Book a demo
Connect with us to explore our solutions or request a personalized offer
How We Detect Advanced Bots in Diverse Music Streaming Traffic
28 May, 2026 | 4 min
Every day, millions of streaming users access tracks, podcasts, and exclusive audio content from iOS and Android smartphones, Smart TVs, and CarPlay- and Android Auto-enabled car stereos—in short, from any device with the service app installed. In addition to legitimate user requests, the audio service’s traffic also contains significant illegitimate automation. These are primarily bots that exploit the app’s business logic and cause financial damage to the business.
"Our main threat is automated content scraping; we have even found ready-made tools online that can download tracks from our site."
CISO, Music Streaming Service
Challenge
Commercial success depends on the size of the paying audience, so streaming services must support a wide range of devices accessing their core web resource. The increasing variety of malicious bots impersonating real users makes streaming traffic even more complex.
Thus, several problems had to be solved simultaneously:
Thus, several problems had to be solved simultaneously:
- Protection against web scraping, SMS pumping and other automated web threats.
- Protection against unauthorized content downloads by bots.
- Legitimate traffic from any device running the streaming app is passed through.
"We receive highly diverse traffic from many app-enabled devices, including web browsers, mobile phones, TVs, and car stereos. To minimize false positives when protecting against bots, the filtering system must take this into account above all else."
CISO, Music Streaming Service
Solution
"Strictera's connection scheme is much simpler and more transparent than our previous provider’s, so we didn’t have to do any unnecessary work. We provide our origin IP and receive cleaned traffic in return. All the heavy lifting happens on Strictera’s side.
CISO, Music Streaming Service
When integrating WAAP, the diversity of user devices also had to be considered alongside legitimate automation. Training typically starts after full traffic analysis to avoid blocking legitimate bots and users. Within a couple of days, Strictera analysts trained the filtering system on all legitimate agents, including those named by the client in the questionnaire and those detected during the initial analysis.
"We have many internal automations to account for, including SRE monitoring services and QA test cases. This traffic is highly specific and was not immediately identified as legitimate bot traffic. During the December 2024 pilot, we experienced a DDoS attack exceeding 8 million RPM, which you successfully mitigated. That was a great inspiration to us".
CISO, Music Streaming Service
Results
After a 20-day training period, all traffic was routed through Strictera. Once WAAP was enabled for all streaming resources, including the API, the advanced bot problem was resolved.
"Application load and RPS improved significantly. Our SRE engineers were very positive about your work. The DevOps and web development teams also benefited from the anti-bot solution, gaining a useful tool for traffic management."
CISO, Music Streaming Service
Starting from 2024, Strictera is the key music streaming security provider.
"Our website is the heart of our business and our busiest web resource, under 24/7 monitoring. Today, with Servicepipe, we protect it against the widest possible range of attacks."
CISO, Music Streaming Service
Book a demo to see Strictera WAAP in action
Strictera
Innovative, scalable, and cost-efficient cybersecurity solutions to safeguard your networks, websites, apps, and APIs from evolving threats
Contact us by email:
Call the number:
Book a demo
Connect with us to explore our solutions or request a personalized offer
Table of contents