Brainly slashes time spent on bot management by more than 90% with DataDome

Drastic reduction in time spent on bot-related problems

Fewer attacks, since the site is no longer an easy target

Safety for users’ personally identifiable information

Bot management Cyberfraud Scraping Tech platforms

Brainly is the world’s largest online learning platform. Brainly.com and its group of global websites connect high school and middle school students, as well as their parents, to both receive and offer help with homework problems and questions. The collaborative community is currently available in 35 countries, and welcomes more than 200 million users per month.

The Problem: Spam, Content Theft, Personal Data Protection, Time Allocation

Bill Salak took up the position of CTO at Brainly early in 2019. As he started to find his way around the company, it was becoming increasingly apparent that Brainly had a certain number of bot-related issues.

“I’ve been working in the industry for a long time, and everybody knows that the bots are out there and that we’re getting attacked all the time,” he says. “Brainly also has an army of community moderators, and they were constantly dealing with spam within the community, so it was obvious to me that we had bot traffic. However, I didn’t really know the scale.”

At first, the business owners didn’t appear too concerned about the problem… Until, one day, they did.

“I was asked to join a conversation about a spam attack in one of our markets,” Bill recalls. “When I looked into it, I found that we moderated content that we definitely don’t want our users to see. Most of our users are children, and this clearly wasn’t appropriate content for Brainly or for them.”

The spam itself wasn’t the biggest deal—what concerned Bill was how the volunteer moderator community responded to the event. At the time, Brainly’s standard way of dealing with spam attacks was simply to delete users who were posting spam. However, Brainly had recently started monetizing its product. Users were now paying for their accounts, and deleting them was no longer an acceptable option.

“That particular content spam attack was what raised the problem to my attention, but my main concern was still that we weren’t handling it efficiently,” Bill says. “As I started to dig into it, I realized that we had no visibility in terms of bot attacks on the site. We didn’t even know that they were happening until our content moderators reported them. It was just damage control. So I asked my team to start implementing instrumentation and tooling, so that we could get alerts and understand the scope of the problem.”

As is often the case, the more the team investigated, the more they found. For several months, they kept building additional instrumentation and tooling, which only exposed how big the issue really was and how many bot-related problems they weren’t addressing.

“It wasn’t just content spam, but other types of attack as well,” says Bill. “ For example, we knew that scraping was an issue, but we were completely unaware of the scale. We’d see that a competitor was beating us for a particular search result, and discover that they were doing it by stealing our content. So we’d issue a takedown notice, but it was all reactive. In fact, we had no idea how bad our scraping problem was until DataDome showed us, and it was quite a shock.”

The initial: “Hey, new CTO, take a look at this inappropriate content,” event had turned into a dawning realization that millions of bots were attacking Brainly’s products every day in every market. The team had uncovered a much, much bigger problem than a few thousand spam messages.

The Solution: Expert Bot Detection in a High-Traffic Environment

The team’s instrumenting and tooling did help generate early warnings, but the available responses to those warnings remained manual. While Brainly did experiment with some automated approaches, they were not effective.

“The only effective measure we were able to take was to have an actual human being look at the problem in real time and come up with a bespoke solution, such as implementing a firewall rule, to block that attack at that time,” Bill explains.

He realized that his team wasn’t going to solve the bot problem with “dumb” traffic monitoring solutions. What they needed was a solution that would be able to automate the analysis process that they had been undertaking manually.

The team first built an in-house solution which performed reasonably well, but the attacks kept evolving. The solution struggled to keep up, and it still required too much manual intervention.

“I started to look for a class of solutions which would be sort of adaptive—smart systems that could understand our traffic, learn from it, and evolve,” says Bill. “There’s not a huge number of players in that market, and of the ones that are there, not all are easy to implement or easy to work with. So our list became a shortlist pretty quickly.”

What were the key selection criteria?

“You have to play with many variables when you make a decision like that,” he says. “But efficacy was the number one thing. Did it work? Of course, you also consider factors like cost and ease of implementation, but if a solution doesn’t work well, you’d rather pay a little more or do the extra work to implement something that does.”

As it happened, DataDome won in the ease of implementation category as well.

“We use Cloudflare as our edge cache, and DataDome can be delivered as a Cloudflare app. So it was actually almost no work. In fact, I had personally turned on DataDome within five minutes of deciding that I wanted to do it. And I didn’t break anything! I did send out an email to the engineers and the product people telling them what I had done, and to look out for any unusual behavior, but I didn’t hear back from anyone. It worked great right out of the box.”

(Bill does acknowledge that he didn’t follow DataDome’s recommendation to add important partners to the “Allow” list before activating the protection. But he found out within an hour that he should follow the recommendation.)

The Results: Security, Time Savings, and Productivity Gains

Today, the Brainly team considers their protective measures to be above market standards. But how exactly do they measure project success?

“I measure it on being able to do other things,” Bill smiles. “If bot-related problems had continued to consume a third to a half of my day, like they did during the last half of 2019, then I would have said that the tool wasn’t meeting my needs. But the fact is that I don’t pay much attention to these things anymore, other than looking at the email that comes in every morning.”

In the early days of using DataDome, the daily email reports helped Bill assess the scale of the bot problem and check that the solution was working as expected. Today, he trusts DataDome, but he still likes to review the reports.

“Now, they are most interesting to me when the numbers aren’t high,” he says. ”DataDome typically blocks millions of requests every day, so when the numbers are lower, I want to investigate what happened the day before. Not what DataDome did, but what changed in our traffic so that we weren’t attacked as much as I expected us to be. But for the most part, bot problems no longer exist for me.”

Bill isn’t the only one who is now able to dedicate more of his time to other subjects. His team members enjoy the same benefit.

“Before DataDome, we had somewhere between three and four people who spent at least half their time on bot-related problems,” he estimates. “Now, we spend maybe the equivalent of two work hours a week across the whole company.”

Indeed, the DataDome solution is designed to run on autopilot, with little to no intervention required on part of the users.

“From that perspective, it means a lot,” Bill continues. “Like most companies, we pay for all kinds of productivity tools. DataDome has enabled us to make these considerable productivity gains, even though the primary purpose is something else. We have better security AND we have taken back some of our time, and that’s huge for us.”

He adds that different kinds of project success metrics can be found within the DataDome dashboard itself.

“For example, if we observe the scraping attacks that have been stopped, these numbers mean real things for us,” he points out. “Preventing a scraping attack means protecting our content, which means we maintain our market position.”

The same is true for keeping Brainly’s users safe. When a credential stuffing attack is stopped, it translates into keeping real people safe from harm. Thanks to the DataDome bot protection solution, Brainly’s login form didn’t involuntarily contribute to compromising their username and password combinations.

In closing, is there anything else Bill thinks a potential DataDome buyer might want to know?

“Brainly is a very large-scale traffic system. There aren’t a lot of products that deal with as much traffic, and as many users, as we do,” he says.

“Our experience is that the DataDome solution is smart enough to figure out how to protect us efficiently, even though the sheer volume of our traffic makes it kind of look like bots. That was actually a challenge for everything else we looked at: all our traffic resembles bot traffic at scale. So if DataDome works for us, it’s very likely going to work for anyone with a similar product.”