ANTI SCRAPING CASE STUDY

Transcription

1 ANTI SCRAPING CASE STUDY

2 CASE STUDY - GAMBLING INDUSTRY ScrapeSentry Anti Scraping Service has increased site availability, reduced infrastructure costs, and protects data for Ladbrokes Why scraping is an issue With over 800,000 active online gaming clients, Ladbrokes stand to lose significantly as a result of Scraping. Scraping not only puts Ladbrokes hard earned data into the wrong hands, it also can have a major impact on their clients by overloading servers and bandwidth resources with nonrevenue generating requests for information. This directly affects their users experience and can create a Denial of Service (DoS) type event. Either case results in a measureable decrease in revenue. ScrapeSentry Anti Scraping Service blocks illegitimate traffic to Ladbrokes site without affecting legitimate users experience. The service keeps Ladbrokes sites running smoothly and their data solely in the hands of their valued clients. The solution for Ladbrokes Ladbrokes consulted global IT security specialists Sentor in order to safeguard its business from scraping. Ladbrokes had the following requirements: - A real-time screen scraping detection and blocking capability - Service availability and response 24/7 - No interference with its booking engines, traffic, or any other adverse effect on resources - Invisible to legitimate users With the constant growth we are experiencing in On-Line betting it is increasingly important to ensure that we provide a highly reliable and accessible applications to our customer base. Scraping can have significant negative impacts on our business if not monitored and managed correctly. It may not only affect customer experience but can also create an apparent Denial of Service. We have been working with Sentor on this matter and are extremely satisfied with the advice and services that they have provided us with. Their expertise and capability of managing this issue has become invaluable and allows us to focus on our core business whilst knowing that the use and efficiency of our websites are being protected from those who simply want to scrape us to serve their own interests. Mike Gaffney, IT Manager at Ladbrokes 2

3 The challenge for betting companies Incidents of Scraping are becoming more common for betting companies, and particularly so for sportsbooks where data is costly to generate and update. Leveraging the data for arbitrage is not uncommon. With real-time gaming, response time and availability is paramount. Customer loyalty can be short lived. Clients move on to a competitor s service after missing only one bet. In a world where you can wager on who is going to get the next touch never mind score the next goal, any obstacle placed in their way hurts business. Adding even a few seconds can be an obstacle. It is important that scraping can be controlled to allow the business to deliver the necessary level of accessibility and service to its customers. The use of a CAPTCHA can be that one extra step that deters a client from placing a bet. Keeping in mind that responsible measures are already being made for instance to ensure age and geographic requirements are met. This resource problem holds even more relevance during major sports events such as the gold cup in horse racing or during a big football weekend when traffic volumes are naturally already higher than normal. Enabling genuine users to trade is critical and therefore not having any proper management and control on scraping activity greatly affect a business s bottom line. This can also cause irreparable harm to brand image, and encourage loyal customers to go elsewhere to place their bets. In Ladbrokes case it was identified that scraping could be very damaging if there was no way of controlling it and keeping it regulated. The challenge therefore was to identify groups of offenders along with individuals who were targeting Ladbrokes database purely to extract data for their own personal benefit. This needed to be done instantly in order to allow genuine users to be able to receive the level of response and service delivery to be able to place their transactions and view the necessary information. Differentiating between good and bad requests ScrapeSentry s Anti Scraping Service was developed by Sentor Managed Security Services. ScrapeSentry has been at the cutting edge of combating data scraping since Search engine bots must be allowed through as they index your site, giving you your search engine ranking. Scrapers use scripts and web bots that mimic search engine requests. It is very difficult to differentiate between them. Unfortunately, scrapers who steal your content can even rate higher than your organisation in search engine results. Scrapers use any means to hide themselves Scrapers use anonymous web proxies or TOR network to hide their identity and increasingly sophisticated programs to appear as legitimate users. Scrapers appear to come from partner, corporate and legitimate ISP networks. The powerful and highly sensitive ScrapeSentry system can detect this abusive activity and offers the option to block it. ScrapeSentry - How it works A fully managed ScrapeSentry appliance is securely installed on a mirror port at a customer s site. This appliance sniffs all the requests to the site with no adverse impact on normal traffic. User requests are analyzed by over 50 different tests in real time to understand if they are legitimate. All known illegitimate traffic is automatically blocked according to a tailored predetermined response plan. 3

4 Behavioural analysis Any new type of suspicious behaviour detected is further analysed by correlating a potential threat to both a short-term traffic database and a long term known offender database. Suspicious activity results in the creation of a scraping incident case. The case is investigated by operators at Sentor s Security Operations Centre (SOC) in line with Sentor s client-specific scraping response process. If the suspicious behaviour is indeed the work of a scraper the operator will issue an appropriate block order against that specific IP address, header, session, etc. immediately putting an end to the scraping attacks. Full customer visibility and insight A report is created for each incident that in turn is presented to easyjet via Sentor s Security Management Portal (SMP). The SMP also provides comprehensive reporting capabilities to track scraping trends and keep metrics comparable over time. ScrapeSentry Architecture Internet Web Users External Users Customers Robots Internet traffic Mirror port Managed Service Sentor Security Operation 24/7 & Security Management Portal All traffic monitored stealthily Website Web Server Application Servers Blocking options ScrapeSentry Detection Appliance 4

5 About Ladbrokes The name Ladbrokes is synonymous with betting and gaming: the hallmark of a premier brand. The Company, the origins of which date back to 1886, employs over 14,000 people in Britain and over 16,000 in total. It is one of the world s leading betting and gaming enterprises. Ladbrokes is a market leader in retail bookmaking in the UK, Ireland, Belgium and Spain where it operates a combined total of more than 2,700 betting shops. The Company also operates betting facilities at eight FA Premiership grounds and nine racecourses, including Ascot. In addition to its extensive retail presence Ladbrokes offers thousands of betting markets on a daily basis via the Internet, mobile Internet and telephone. The telephone betting operation services 85,000 customers, while Ladbrokes.com, the Company s online betting and gaming facility, has attracted nearly 800,000 active clients. Betting is offered via 13 tailored sites in nine different languages; supporting 17 currencies. The site incorporates the highest levels of security, which underwrite an integrated array of sports betting and gaming services available 24 hours a day, 365 days of the year. Ladbrokes is focused on building its digital capabilities to realise its vision of becoming a fully e -enabled international betting and gaming business. About Sentor The company behind the ScrapeSentry Anti Scraping system is Sentor Managed Security Services. It was set up in 1998 to provide expertise in information security and online security in particular. The ScrapeSentry Anti Scraping services are a core part of our service offering and the most rapidly expanding business area within Sentor. We have been providing ScrapeSentry Anti Scraping services 24/7 since 2006 and have development team constantly developing our service platform. Today we have over 30 experts working with R&D and scraping protection for some of the world s best-known online brands. Contact us We are operating within the strictest integrity and confidentiality. Head Office Björns Trädgårdsgränd Stockholm, Sweden US Office 321 K Street South Boston, MA UK Office Blockstock Road London N4 2JF, UK Visit us online Read more about Sentor s ScrapeSentry service: Company page 5