1. Market Research
  2. > Computer Security Market Trends

The Forgotten Barometer: Bot Detection as an Integral Security Technology

  • August 2014
  • 11 pages
  • Frost & Sullivan
Report ID: 2357784


This SPIE will analyze the value of bot detection in a security model; the perceived value of such features; the methods used to detect bots, and their respective effectiveness.

The model for threat detection is continually evolving in response to changing tactics utilized by malicious actors. Network-based threats are increasingly deceptive and dubious in nature; and, as a result, security technologies must be able to detect signs of an attack or intrusion attempt, rather than an exact pattern of an outright threat.
One of the trends forcing a shift in threat detection methodologies is the growing importance of the bot as a go-to tactic for hackers and hacker groups. A bot is a computing system tasked with performing a specific Internet function, in an automated fashion. Not all bots are malicious in nature; there are bots that perform legal and useful tasks such as Web indexing, data collection, competitive research, and promotional activities on social networking Web sites.

For hackers, the benefits provided by bots are invaluable. The ability for bots to perform assigned tasks repeatedly, quickly, and in an automated manner enable hackers to control these systems en masse and to great effect. A group of coordinated bots, called a botnet, enable threat actors to perform massive scale distributed denial-of-service (DDoS) attacks and spam email campaigns. Though DDoS attacks and spam distribution are some of the most visible and well-known uses of DDoS attacks, the importance of bots is greatly underestimated. Essentially, the bot is the “go-to” tool that enables the command, control, communications, and coordination of covert operations by highly sophisticated threat actors.

Thus, while bot detection is a valuable pursuit in its own right, it may also be leveraged as a means to defend against a range of threats. Security solution vendors hope to be able to protect customer networks from a range of commodity malware, advanced threats, availability attacks, and other undesirable activities by identifying and blocking malicious bots. This SPIE will analyze the value of bot detection in a security model; the perceived value of such features; the methods used to detect bots, and their respective effectiveness.

The Need for Bot Detection as an Integral Component in a Modern Network Security Model
Too often, bots are overlooked as just another item of concern in a threat landscape characterized by a myriad of threats. However, bot detection is an important capability that can help to solve imminent threats, as well as less visible security issues.

Bot Detection to Mitigate DDoS Attacks and Spam
Bot detection is perhaps most closely associated with DDoS attacks and spam distribution. The first step in these attacks is to infect as many devices as possible. The Zeus trojan and similar malware families are capable of infecting a range of devices, and installing the necessary software for hackers to control the device. Next, the malware will direct the infected device to dial-out to a specified IP address, pertaining to the command and control (C&C) system, for directions. The C&C system can then direct bots to send unsolicited network traffic to targeted IP addresses as part of a DDoS attack.

DDoS attacks can be very costly for businesses, by inhibiting employee access and productivity, blocking sales and new customers, and by hurting the reputation of the targeted organization. As a result, DDoS attacks are increasing in frequency, volume, and potency.

Arbor Networks is the leading provider of DDoS mitigation solutions for service providers and enterprise networks. Bot detection is an important capability for the purpose of identifying and mitigating DDoS attacks reliably. For Arbor Networks, the ability to identify and block bots accurately helps to distinguish its products from entry-level DDoS mitigation capabilities integrated in standard network tools such as firewalls, intrusion prevention systems (IPS), and content distribution network (CDN) services. A complete analysis of the DDoS mitigation global market is provided in the Frost & Sullivan Market Engineering study available at www.Frost.com/ndd2.2

The owner of the bots and C&C system, called a bot herder, may also use the botnet to send massive amounts of spam email, as in the case of the Cutwail botnet. Spam email presents a range of threats, from a simple nuisance to a launching point for social engineering attacks, phishing, and distributing malware such as Cryptolocker. Additionally, spam can present a drain on businesses by tying up valuable computing resources involved in threat detection inspections, or by hijacking computing resources for the purpose of sending spam emails.

Bot Detection to Stop Malware and Advanced Threats
A particular trend that has forced a shift in the security model is the emergence of advanced persistent threats (APTs). Frost & Sullivan defines an APT as a cyber-based attack that
- Utilizes a type of advanced malware
- Targets or focuses on specific individuals or organizations (not a mass targeted attack)
- Looks to achieve a monetary or intellectual property gain
- Looks to penetrate and persist, undetected, in an environment (network or endpoint)

The term APT was originally coined to describe dedicated, skilled, and organized hackers and groups that conduct highly successful data theft and network intrusion actions. Often, these actions go unnoticed for several months and even years as APTs are designed to evade commercial threat detection systems, as well as obfuscate evidence of their activities. The first signs of an APT are typically discovered by the victimized organization’s partners and customers rather than the victim organization itself, and are fully uncovered only after a lengthy and exhausting forensics investigation.

