OVERVIEW

This firm provides educational courses, test services and professional development  for all stages of learning, from pre-school to professional-level courses. With over 20,000 employees worldwide and test centers in 180 countries, it helps millions of learners prepare for crucial exams and successful careers. As a global leader in online learning and test preparation, its website receives several million visitors every year looking for courses to study, as well as educational content and guidance on how to prepare for a range of examinations and certifications.

CHALLENGES

With the growing popularity of online learning in recent years, and especially after the onset of the COVID-19 pandemic, this company’s website has been increasingly targeted by scalpers and profiteers. With the intention of financial reward, scalpers would deploy bots to strike this website and quickly reserve the limited number of testing locations and timeslots and resell their booked slots to those willing to pay exorbitant prices.

Apart from engaging in scalping and denial-of-inventory tactics, the large volumes of bot traffic on the educational portal resulted in website slowdowns and a poor user experience, forcing the firm to increase spending on additional website infrastructure and network bandwidth. To make matters worse, the high levels of bot traffic on their website and forms for booking test slots also greatly skewed the company’s visitor metrics, preventing their marketing and growth teams from getting accurate visitor data to optimize their campaigns.

Though the company tried to develop an in-house solution to filter the bad bot traffic by manually blacklisting IP addresses, it did not resolve their bot issues. Advances in bot technologies and tactics used by bot masters have rendered manual traffic analysis and IP address blacklisting futile, as botmasters can quickly switch to other IP addresses and cloud data centers.

Sophisticated bots can be easily bought online to perform a wide range of attacks against websites. Using tactics such as“low and slow”attacks, bots are deployed using thousands of IP addresses (usually from large data centers, hijacked residential internet routers, and compromised IoT devices) to launch distributed bot attacks against their chosen targets. Fourth generation bots are so advanced that they can even mimic the behavior of humans as they click, tap, scroll, and traverse across a website or mobile app, confounding conventional website security solutions and manual bot-blocking approaches.

SOLUTION

As bot attacks grew worse over time, the company realized that their labor-intensive and time-consuming manual approaches were not effective and decided to switch to a dedicated bot management solution. After evaluating and testing several bot mitigation solutions, the company chose AgileSecu Bot Manager to defend their business against bot attacks.

Once integrated with the learning portal, AgileSecu’s patented IDBA (intent-based deep behavioral analysis) technology, collective bot intelligence database, and advanced fingerprinting methodology soon brought bot traffic down to negligible levels and allowed legitimate users to quickly and conveniently get their desired test slots.

AgileSecu Bot Manager ensured negligible false positives (i.e., humans being mistaken for bots) through a robust challenge-response authentication to allow real users through while blocking bots. In addition, the customer took advantage of Bot Manager’s customizable actions to handle various types of bots across different sections of their website based on their business needs.

Figure 2: Before AgileSecu Bot Manager unfiltered human vs. bot traffic                       Figure 3: After AgileSecu Bot Manager filtered traffic without bad bots

BENEFITS

This global education and testing company improved conversion rates by blocking scalper bots from grabbing limited-availability test slots. The company’s revenue increased, and customer satisfaction improved with hassle-free delivery of educational and assessment services to users.

Another welcome benefit from blocking malicious automated traffic was reduction of server and network related infrastructure costs. The company’s sales and marketing teams were finally able to get accurate business KPIs across all product categories, helping them produce better results.

The company was also able to do away with tedious manual bot blocking efforts, freeing up resources towards core business activities. AgileSecu’s team of managed service specialists handle all the complexities of bot management to ensure comprehensive protection from bot threats of every kind.