Fastly updates bot management to reduce CAPTCHA reliance

Fastly has announced an update to its Bot Management service aimed at reducing the reliance on CAPTCHAs while enhancing security and user experience.

The update incorporates three new features: Dynamic Challenges, Advanced Client-Side Detection, and Compromised Credential Checking.

These tools aim to address the issues of scraping, account takeovers, and spam without compromising the user experience by over-relying on CAPTCHAs, which have often been a cause of user dissatisfaction and loss of business.

Traditional online security measures have often necessitated the use of CAPTCHAs to deter threats, which can negatively impact user interaction and potentially drive users away. Fastly's new capabilities aim to remove these barriers, offering a balance that keeps customers engaged while ensuring safety against malicious activities.

"Security teams shouldn't have to choose between blocking malicious bots and frustrating customers," stated Kip Compton, Chief Product Officer at Fastly.

"This update allows users to move freely while bad actors get stopped in their tracks."

The Dynamic Challenges feature enhances validation processes by offering traffic verification that does not primarily depend on CAPTCHAs.

It uses real-time characteristics from both client and server sides, applying minimal intrusive methods for genuine users and increasing challenge levels for bot traffic.

This system utilises Private Access Tokens (PATs) for a seamless experience for recognised legitimate users while imposing tough challenges to known bots, applying non-interactive checks for other traffic categories.

Advanced Client-Side Detection focuses on identifying bots that mimic human browsing behaviour using automation tools and headless browsers.

This feature can be deployed with a single line of JavaScript code, equipping organisations with the capability to detect and block sophisticated automated threats, without sacrificing performance.

Compromised Credential Checking offers an additional layer of security against credential stuffing and account takeover attacks. It scrutinises login and registration attempts to detect use of compromised credentials from known breaches, providing security teams with critical real-time insights to act without hindering legitimate users.

"By fast-tracking legitimate users and deploying interactive challenges only when necessary, Fastly significantly reduces reliance on CAPTCHAs, improving user experience and boosting conversion rates," added Compton.

"Businesses no longer have to compromise between security and usability; Fastly's intelligent bot management brings frictionless protection at scale."

Christopher Rodriguez, Research Director, Security & Trust, IDC, commented, "As bots continue to become more sophisticated, organisations find themselves stuck between providing enhanced security or an enhanced end-user experience."

"The latest updates, alongside Fastly's developer-focused approach, enable companies to detect and respond to bots while providing end-users with an optimal experience."

These latest updates to Fastly Bot Management are available to all Fastly customers.

The service aims to assist companies globally in improving their online security measures while offering an uninterrupted user experience.