Security companies continue to develop and refine multiple methods to detect APTs. Some solutions attempt to identify threats near the network perimeter, with FireEye as a well-known example. FireEye utilizes a sandboxing methodology to detonate malware in a virtualized computing environment, in order to identify APTs that are undetectable by traditional signature matching and behavioral systems. However, there is a pattern of escalation that indicates that future APTs will become resistant to these detection mechanisms. Already, advanced malware is being discovered with sandbox evasion capabilities, such as the ability to detect the presence of emulation or a virtualized environment, and stay dormant during the inspection process.3 Therefore, the detection of APTs increasingly requires the ability to detect and correlate multiple indicators in an automated and investigative manner.

Get Industry Insights. Simply.

  • Latest reports & slideshows with insights from top research analysts
  • 60 Million searchable statistics with tables, figures & datasets
  • More than 25,000 trusted sources
  • Single User License — provides access to the report by one individual.
  • Department License — allows you to share the report with up to 5 users
  • Site License — allows the report to be shared amongst all employees in a defined country
  • Corporate License — allows for complete access, globally.

Amrita helps you find the right report:


The research specialist advised us on the best content for our needs and provided a great report and follow-up, thanks very much we shall look at ReportLinker in the future.

Kate Merrick

Global Marketing Manager at
Eurotherm by Schneider Electric

We were impressed with the support that ReportLinker’s research specialists’ team provided. The report we purchased was useful and provided exactly what we want.

Category Manager at

ReportLinker gave access to reliable and useful data while avoiding dispersing resources and spending too much time on unnecessary research.

Executive Director at
PwC Advisory

The customer service was fast, responsive, and 100% professional in all my dealings (...) If we have more research needs, I'll certainly prioritize working with ReportLinker!

Scott Griffith

Vice President Marketing at
Maurice Sporting Goods

The research specialist provided prompt, helpful instructions for accessing ReportLinker's product. He also followed up to make sure everything went smoothly and to ensure an easy transition to the next stage of my research

Jessica P Huffman

Research Associate at
American Transportation Research Institute

Excellent customer service. Very responsive and fast.

Director, Corporate Strategy at

I reached out to ReportLinker for a detailed market study on the Air Treatment industry. The quality of the report, the research specialist’s willingness to solve my queries exceeded my expectations. I would definitely recommend ReportLinker for in-depth industry information.

Mariana Mendoza

Global Platform Senior Manager at
Whirlpool Corporation

Thanks! I like what you've provided and will certainly come back if I need to do further research works.

Bee Hin Png

CEO at
LDR Pte Ltd

The research specialist advised us on the best content for our needs and provided a great report and follow-up, thanks very much we shall look at ReportLinker in the future.

Kate Merrick

Global Marketing Manager at
Eurotherm by Schneider Electric

Purchase Reports From Reputable Market Research Publishers

Canadian IT Security Hardware, Software, Services, and Cloud Forecast, 2017-2021

  • $ 6600
  • Industry report
  • August 2017
  • by IDC

This IDC study forecasts all IT security markets in Canada, including hardware, software, SaaS, and security services, down to the subfunctional level as defined in IDC's Worldwide Security Products Taxonomy, ...

Spear Phishing Market by Component, Deployment Type, Organization Size, Vertical, and Region - Global Forecast to 2022

  • $ 5650
  • Industry report
  • May 2017
  • by MarketsandMarkets

The spear phishing market is projected to grow at a CAGR of 10.8% between 2017 and 2022 The spear phishing market is projected to grow from an estimated USD 840.7 million in 2017 to USD 1,401.6 million ...

Sandboxing Market by Component, Delivery Type, Organization Size, Industry Vertical, and Region - Global Forecast to 2022

  • $ 5650
  • Industry report
  • June 2017
  • by MarketsandMarkets

“Increasing sophistication in the attacking techniques is expected to drive the growth of the sandboxing market.” The sandboxing market size is expected to grow from USD 2.90 billion in 2017 to USD ...


Reportlinker.com © Copyright 2017. All rights reserved.

ReportLinker simplifies how Analysts and Decision Makers get industry data for their business.