Have a question? Our team is here to help guide you on your automation journey.
Browse documentation on how to install, configure, and use our products effectively.
Explore support plans designed to match your business requirements.
Powered By
Automation Success Platform Create a system of work with our connected suite of intelligent automation apps and tools to discover, automate, scale and engage. Explore our Platform Explore our Platform
Featured Solution
Featured Solution
Accelerate your business with a digital workforce
Get Community Edition: Start automating instantly with FREE access to full-featured automation with Cloud Community Edition.
Featured
Now & Next: State of Intelligent Automation Report Learn how automation leaders are embracing Intelligent Automation & generative AI for increased productivity, innovation & growth. Download Report Download Report
Featured case study
Leading Broker-dealer Osaic Transforms Business Through Intelligent Automation. Explore case study Explore case study
Get in touch with us Get help, know more, learn, ask questions, or just say Hi! Contact Us Contact Us
Blog
Bot security should be top of mind for everyone involved in automation. The Ponemon Institute, which conducts research on data protection and emerging information technologies, estimates that cybersecurity prevention efforts can save businesses up to $1.4 Million per attack. For bot builders and users, following best practices in bot security minimizes risk while speeding deployment bypassing even the toughest IT requirements.
We’ve compiled eight of the top best practices to ensure you deploy safe and secure bots on the Automation Anywhere Bot Store.
The first step is to perform a malware analysis so that you can be prepared for any unexpected results. Tools such as Virus Total will scan your software against malicious content using antivirus engines. This step is a requirement to list any bots on the Bot Store, and it’s a good practice to follow in your own organization, as well.
As a pre-deployment activity and part of ensuring your bot is free from common security vulnerabilities, such as insecure dependencies or cleartext passwords embedded in code, the application source code should be scanned by a reputable analysis scanner. Some examples of reputable tools include Veracode, Coverity, Fortify, and Checkmarx. This is a requirement for Level 3 of the security verification as part of our Bot Security Program.
Developers are increasingly using open-source libraries to meet the demands of accelerated development times; however, they are also becoming the most popular attack vector. Any company implementing an open-source library needs to ensure that it is safe to use and ensure that it is up to date on any known vulnerabilities. Companies can integrate SCA tools such as Black Duck and Veracode to provide the ability to integrate open-source security management throughout a DevOps environment from IDE through to a runtime platform. This will enable developers to take advantage of open-source libraries without increasing risk.
Another pre-deployment activity that is good to perform is a dependency analysis on your bot. A dependency analysis will examine all dependencies for known security issues. Black Duck can be used to perform this activity. Learn more about dependency analysis through our Secure Bot Developer learning path on Automation Anywhere University.
The process of exporting a bot is as simple as right-clicking on it and selecting export to a zip file. To reuse your bot in other automations, or to prepare your bot for Bot Store submission, requires unpacking the zip file and ensuring the bot follows a specific format to enable reusability. It’s a best practice to ensure that any bot includes a README file to document how the bot works and includes the necessary dependencies. If you are publishing to Bot Store, you also need to include the necessary licensing files.
View the GitHub page that provides a sample bot deployment package and directory structure for all libraries, tasks, and bot resources. Use this as an example when ensuring that your bot package is properly structured and formatted.
Paid Bot Store bots built on Enterprise V11.3.3 (and above) must have a License Info.txt, ATMX Protection Info.txt, and an MBOT Protection Info.txt file in their root directories. Get details on licensing and protection file information.
Adding as much detail as possible to the README file is important to help bot users understand the security risks and considerations associated with using your bot. The following items are required to meet the security requirements of the Bot Security Program:
In addition, documentation is required of all errors or exceptions that the bot raises so that any necessary alert/incident management systems can be integrated with it.
Implementing the eight best practices and getting certified through the Automation Anywhere Secure Bot Developer learning path are the most important things you can do to successfully and securely deploy a bot. Applying bot security principles to all areas, from malware scanning to packaging, will help prevent cybersecurity defects with minimal time and energy.
Gautam Roy leads the product marketing and strategy of security features for the Automation Anywhere product portfolio.
Subscribe via EmailView All Posts LinkedInFor Students & Developers
Start your RPA journey instantly with FREE access to Community Edition