AWS Partner Network (APN) Blog

Preventing Online Fraud and Attacks with AWS and DataDome’s Real-Time Bot Protection

By Karim Heraud, Technical Product Manager – DataDome
By Gilles Walbrou, Chief Technology Officer – DataDome
By Kira Lempereur, Sr. Technical Writer – DataDome
By Arun Nallathambi, Sr. Partner Solutions Architect – AWS

DataDome-AWS-Partners-2024
DataDome
DataDome-APN-Blog-CTA-2024

As the world becomes increasingly connected to the internet, more and more customers are choosing to make purchases online. With increased online traffic comes more opportunities for bad actors to execute attacks through scraping, account takeover, and payment fraud, among others.

Online fraud continues to increase annually, costing the average online business $4.5 million each year. Cumulative losses from online payment fraud are estimated to exceed $343 billion between 2023 and 2027.

Bots comprise more than 40% of online traffic, and the influx of fraudulent traffic has become the rule for many online businesses—not the exception. Effective, reliable, and scalable bot and fraud detection is necessary to protect businesses and consumers from sophisticated attackers.

DataDome is an AWS Specialization Partner and AWS Marketplace Seller with the Security Competency. Its solution detects and mitigates bot and online fraud attacks with unparalleled accuracy and zero compromise.

In this post, we will talk about the risks from bot attacks and how to protect your web applications from such attacks using the DataDome bot protection service powered by Amazon Web Services (AWS).

DataDome Bot Protection Service

Bots can attack and take over an online session at any time—so every request must be inspected, every time. A snapshot of activity at one point in time is not enough to determine user intent. At the same time, user experience must be preserved by a solution that minimizes false positives, adds zero latency for the end user, and runs smoothly and reliably in all regions served.

DataDome’s bot mitigation philosophy is simple: inspect every request, every time, in real time—without latency for the end user. The solution is built around three key standards:

Accuracy Without Compromise

Many bot and online fraud protection providers make a tradeoff between speed and accuracy. DataDome believes accuracy is possible without compromising speed or user experience. DataDome’s solution utilizes powerful machine learning (ML) at the edge to scale protection against new threats across all protected endpoints in real time.

The ML engine leverages over three trillion data points every day, collecting the most comprehensive set of detection signals possible to ensure the most accurate protection available. The ML detection is supervised by experts and data scientists, constantly enriching the models to improve detection of current and future threats.

Frictionless for Consumers

33% of customers will avoid a business that flags their transactions as fraudulent (a false positive). Removing points of friction like false positives, extra steps, and latency is good for consumers and businesses. DataDome’s 0.01% false positive rate means very few humans are challenged, unlike a traditional CAPTCHA, which will challenge 100% of visitors. For the rare human who does see a DataDome CAPTCHA, the experience is easy, accessible, and data privacy-compliant.

Force Multiplier for Your Team

To operate efficiently, online businesses need full transparency into their traffic, both human and automated, and visibility into the measures being taken to protect their platforms. DataDome’s dashboard is intuitive and easy to read, providing real-time insights so users can dig into specific threats, analyze events, or simply sit back and receive key alerts and notifications via email or Slack.

The solution is supported nonstop by site reliability engineers (SREs) to ensure the performance of its infrastructure, as well as 24/7 customer support and a vigilant security operations center (SOC) team to monitor customer traffic and the solution’s response all day, every day.

Meeting each standard without latency for the end user is a scalability feature that provides DataDome customers with optimal protection against even the most advanced threats. Let’s explore how DataDome has collaborated with AWS to ensure a highly available solution, no matter where the request is coming from.

Integrating DataDome Bot Protection

DataDome runs anywhere and is able to integrate with as many different types of infrastructure, including multi-cloud and multi-content delivery network (CDN) setups. Customers can integrate with DataDome protection at two levels: server-side and client-side.

Seamless Integration with AWS Lambda@Edge Module

For AWS customers relying on Amazon CloudFront to distribute their traffic, DataDome provides a module leveraging Lambda@Edge. Like DataDome’s other modules, this module uses the DataDome API before routing the incoming request to the customer’s backend (or blocking it).

Thanks to the 450+ CloudFront points of presence (PoPs), bot protection is handled at the location closest to the end user. The DataDome API is deployed in every CloudFront regional edge cache to ensure AWS Lambda can query the DataDome API in the very same region it’s running.

Server-Side

On the server side, DataDome can launch in minutes once a customer deploys a specific module in the routing stack of their publicly exposed services. The module extracts fingerprints and signals from incoming requests and sends them to DataDome APIs for validation. The solution is designed to avoid a single point of failure, and the average computing time for each request is two milliseconds. Purpose-built modules are available for different routing stacks.

