questions on this discussion thread. So, make sure you like / follow this discussion thread to receive updates and reminders. 

    We will open the thread in advance to allow our global audience to participate but questions will not be addressed by our experts until Thursday May 29. The thread will be closed at 17:00 BST on that day so make sure you get your get your questions in before then. 

    You can find the recording of our recent ABP event with Atul and Stephen in the link below. Check it out and add your questions to this thread. Be sure to share with colleagues too...

    Advanced Bot Protection: Best Practices, Reporting and Live Mitigation

    Can't wait for the live event! See you there.


    #AdvancedBotProtection

    ------------------------------
    Sarah Lamont
    Digital Community Manager
    ------------------------------



  • 2.  RE: LIVE - Ask Me Anything Advanced Bot Protection (ABP) on Community

    Posted 24 days ago

    Hi Folks,
    In case you missed it, I've just added the recording from our last session with Stephen and Atul.

    We'd love to hear your questions for the team. Add them to this thread for the team to answer.

    Advanced Bot Protection: Best Practices, Reporting and Live Mitigation 



    ------------------------------
    Sarah Lamont
    Digital Community Manager
    ------------------------------

    Original Message


  • 3.  RE: LIVE - Ask Me Anything Advanced Bot Protection (ABP) on Community

    Posted 23 days ago

    Hi Everyone,

    I am very excited for tomorrow's Ask Me Anything! 

    Feel free to post your questions in advance so that we can make the most of the hour.

    See you tomorrow,



    ------------------------------
    Stephen Dickson
    ------------------------------

    Original Message


  • 4.  RE: LIVE - Ask Me Anything Advanced Bot Protection (ABP) on Community

    Posted 22 days ago

    Hi Everyone,

    I am very excited for the Ask Me Anything session 

    Feel free to post your questions in advance so that we can make the most of the hour.



    ------------------------------
    Atul Anvekar
    ------------------------------

    Original Message


  • 5.  RE: LIVE - Ask Me Anything Advanced Bot Protection (ABP) on Community

    Posted 22 days ago

    Hello.  We recently deployed ABP with Mobile SDK integration.  We have a couple of questions on the mitigations using the Mobile SDK.

    1) How can we determine which users/sessions are successfully using the Mobile SDK?

    2) Is there reporting to determine the percentage of users/sessions using the Mobile SDK?

    3) Can we report on the versioning of the Mobile SDK with our users/sessions?

    Thanks for your help.

    4) What steps can be used to specifically mitigate BOT attacks and use the Mobile SDK as a mitigating factor?



    ------------------------------
    Lloyd Ganus
    SVP, Architect IT Security
    BOK Financial Corporation
    Tulsa OK
    ------------------------------

    Original Message


  • 6.  RE: LIVE - Ask Me Anything Advanced Bot Protection (ABP) on Community

    Posted 22 days ago

    1. So if you look at our dashboard, verify the ABP field "client_platform", if this field has a value of 'iOS' or 'Android' then that request has SDK deployed. 
    2. Based on the same field you can create a report from the dashboard showing how much traffic is sourcing from iOS or Android that have SDK deployed.
    3. I dont think that is possible, our SDK versions are not published in the data.
    4. We have a condition specifically for Mobile SDK that checks for Validity and tampering checks for Mobile SDK, apart from this there are specific flags for jailbroken or rooted devices.



    ------------------------------
    Atul Anvekar
    ------------------------------

    Original Message


  • 7.  RE: LIVE - Ask Me Anything Advanced Bot Protection (ABP) on Community

    Posted 22 days ago

    Which dashboard has the "client_platform" field?



    ------------------------------
    Ayden Townsley
    user
    BOK Financial Corporation
    Tulsa OK
    ------------------------------

    Original Message


  • 8.  RE: LIVE - Ask Me Anything Advanced Bot Protection (ABP) on Community

    Posted 22 days ago

    The default dashboards dont have this field but you can click on "Explore Connector Access Logs" when you drop down the dashboard list, this will open a clean slate wherein you can add parameters. In that if you search for 'client_platform' on the left side, click on it and it will appear as a column. Then search for 'Count' under measures and click that to add as a column. When you run this, it will give you the count of requests for each client platform. Hope that helps



    ------------------------------
    Atul Anvekar
    ------------------------------

    Original Message


  • 9.  RE: LIVE - Ask Me Anything Advanced Bot Protection (ABP) on Community

    Posted 22 days ago

    Welcome everyone!! Our experts @Atul Anvekar and @Stephen Dickson are live waiting for your questions. I am going to kick it off with my own question...

    Atul / Stephen...

    Can you share the top resources that customers should refer to when using ABP    ?

    Thanks!



    ------------------------------
    Sarah Lamont
    Digital Community Manager
    ------------------------------

    Original Message


  • 10.  RE: LIVE - Ask Me Anything Advanced Bot Protection (ABP) on Community

    Posted 22 days ago
    1. First is our ABP dashboards - Review the "Traffic Insights" dashboards that will show how ABP is categorzing the traffic. Look at the 'Triggered Conditions' and verify the top conditions that are triggering. Then go to "Condition Analysis" dashboard and review the top sources.
    2. Second is to implement these conditions in CAPTCHA or Block, do monitor the traffic once the conditions are implemented.
    3. Third is to use the false positive investigation and the Allowlisting dashboards if you stumble upon a false positive. This can help them modify the condition or do additional allowlisting/exclusion


    ------------------------------
    Atul Anvekar
    ------------------------------

    Original Message


  • 11.  RE: LIVE - Ask Me Anything Advanced Bot Protection (ABP) on Community

    Posted 22 days ago

    Hi,  and thanks for hosting this AMA!

