October 01, 2015
Starts at £201 per month.
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Solid analytics and good presentation in the user interface.
- Weaknesses: None that we noted.
- Verdict: For monitoring the impact of bots on a network this is the tool one needs.
Distil inspects each http request in real time to determine if it is a malicious bot. If so, it blocks the request. Next, machine-learning algorithms digest legitimate traffic patterns to pinpoint dangerous anomalies. When one domain is attacked, Distil gathers the attack information and distributes it back out to all Distil-protected sites. The product analyses more than 40 bits of information from each client request to build a fingerprint that's unique to the browser making the connection. Fingerprints stick to the bot even if it attempts to reconnect from random IP addresses or hide behind an anonymous proxy. The product can be deployed on-premises or be provided as a cloud-based service.
This is a focused piece of network forensics - concentrating on bot traffic. It bridges the gap between online fraud prevention and cyber-forensics in that it not only acts proactively but also provides enough information to at least partially analyse the bot attack. What we found interesting is that Distil does not care about the IP address - the usual touchpoint - but rather it concentrates on the fingerprint of the browser data.
This is not to say that Distil finds IP information irrelevant. The system can block by content (which includes referrers and anonymous proxies), custom pages with CAPTCHAs you create, IP access lists with both black and whitelisting, and a country block list. When a client's implementation triggers on a bad bot it sends the information to the Distil cloud where it is disseminated to all users. Additionally, having that data in the cloud enhances analytics.
One primary use of Distil is identifying and responding to click fraud. Since it makes a distinction between bad and good bots, and because of the integration of CAPTCHA, it is able to identify click fraud rapidly and respond.
We found the user interface very good with clear dashboards and excellent drill-down for details. One useful dashboard is the traffic overview. As well, there is an excellent dashboard that shows the source of bad bots. This dashboard has drill-downs that show threat analysis by organisation, malicious countries and specific IP addresses.
Distil has a good website with pretty much everything you'd expect - support, FAQ, knowledge base - and, surprisingly, it offers 24/7 support at no cost. Additionally, the company offers professional and enterprise aid and assistance is available by phone or email. There was no documentation provided, but the cloud version is well-supported so it should not be necessary, especially with 24/7 aid.
While we recommend the cloud deployment - set up with a simple DNS change - on-premises deployment is on a bare metal virtualised environment with high availability and failover monitoring. We found the price reasonable given the quality of the service and, overall, we found this to be well conceived and presented with a set of analytics that is actually quite useful.
If you want to know about bots and botnets accessing your web pages, this tool is your cup of tea. It also is quite clear about the success (or not) of your anti-bot countermeasures, such as CAPTCHA.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- ICYMI: CEO Sacked; MS Zero-day; Passwords dropped; Ransomware wild, charging hack
- 9.2 million medical records for sale on darkweb
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success
- Research: Hacked companies could see customer exodus if breached
- Misconfigured drive exposes locations of explosives used by oil industry