Client-Side

The client-side integrations for DataDome are offered via lightweight software development kit (SDK) and a JavaScript tag for use on customer websites, as well as Android and iOS applications. Both the SDK and JavaScript tag collect signals to enrich DataDome’s detection engine, ensuring extremely accurate bot protection. Client-side integrations are quick to implement and extremely lightweight for both apps and web requests.

Synchronous Integration in Customer Infrastructure

To block fraudulent traffic, modules integrated in the customer’s routing stack act synchronously on the request lifecycle. Every incoming request is intercepted by the DataDome module before being forwarded to the customer backend, and validation is requested from the DataDome API.

DataDome synchronous workflow for low-latency validation mechanism.

Figure 1 – DataDome synchronous workflow for low-latency validation mechanism.

Routing Requests for Low Latency and High Availability

Many optimizations are applied in the client-server communications to lower domain name system (DNS) resolution time, quickly establish transmission control protocol (TCP) connections, hasten secure sockets layer (SSL) handshakes, and compress the content exchanged. When it comes to total request time, network round-trip and travel time are key: the DataDome API must be as close as possible to the customers’ infrastructure.

In order to do so, DataDome relies heavily on AWS regions. The DataDome API is deployed in 26 locations across the globe, including more than 20 AWS regions, and it’s easily deployable in additional AWS regions closer to customers to meet the low-latency requirement.

Image 2: How DataDome leverages AWS global infrastructure to achieve low latency and highly available Bot Protection

Figure 2a – DataDome leverages AWS global infrastructure.

DataDome’s APIs are distributed in 26 total regions, including 20+ AWS regions.

Figure 2b – DataDome APIs are distributed in 26 total regions.

Amazon Route 53 as a Foundation of Performance and Reliability

In order to route customers’ requests to the closest location, DataDome relies on Amazon Route 53; it hosts the DNS service for DataDome’s main domain, datadome.co. Amazon Route 53 is a highly available and scalable DNS web service used by DataDome to route the request to a specific location based on routing policies. This helps achieve high availability and increased performance.

Of the eight available policies, the DataDome bot protection service uses a geoproximity routing policy with traffic flows, which helps DataDome define complex rules to handle requests from everywhere in the world and route them to desired targets based on fine-grained criteria.

DataDome distributes the world into many regions and routes the DNS queries from every region to desired targets.

Geoproximity routing in Europe resolves DNS queries to the closest DataDome Point of Presence

Figure 3 – Geoproximity routing in Europe resolves DNS queries.

Every target location in geoproximity routing is associated with an Amazon CloudWatch health check configured with the appropriate threshold. That way, when a PoP faces degraded response time, the geoproximity map is updated to remove the degraded region and route traffic to the closest healthy PoP.

This feature, combined with low time to live (TTL), provides more reliability to DataDome’s services, in case of a failure in one or more regions.

DataDome-Bot-Protection-4

Figure 4 – DataDome PoP health check.

Fast Handling of Requests in AWS Regions

Every DataDome PoP is stateless and built for performance. DataDome boasts a two millisecond average response time for bot protection requests to these PoPs.

Reaching such high performance has required many optimizations to be completed on operating systems and applications. DataDome also worked closely with AWS to have the fastest possible scaling, based on the following simple architecture.

Image 6 Bot protection API requests are handled by an AWS Application Load Balancer targeted by an Amazon CloudFront distribution.

Figure 5 – Bot protection API requests are handled by AWS.

Optimizing Scaling and Boot Times to Handle Traffic Increases

To handle traffic variations all day long, every region relies on Amazon Elastic Compute Cloud (Amazon EC2) auto scaling groups. These manage instance lifecycles, health checks, and automatic balancing across AWS Availability Zones (AZs). To ensure scaling works as quickly as possible, DataDome performs several different tests and benchmarks to select the most suited AWS infrastructure.

To complement auto scaling groups, DataDome implemented a dynamic scaling algorithm to pilot them in real time. This continuous innovation leveraging new features released for EC2 ensures the DataDome service can handle huge traffic increases.

DataDome-Bot-Protection-6

Figure 6 – Optimized scaling algorithm piloting EC2 auto scaling groups.

Conclusion

DataDome bot and fraud detection protects customers from malicious attacks, using machine learning at the edge to detect even the most sophisticated bots. Detection accuracy is maintained—without compromising speed or customer experience—thanks to lightweight integrations and powerful scalability that leverage AWS global footprint.

Learn more about DataDome on AWS Marketplace.

.
DataDome-APN-Blog-Connect-2024
.


DataDome – AWS Partner Spotlight

DataDome is an AWS Specialization Partner with the AWS Security Competency. Its solution detects and mitigates bot and online fraud attacks with unparalleled accuracy and zero compromise.

Contact DataDome | Partner Overview | AWS Marketplace