    I'm just wondering what signals does Imperva collect in their ABP to accurately determine that client is using browseruse?

    Thanks!



    ------------------------------
    Percy Smith
    Program Manager, Customer Success
    Imperva
    ------------------------------

    Original Message


  • 12.  RE: LIVE - Ask Me Anything Advanced Bot Protection (ABP) on Community

    Posted 22 days ago

    Hi Percy,

    Thanks for your question. To fully answer it, we'd need to look at the data to determine if the tool is self-identifying or if there are certain characteristics or properties we can use to identify it.



    ------------------------------
    Stephen Dickson
    ------------------------------

    Original Message


  • 13.  RE: LIVE - Ask Me Anything Advanced Bot Protection (ABP) on Community

    Posted 22 days ago

    Hey team,
    I had a customer question send directly to me to add to the thread.

    What is the difference between Triggered conditions vs Decided conditions. Is there duplication, like triggered eventually gets put in decided? 



    ------------------------------
    Sarah Lamont
    Digital Community Manager
    ------------------------------

    Original Message


  • 14.  RE: LIVE - Ask Me Anything Advanced Bot Protection (ABP) on Community

    Posted 22 days ago

    Triggered conditions will include all the conditions that the request triggered. The deciding condition will be the active conditions that caused mitigation. There is duplication, since a triggered condition can also be a deciding condition.



    ------------------------------
    Stephen Dickson
    ------------------------------

    Original Message


  • 15.  RE: LIVE - Ask Me Anything Advanced Bot Protection (ABP) on Community

    Posted 22 days ago

    From our last event...

    If we keep ABP in passive mode,     does it still count in ABP bandwidth utilisation?     



    ------------------------------
    Sarah Lamont
    Digital Community Manager
    ------------------------------

    Original Message


  • 16.  RE: LIVE - Ask Me Anything Advanced Bot Protection (ABP) on Community

    Posted 22 days ago

    Yes, all post-analysis requests, regardless of state, that go through ABP will be counted towards ABP bandwidth utilisation. 



    ------------------------------
    Stephen Dickson
    ------------------------------

    Original Message


  • 17.  RE: LIVE - Ask Me Anything Advanced Bot Protection (ABP) on Community

    Posted 22 days ago

    This is really great! My customers are looking forward to this session.

    One of my customer wants to know more about the conditions and asked the below question:  
    What is difference between passive/active and disabled conditions? 






    ------------------------------
    Thanks & Regards,
    Siddharth Sen
    Digital Program Manager- Customer Success
    ------------------------------

    Original Message


  • 18.  RE: LIVE - Ask Me Anything Advanced Bot Protection (ABP) on Community

    Posted 22 days ago

    Hey, thanks for the question. So any condition that is set to Disabled means that Imperva ABP is not going to log the request (keep a record) nor take any action on the request, a condition set to Passive means that Imperva will log that request (take a note of any violations/flags that were triggered on ABP) but not take any action on that request while a condition set to Active means that Imperva will log that request + also take an action on that request (captcha/identify/block depending on the directive that it is under) 



    ------------------------------
    Atul Anvekar
    ------------------------------

    Original Message


  • 19.  RE: LIVE - Ask Me Anything Advanced Bot Protection (ABP) on Community

    Posted 22 days ago

    As a followup to a previous question, I am unsure where to find the "client_platform" field in the ABP Dashboard area. Could you please specify which dashboard I need to look at?



    ------------------------------
    Ayden Townsley
    ------------------------------

    Original Message


  • 20.  RE: LIVE - Ask Me Anything Advanced Bot Protection (ABP) on Community

    Posted 22 days ago

    For the purpose of anyone reading this at a later date - Atul has answered this question in the thread above.

    Thanks so much for the question Ayden.



    ------------------------------
    Sarah Lamont
    Digital Community Manager
    ------------------------------

    Original Message


  • 21.  RE: LIVE - Ask Me Anything Advanced Bot Protection (ABP) on Community

    Posted 22 days ago

    How does ABP prioritize mitigation? 



    ------------------------------
    Sarah Lamont
    Digital Community Manager
    ------------------------------

    Original Message


  • 22.  RE: LIVE - Ask Me Anything Advanced Bot Protection (ABP) on Community

    Posted 22 days ago

    ABP will work in a top down fashion from the per-path policies to the Directives. Meaning you can tune your level of mitigation depending on the mitigation needs. We recommend to use Block or Tarpit on APIs and start with Captcha on your web pages. Please note that the conditions within the directive dont follow any order which means they all will be applied on any incoming requests which is why you see multiple conditions triggered on a particular request.



    ------------------------------
    Atul Anvekar
    ------------------------------

    Original Message


  • 23.  RE: LIVE - Ask Me Anything Advanced Bot Protection (ABP) on Community

    Posted 22 days ago

    Okay Community! That's a wrap for this live AMA thread.

    I'd like to thank Stephen and Atul for being so generous with their time. Also thanks to everyone who submitted questions for the thread. I am posting a little more info about the Security Analyst Services team below. If you'd like to know more, please feel free to reach out to Atul, Stephen or me for more information on their services.      

    Security Analyst Services team are a value-added service that is designed to provide dedicated operational support structured around phases of the attack lifecycle, along with best practices and ongoing guidance for managing the Imperva Online Fraud Prevention solution suite which includes Advanced Bot Protection solution.We provide you with expertise on web application security, traffic analytics, and platform design best practices. 

    If you have any further questions around ABP or any of our products feel free to open a new discussion at any time!

    See you soon!



    ------------------------------
    Sarah Lamont
    Digital Community Manager
    ------------------------------

    Original Message