Top-Tier E-Commerce Slashes Bot Traffic By 80% With DataDome

The Problem: Bots threatening the group’s brand image & data security.

The group’s CISO oversaw the implementation of the DataDome solution several years ago. 

At the time, the company had no anti-bot solution, only a WAF with denial of service protection. As bot attacks became more frequent, more extensive, and more distributed, the cybersecurity team could no longer manage them manually with these tools.

For the CISO and his team, the main focus was on credential stuffing attacks, or account takeover attempts. The group’s high profile made it a prime target for hackers, and the repeated attacks threatened not only the security of user data, but also the company’s brand image.

As a result, the CISO and his colleagues spent a lot of time analyzing the attacks, recovering from them, and notifying customers.

“All of this was quite costly in terms of resources,” the CISO told us. “Analyzing the logs was already taking us an hour each day. And if an attack were to occur, along with the corresponding recovery plans and communication, it could easily take up to two or three hours a day, if not more.”

At the same time, the sales team wanted to better identify the bots that were targeting the group’s sites. Their content was regularly being retrieved by parties with whom the group had no commercial relationship. On the business side, there was a need to preserve the content for the various sites, proactively rather than reactively.

The Solution: Very simple management, detailed reports.

Even though their WAF had an anti-bot option, the cybersecurity team ultimately decided to get help from DataDome. 

“We liked the simplicity of the DataDome tool,” says the CISO. “DataDome offers a level of quality that we did not find in competing solutions. The tool’s ease of use and day-to-day management was an important factor in our decision.”

The dashboard certainly revealed some surprises. Nearly 80% of the traffic on the group’s main site was generated by bots! Other sites also had a high level of automated traffic, often in the range of 40-50%. 

The team appreciates the detailed categorization of these bots in the DataDome dashboard. It is important for them to be able to identify and monitor activity from its partners and from bad bots alike. DataDome was the only tool tested that categorizes bots with a high degree of accuracy.

“DataDome allows us to carry out very fine-grained querying, with a level of granularity we haven’t found anywhere else,” the CISO attests. “It is also very easy to use, whether for researching attacks or for business activity. In the past, we had to analyze our logs, but that requires special skills and uses the time of qualified staff members. DataDome’s ease of use lets all profiles see what is happening.”

The Results: Protected data, controlled risks.

For the cybersecurity team, the main KPI for measuring the project’s success was the reduction in credential stuffing attacks. And the results are in! Since the implementation of DataDome, the percentage of bad bots on the sites declined over a period of months. This protection is discouraging for the many bot operators out there. Attacks were being blocked, so they were no longer profitable for hackers.

Prior to the DataDome implementation, bad bots represented almost 80% of the top site’s traffic. Today, it’s less than 15%.

When it comes to credential stuffing attacks, it is clearly a success. We have so much more peace of mind now,” says the CISO. “The same goes for the risks to our brand image. It’s hard to quantify, but protecting our brand is a top priority.”

Anti-bot protection has also freed up the team’s time for other strategic projects. Some SOC members check the DataDome dashboard on a daily basis, but mainly for monitoring. Most of the time, no action is needed.

Finally, the CISO appreciates the follow-up that all DataData customers receive. “We have a close relationship with our technical contact, and we love how accessible and responsive the teams are,” he notes.