DataDome Online Fraud & Bot Management

Additional Info

Company size (employees)100 to 499
Type of solutionCloud/SaaS


DataDome protects mobile apps, websites and APIs from online fraud and bot attacks. Its AI-powered bot detection engine processes more than a TRILLION pieces of data every day, from 26 worldwide points of presence, to protect the largest global e-commerce businesses in real time.

DataDome serves DevSecOps professionals with a SaaS platform, combined with enterprise-level professional services and dedicated bot Security Operations Centers (SOCs). It easily integrates with any web infrastructure, and a prospect under attack can be protected in less than an hour. Thanks to strong technical partnerships with all major cloud providers and CDNs, DataDome can also be activated at the edge in just a few clicks via platforms such as AWS, Fastly, Cloudflare and Salesforce Commerce Cloud.

DataDome’s solution requires no architecture changes or DNS rerouting, and will never be a single point of failure. It compares every request to a website or mobile application with a massive in-memory pattern database, and uses a blend of AI and machine learning to decide in less than 2 milliseconds whether access to those pages and/or APIs should be granted or not. DataDome’s algorithm updates continuously in order to identify and prevent both familiar and zero-day threats.

Getting a little more granular:

– One trillion signals are collected & processed in real-time every day, creating huge datasets
– DataDome’s infrastructure is designed so that this figure can scale x200 in a matter of seconds
– DataDome’s detection runs in less than 2ms (99p) from 26 points of presence
– Supervised, unsupervised & semi-supervised models are used and stacked up to detect bots from the very first request
– Datasets are analyzed: per request, per session, per IP, at different time scales on one or multiple customers’ traffic
– DataDome observes a false positive rate 0%
– DataDome detects a new bad bot every millisecond

How we are different

1. Ease of configuration: Compatible with 100% of infrastructures, DataDome requires no change to the application. Set-up & configuration take >5 min in full autonomy, thanks to 20+ out-of-the-box connectors, the ability to add JS tag to pages in a few clicks, and optimized SDKs that are stable (deployed over 500+ million devices), lightweight (90 kb), & unintrusive (64 b per request). All integration options provide the same protection & performance levels & can be combined to work on different applications. For customers under attack, fully efficient protection is achieved in less than 10 min from the time they activate their DataDome account.

2. Detection approach: DataDome detects both "good" and "bad" bots in real time using a wide range of concurrent techniques, including signature-based detection; vulnerability scanning rules; IP/Autonomous system reputation; session reputation; HTTP/JS/ device fingerprinting; TLS fingerprinting; and machine learning, among others.

3. End-customer experience: DataDome's high availability and no-added-latency makes its protection completely invisible for 99.99% of end-customers. Users whose sessions get challenged benefit from an enhanced user experience with no redirection: the exact same URL and the exact same look and feel (language, design, content). DataDome’s challenge blends completely with DataDome customers' UX. The efficiency of the challenge and UX quality is consistent across endpoints: mobile apps, websites, APIs. This enhanced, frictionless experience brings DataDome's false positive rate to undetectable levels, 0%.