How does the Bot Defender Sensor collect metrics?
BD sensor uses variety of methods to collect data:
- The sensor gets signals via DOM API, BOM API, WebAssembly etc
- The sensor collects general data about the running environment, implementing detection techniques that are helping the Detector to decide whether the running session is automatic or not. The sensor also collects device features such as visual and audio rendering capabilities, browser plugins, extensions and more.
- The indicators stated above are compared to a growing library of bad actor profiles built on anonymized and aggregated customer sets and multiple external resources (by the detector).
When does the Bot Defender Sensor need to load in the initial page load?
As soon as the BD sensor starts running it can start collecting data which helps with the bot mitigation process. Although it doesn’t have to be the first resource to load in the initial page load to work properly, it is still advisable load the sensor as soon as possible (it will have better visibility to actions on the page, thus preventing more attacks).
Please refer to the Footprint page to look for overall performance impact of Bot Defender components
Why should I be forcing upgrades when installing the Mobile SDK?
We recommend to force upgrades when installing the Mobile SDK due to the following:
- To allow for a broader set of signals and feedback loop which strengthen the detection applied to the Mobile endpoints.
- By not forcing the upgrade, there may be versions of the application that will either not have the SDK at all (the detection will be irrelevant and will create a loophole for attackers to abuse), or will not have all the capabilities in the new SDK
