Bots vs. The Operations Teams
Bots and other forms of automation typically create a significant headwind that operations teams must plan and budget for. Automated visitors naturally consume an organization’s resources that ideally should be saved for actual human visitors. Worse still, automated traffic can easily come in unpredictable spikes which can intentionally or unintentionally lead to a denial-of-service. Operational challenges of automation include:
- Operational Overhead - Teams must invest in additional infrastructure to handle the increased load from automated visitors. Even small delays in the response time of a site or application have proven to have a significant impact on revenue as seen in an analysis by Akamai which found that every 100 millisecond delay in response time corresponds to a 7% drop in conversion rates.
- Botnets and DDoS - In addition to the everyday burden of automated visitors, ops teams must also prepare for very large spikes in automated traffic. Large distributed botnets can generate large amounts of malicious traffic of a variety of types designed to overwhelm a site or application and make it unavailable. Simple volumetric SYN floods can exhaust a site’s ability to accept connections. On the other hand, many bots will naturally operate at the application layer. These can be attacks that intentionally target resource-intensive requests in order to starve an application of resources. Bots can also be used in credential stuffing attacks to test large volumes of login credentials from many different IP addresses. Even though the intent of such an attack is to break into accounts, the volume of login attempts can easily overwhelm an organization’s resources.