Cutting-Edge Bot Detection Capabilities & Unparalleled Dashboard Features: Discover DataDome 5.0
The entire DataDome team is excited to share the release of DataDome v5.0!
In this latest version of the world’s only full SaaS bot detection solution, we have boosted our artificial intelligence (AI) detection capabilities and made a host of other upgrades to our detection engine and our dashboard. Your websites, mobile apps and APIs are safer from bot threats than ever before.
Discover what’s new in your favorite bot protection solution!
Summary
State-of-the-Art Bot Detection Capabilities
- Enhanced event tracking.
- Behavioral detection tailored to your business.
- Stronger defenses against credential stuffing attacks.
- JavaScript tag improvements.
- Enhanced detection of “bot-as-a-service” apps and tools.
- Improved detection on mobile applications.
State-of-the-Art Bot Detection Capabilities
Our R&D team works hard all year to make sure that the DataDome detection engine stays a step (or two) ahead of bot operators and hackers. Incremental updates to our algorithms are released almost daily, which means that as a user, you get upgrades on a regular basis instead of bulk changes with each new version.
The release of v5.0 is a great opportunity to recap the main enhancements we have made to our detection engine over the last few months.
Because the architecture of our solution enables you to run DataDome behind any of our main competitors’ products, it is easy to make side-by-side comparisons. We have been chuffed to witness how our detection engine catches bots that our competitors let through—including on a US Alexa Top 50 site, which is now a DataDome customer.
If you are currently using another bot detection solution, we invite you to set up a free 30-day trial of DataDome and compare the detection quality of the two solutions for yourself. It takes only a few minutes to set up, and we don’t ask for a credit card.
Enhanced event tracking:
To efficiently detect and deflect all malicious bots, even the most sneaky and sophisticated ones, the DataDome solution analyzes 100% of all requests to our customers’ web servers to determine the users’ intent. For the purpose of this analysis, we track a great number of events tied to every single request.
In version 5.0, we have added even more different types of events to our roster in order to stay ahead of the latest technologies and tactics used by bad bots.
A word of caveat is in order here. Some of our competitors boast of tracking a very large number of “signals”. But since there is no universal definition of what exactly constitutes a signal, it is impossible to make apple-to-apple comparisons of different vendors’ detection quality based on such numbers.
Let’s just state that DataDome tracks every single event, for every single request, that we consider even remotely useful for bot detection. There are currently no signals that we do not track which we believe would improve the accuracy of our detection. (Of course, the technology landscape keeps evolving, and we continue to improve our event analysis with new elements as they appear.)
Behavioral detection tailored to your business:
Bad bots are everywhere, but there are subtle differences in the way they target different businesses and different applications.
With DataDome 5.0, we have introduced a set of new and refined machine learning models that will tailor the detection algorithms to the specific characteristics of your business logic and your traffic.
Simply put, our detection engine is constantly improving its understanding of what normal traffic patterns look like for your login page, your mobile application, your API, etc. As a result, it also gets better and better at detecting anomalies.
We are using a machine learning approach that enables our algorithms to accurately detect bots even as those bots change their behavior to bypass the protection.
Our detection engine must not only detect malicious bots; it must also enforce the right response once a bot has been identified. And of course, all this resource-heavy analysis, detection and response activity must not be to the detriment of site performance.
We are rather proud to have successfully brought together real-time prediction and optimum performance: our models can now handle both prediction and attack response in approximately 3 milliseconds on average.
Stronger defenses against credential stuffing attacks:
Credential stuffing is one of the potentially most devastating bot threats, and over the last few months we have observed exponential growth in this type of attacks. In our development efforts, we have therefore paid particular attention to login page protection.
Because the bots that perpetrate credential stuffing attacks are increasingly stealthy, we are constantly refining our algorithm to adapt it to this growing threat. With DataDome 5.0, we have further leveraged the power of machine learning to detect suspicious behavior on login pages with even higher accuracy.
Normal traffic to the login page has always been classified with endpoint-specific machine learning models, but these need to constantly evolve. So over the last few months, we have added hundreds of additional signals that are specific to login pages, in order to perfect our detection capabilities and block credential stuffing attacks before they happen.
Learn more: Behind the scenes of a massively distributed credential stuffing attack
JavaScript tag improvements:
Bad bots are getting better and better at imitating human traffic. The most recent generation of bots is using (almost) the exact same technologies as humans, such as Chrome Headless.
In addition, they actively lie about their fingerprints by using frameworks such as the Puppeteer extra stealth plugin, Puppeteer Theater, and Headless-cat-n-mouse. Certain open-source projects are developed for the sole purpose of making bots undetectable.
The JavaScript tag is a key element of our detection engine which is particularly useful for identifying these advanced bots. Combined with the the server-side module, it helps the DataDome algorithms understand how and by whom JavaScript is executed on your website.
In DataDome 5.0, we have enhanced the JavaScript tag with more than 100 new signals. This helps us to stay a step ahead of bots that lie about their fingerprint, to detect Selenium bots that fork or change the web driver to avoid detection, and to detect new types of bots such as Playwright.
We have also improved the JavaScript tag’s performance, so that it’s now just as invisible as any Analytics tag.
Enhanced detection of “bot-as-a-service” apps and tools:
Scraping online content, launching a credential stuffing attack, or committing ad fraud no longer requires any coding experience. A fast-growing number of players now offer no-code bot builders which everyone and their dog (well, almost) can harness for various nefarious purposes.
