Intelligent Bot Detection

Intelligent Bot Detection is your first line of defense against large-scale, automated attacks like credential stuffing. This always-on system is designed to distinguish between legitimate human users and malicious bots, adding a critical layer of security without creating unnecessary friction.

How It Works

The system uses advanced statistical models and a vast amount of traffic data to identify patterns that indicate a scripted attack. When a login, signup, or password reset attempt is flagged as high-risk, the user is presented with an additional verification step. This proactive defense helps to:
  • Prevent account takeovers from credential stuffing.
  • Stop bots from validating lists of stolen email addresses against your user base.
  • Reduce the load on your system from malicious traffic.

What You and Your Users Will Experience

For the vast majority of your users, the experience is seamless and transparent—they won’t even know Bot Detection is running.
  • Legitimate Users: Will log in normally without any interruption.
  • Suspicious Traffic: If a login attempt is flagged as potentially being from a bot, our system will present Auth Challenge. This is a modern, CAPTCHA-free verification method that is easy for humans to solve but difficult for bots, providing strong security without the usual frustration of distorted text puzzles.
This feature is fully managed by Altostrat to ensure the optimal balance of security and usability.

Trusted Networks

In some cases, you may have trusted internal tools or corporate networks that generate a high volume of legitimate automated traffic. If you find that Bot Detection is challenging these trusted sources, please contact Altostrat support with the relevant IP addresses or CIDR ranges, and we can add them to your tenant’s allowlist.