SAN FRANCISCO, CA--(Marketwired - July 13, 2017) - Distil Networks, the global leader in bot detection and mitigation, today announced Bot Defense for API, a new solution that prevents bots from accessing the API servers that power public-facing websites and mobile applications. Distil now protects these API servers by determining whether a human is using a verified browser or mobile device to gain access. Distil goes beyond competing web-only solutions by providing the only comprehensive bot defense platform to protect websites, mobile apps and API servers from advanced persistent bots.

Bots are used by competitors, hackers and fraudsters and are the key culprits behind web scraping, brute force attacks, competitive data mining, online fraud, account hijacking, data theft, unauthorized vulnerability scans, spam, digital ad fraud and downtime. Bots vary in volume and sophistication, but all place an increasing burden on IT security and web infrastructure teams and wreak havoc across online operations big and small.

"While usage of APIs to drive web and mobile apps is exploding, the security of those APIs remains a grave concern, with 21% of APIs going live without any input from security professionals," said Rami Essaid, CEO and co-founder of Distil Networks. "Distil believes that the benefits of APIs shouldn't come at the expense of security, which is why we have released Bot Defense for Web API and Mobile Apps. Now, the API server that powers your website or mobile app is also protected against advanced persistent bots."

Key Capabilities of Bot Defense for Web API

The new solution extends Distil's Bot Defense Platform to protect web APIs.

  • Hi-Def Fingerprint - Identification based on 200+ unique markers present in OS and browser (plugins, screen, interface, fonts, WebGL, audio, video, etc.)
  • Known Violator Database - Checks against Distil's known violator reputation list
  • Client-side Interrogation - Validates that the browser is what it claims to be (e.g. has the correct JavaScript engine, is formatted correctly and all components perform as they should)
  • Browser-Not-Present Detection - Blocks API requests based upon the absence of the Distil Hi-def fingerprint
  • Domain-specific and Global Machine Learning Models - Pinpoints behavioral anomalies specific to a site's unique patterns, as well as bad bot behavior across all Distil-protected sites
  • Device-based Rate Limiting - Goes beyond IP-based rate limiting to detect when a device sends too many API requests across multiple usage vectors

Key Capabilities of Bot Defense for Mobile App APIs

  • Mobile SDK - Places bot mitigation directly into the mobile app
  • Mobile Token Management - Continuously verifies a mobile token is present and unaltered
  • Emulation Detection - Prevents API access from mobile device emulators that mimic human users
  • Automation Detection - Prevents API access from external testing systems that mimic human users on mobile devices
  • Reverse Engineering Detection - Prevents debugging software from tampering with the SDK
  • Device-based Rate Limiting - Rate limiting that goes beyond IPs and detects device utilization

According to Gartner's November, 2016 report titled 'Securing Mobile App Back Ends', "A common challenge with mobile apps is how to securely integrate them with back-end systems, which means securely exposing APIs. A typical failure sees developers write APIs that can be either intercepted or reverse-engineered by downloading the public app from an app store. Once the attackers deduce how the app uses the API, they attempt to directly access the API and potentially harvest API keys or other credentials from the app. "

To learn more about Bot Defense for API, please visit:

About Distil Networks

Distil Networks, the global leader in bot detection and mitigation, is the only proactive and precise way to verify that legitimate human users are accessing your website, mobile app, and APIs. With Distil, you automatically mitigate 100% of OWASP Automated Threats without imposing friction on legitimate users. Distil defends against web scraping, competitive data mining, account takeovers, transaction fraud, unauthorized vulnerability scans, spam, click fraud, denial of service, and API abuse while slashing the high tax that bots place on your internal teams and web infrastructure. Get complete visibility and control over human, good bot, and bad bot traffic, and make your online applications more secure with comprehensive bot defense. Distil Bot Defense for Web protects your website by verifying human traffic on real browsers. Distil Bot Defense for API prevents bots from accessing your API servers, whether it be through web or mobile.

For more information on Distil Networks, visit us at or follow @DISTIL on Twitter.

Contact Information:

Media Contact
Lauren Hillman
Kulesa Faul for Distil Networks
P: 510-394-2145