Examples of such solutions include
- browser extensions
- desktop apps
- scraping-as-a-service offers.
Many of these offers also include residential IP proxies and IP rotation as part of the package.
In DataDome 5.0, we have further enhanced the detection of these tools and services. For example, to optimize the detection of malicious browser extensions, we now collect more than 50 additional signals from your visitors’ browsers.
We have also created specific models for the individual fingerprints of all the most popular such apps and services, so that we can detect them as efficiently as possible.
Improved detection on mobile applications:
As more and more companies implement a bot management solution to protect their websites, many bots are turning to mobile app APIs instead. Unfortunately, these APIs are often rather neglected from a security point of view.
To protect this specific endpoint, the DataDome SDKs track user interactions inside your mobile apps (only when they are being used), and send them to the DataDome API. Combined with technical criteria, these behavioral data help our algorithms determine whether the user is a human or a bot.
With DataDome 5.0, our AI detection engine now gets input from even more sensors than before. As it is also analyzing data from a vast and quickly growing number of devices, the algorithm is constantly optimizing its detection accuracy on mobile app APIs.
Furthermore, the latest versions of our SDKs have an even smaller footprint and are even easier to install.
We have also launched a new React Native SDK, which makes it quick and easy to add bot protection to mobile applications built with React Native.
We’d love to tell you much more about all of the above enhancements, but we’d rather keep bot developers in the dark about how we unmask them. ? If you are a DataDome customer and you are curious about the finer details of our detection processes, do feel free to reach out to our customer success team with your questions.
New Responses: Timeboxing & Rate limiting
DataDome offers a comprehensive set of attack responses that you can use to fine-tune access to your different endpoints, especially for partner bots.
Timeboxing
The Timeboxing feature allows you to fine-tune the responses that are applied to the traffic reaching your endpoints, based on the specified time. With a few simple settings, you will be able to control when to allow and when to block the traffic matching a chosen Custom or AI rule.
For example, if you allow all of your known technical partners and good bot traffic only during the night, you make sure your infrastructure resources are reserved for human visitors during the day.
Learn more: Introducing the Timeboxing feature.
Rate Limiting
The Rate limiting response allows you to block selected traffic based on the number of hits it generates during a specified time period.
Traffic from a bot you have attributed this response type to will be allow-listed as long as the volume stays below your defined threshold. The moment the number of hits exceeds your threshold, the blocking response (Captcha or Hard Block) is triggered.
Learn more: Introducing the Rate Limiting feature.
Dashboard Improvements
The DataDome dashboard enables you to manage your bot traffic with unparalleled autonomy and flexibility. Here is a summary of the most important changes to the user interface.
Create & Edit Endpoints
Admin users can now easily create and edit new endpoints in the dashboard.
In the Management section of the dashboard, you will see a list of suggested endpoints to add (such as an API or an RSS feed). But DataDome also supports regular expressions, so that you can create more flexible definitions for endpoints.
For example, if you want to create an endpoint for a pre-production platform, you can use a regular expression to add the desired domain.
CAPTCHA Customization
Admin users can now easily customize the CAPTCHA response page via the dashboard. Company logo, button colors, and copy can be changed in just a few clicks, so that the CAPTCHA page matches the look and feel of your website or mobile app.
The “CAPTCHA statistics” graph on the dashboard homepage has also been improved to provide better visibility of solved CAPTCHA events (false positives). CAPTCHA statistics can now be filtered by endpoint.
Bot Traffic Industry Benchmark
We have also introduced an industry benchmark feature. On accounts where the DataDome protection is not activated (primarily free trial users), the dashboard now includes a graph that shows the current ratios of bad bot, commercial bot, and good bot traffic to the website, compared to an industry benchmark.
Seeing how their bot traffic compares to that of similar businesses provides free trial users with valuable context when they evaluate the severity of automated threats to their website.
Learn more: Bot traffic benchmark: how do you stack up against your peers?
Two-Factor Authentication (2FA)
The two-factor authentication feature adds an extra layer of protection to the dashboard’s authentication process. When 2FA is enabled, the user is asked to provide the second-factor code, in addition to the standard username and password authentication, when logging in.
We currently support mobile applications, such as Google Authenticator, for the second-factor codes.
Learn more: Two-factor authentication adds extra security to the DataDome dashboard.
New Validation Logic for Custom Rule Creation
We have also added a new layer of query validation when custom rules are being created. We display exhaustive validation messages in case the user creates an incorrect query, which facilitates the rule creation process by providing detailed explanations of what needs to be corrected.
22+ points of presence worldwide:
We would also like to take this opportunity to share that we have established four additional points of presence:
- Bahrain
- Finland
- Hong Kong
- Wyoming
This brings our total points of presence to 22. No matter where you are, a DataDome endpoint is never far away, and the latency between our API servers and our customers’ servers is infinitesimal.
Learn more: Our regional endpoints.
Related posts
Introducing Priority Protect: The Only Virtual Waiting Room Built for the Agentic Era
Tell me more
Agent Trust at DataDome: The AI Control Plane for Managing Your Agentic Traffic
Tell me more
Secure FastMCP with Datadome native (first ever) integration
Tell me more
DataDome Releases VM-Based Obfuscation: The Next Evolution in Client-Side Detection Security
Tell me more
