Radware uses blockchain technologies to prevent bots
Radware revealed this week that it added blockchain technologies to its Bot Manager platform to thwart attacks designed to evade fully automated public Turing tests to tell computers and humans apart — better known as CAPTCHA challenges.
Dr. David Aviv, CTO of Radware, said that while a CAPTCHA challenge can be an effective way to determine whether an application is being accessed by humans, bots accessing application programming interfaces (APIs) can easily bypass this approach.
Radware’s blockchain technologies require any endpoint to establish a virtual identity by downloading a lightweight micro-cryptominer to access an application or API. Radware is then able to use algorithms to collect metrics between endpoints and applications via an Ethereum-based blockchain ledger distributed in the cloud. That ledger establishes intent by tracking legitimate “proof of work” on the endpoint created by the microcryptominer every time that endpoint interacts with an application or API and establishes a level of trust, Aviv said.
A zero-trust approach to security means that if an endpoint attempts to access resources outside the scope of policies defined by an IT team, that endpoint is considered untrusted. Any further access requests will be blocked by the Bot Manager platform, Aviv said.
In fact, Radware uses blockchain technologies to apply gamification techniques and track behavior to better prevent sophisticated bot attacks without impacting application experiences, he added.
Radware reported that between 2021 and 2022, research showed a 144% increase in fourth-generation bot attacks that mimic human behavior; these bots can mimic mouse movements, keyboard presses, clicking and scrolling. Cybercriminals have also used a number of anti-CAPTCHA plugins and CAPTCHA-solving farms to avoid such challenges altogether.
Bots negatively impact everything from application experiences – by consuming resources that could be allocated to real users – to enabling scalpers to harvest concert and sporting event tickets via API calls to a web application. Blockchain technologies provide an opportunity to significantly minimize this activity without having to rely on increasingly ineffective CAPTCHA technologies, Aviv said.
In addition, there is an opportunity to reduce cybercriminals’ return on investment in robots, making the cost of employing them far outweigh any economic benefit, he added.
It is too early to tell what impact blockchain technologies may have on cybersecurity, but it is clear that there will soon be new classes of tools available to cybersecurity teams that leverage immutable ledgers to enforce trustless IT policies. However, most organizations probably won’t be able to set up and maintain a blockchain on their own, so in the meantime these technologies will likely be consumed via some type of cloud service.
It is not clear whether blockchain technologies will put an end to the arms race that has raged for years. Whenever technologies are developed to subdue them, the sophistication of the robots themselves has increased in response. But soon it won’t be nearly as easy to use robots with malicious intent as it is today.
