Bot protection
Early Access release. See Enable self-service features.
The bot protection feature helps protect your org against automated attacks that can bypass traditional security measures. It has two main components: bot detection and bot remediation. Bot detection is a machine learning-based model that uses both stateful and stateless inputs to determine whether a request comes from a bot. If the request is from a bot, bot remediation offers customizable remediation actions, including a new transparent Okta Challenge solution, which doesn't require user input.
Automated attacks pose a significant threat to organizations, as attackers use readily available tools and cloud services to gain access to user accounts. These attackers often use "low and slow" methods, distributing their attacks across many different IP addresses to avoid detection by security measures that focus on IP-based reputation. The bot protection feature detects and prevents these automated attacks before they can compromise user credentials. It provides you with ongoing, clear visibility of bot attacks against your organization and the remediation steps that were taken.
Benefits
- Protection against fraudulent sign-up and authentication events
- Bot protection helps reduce the automated creation of new accounts using fabricated or stolen identity data.
- Reduced fraud and account takeover
- Bot protection helps to significantly decrease the risk of account takeover and fraudulent activities for both admins and end users.
- Protection for password-based authentication
- Bot protection offers critical protection for the high volume of admins and end users who still rely on passwords as their primary form of authentication.
- Additional layer of defense against automated attacks
- Bot protection operates independently of ThreatInsight to provide a more robust and dedicated layer of defense. It's designed to combat bot-based attacks, which are a major threat to password-dependent systems.
How it works
Bot protection runs during your sign-in, sign-up, and self-service password recovery flows. It has three statuses so you can test scenarios or phase your change management efforts.
-
Disabled: No monitoring or enforced remediation actions.
-
Monitoring: Bot detections are logged, but no remediation actions are enforced.
-
Enforced: Logging with enforcement of Okta Challenge.
When it's turned on, bot protection evaluates requests made to the Sign-In Widget endpoints. Bot protection has four Bot Likeliness thresholds that can affect the number of false positives or false negatives. Think of these thresholds as a "when risk is..." measurement.
-
Low and above: Bot protection triggers an event when there's a small chance of bot activity. This may result in more false positives (like humans being prompted for Okta Challenge).
-
Medium and above: Bot protection triggers an event when there's a moderate chance of bot activity.
-
High: Bot protection triggers an event only when there's a high chance of bot activity. This may result in more false negatives (like bots not being prompted for Okta Challenge).
-
Any: Bot protection triggers an event whenever there's a chance of bot activity.
Based on your chosen detection threshold, bot traffic is logged in the System Log. If you turn on enforcement, Okta Challenge is the default response for bot detection.