Free Trial Instantly Reveals Attacks Missed by Other Bot Management Providers

Being targeted by scrapers and credential stuffing bots, an e-commerce wholesale retailer (we’ll call them “WholesalerA”) quickly deployed a well-known bot protection system. But to the team’s disappointment, they soon realized that sophisticated attacks were still easily bypassing the software they had chosen.

“As a security person, my main concern with bot traffic is the threat of account takeovers. Of course, we also need to protect dynamic prices and other web real estate from scraping… But for me, the key is to protect our customer accounts, and to prevent fraudulent credit card transactions, chargebacks, loss of inventory, and things of that nature.”

– Security Team Member at WholesalerA

The popular bot protection system launched by WholesalerA eliminated some of their scraping issues, along with managing basic credential stuffing attacks. But fraudsters were using advanced techniques and evolving bot technology to easily bypass the tool, which was no match against the advanced attacks hitting the retailer’s endpoints.

Back to the Drawing Board: Testing Alternative Bot Protection

After a thorough search for bot protection alternatives, WholesalerA’s security team launched a free trial by simply installing DataDome in monitoring mode in front of their existing tool on Fastly. DataDome’s server-side modules are built to make it very easy to run side-by-side comparisons with other bot protection tools.

“DataDome’s technology is very good. When a new version of Puppeteer came out, DataDome caught it right away. I also liked the user interface better than any other competitors we looked at. Finally, performance is key for us, and DataDome delivered just the right mix of blocking technology, performance, and price.”

– Security Team Member at WholesalerA

A side-by-side comparison on WholesalerA’s actual live traffic revealed to the security team that DataDome was detecting bots that were bypassing their alternative bot protection. During the trial, DataDome quickly detected an ongoing credential stuffing attack—which was confirmed when WholesalerA discovered unusual activity in their logs.

The results were compelling. DataDome’s dashboard displayed the credential stuffing attack in real time, as shown below, but the other tool detected nothing.

The Value of Switching to Advanced Bot & Fraud Protection

Today, DataDome protects both WholesalerA’s website and its mobile apps from bot-driven threats and fraud. The security team particularly appreciates the responsiveness of DataDome’s threat researchers.

“The threat intelligence team is excellent. They understand that a lot of this is about speed. When we have an attack, or a spike in bot traffic, the first hours are critical. DataDome tends to remediate zero-day threats rapidly.”

– Security Team Member at WholesalerA

During the Apache Log4j security crisis, DataDome responded instantly.

“That was huge! The DataDome threat research team had detection for Log4j within something like 24 hours, without being prompted. As a security person, I can’t tell you how fantastic that was. We weren’t actually affected by the vulnerability, but we had the protection there right away.”

Reclaiming the Team’s Time

According to a  Forrester Consulting study commissioned by DataDome, the top internal impact of bot and online fraud attacks on organizations is the cost of employee hours spent manually mitigating attacks. Spending hours on bot mitigation steals time and focus, and often leads to employee burnout and frustration. Thus, in addition to keeping WholesalerA’s customer data safe, a benefit from switching to DataDome was the return of the security team’s time to making progress on other key areas.

“For several months, there were zero internal alerts and nothing to do. I would just get the DataDome attack notifications, log into the dashboard, and see the attacks being stopped… So yes, DataDome is a tremendous time saver.”

– Security Team Member at WholesalerA