In this episode of the Smooth Scaling Podcast, Ilia Bromberg (Akamai) and Martin Larsen (Queue-it) explore the evolution of bots, the growing complexity of detecting them, and the real-world impact on hype events like product drops and ticket sales. They introduce Hype Event Protection, a new joint solution from Queue-it and Akamai, designed to level the playing field for genuine users. The discussion covers technical approaches to bot mitigation, performance optimization, and the importance of layered defenses for high-demand online events.
Ilia Bromberg is a Principal Solutions Engineer at Akamai Technologies with nearly 30 years experience helping organizations secure and scale their digital environments. A seasoned leader in web and application security, he has been named Akamai’s Solutions Engineer of the Year and has earned multiple hackathon and innovation awards. He holds CISSP, CCSP, and GWAPT certifications and specializes in WAFs, bot management, API security, DNS, and zero trust technologies.
Martin Larsen is a Distinguished Product Architect at Queue-it. Starting as a software developer, Martin was one of the company’s first employees. He played an instrumental role in building the foundations of Queue-it and is heavily involved in activities including the design, architecture, testing, and deployment of the virtual waiting room, as well as defining and executing on product vision.
Episode transcript:
Jose
Hello and welcome to the Smooth Scaling Podcast, where we're speaking with industry experts to uncover how to design, build, and run scalable and resilient systems. I'm your host, Jose Quaresma, and today we have a special episode where we chat with Martin Larsen, Distinguished Product Architect here at Queue-it, and Ilia Bromberg, who's a Principal Solutions Engineer at Akamai—and who spent two and a half years as a Senior Product Manager for Akamai's Bot Manager technology.
It was a super insightful conversation about hype events, the evolution of bots over the past many years, and how that led to the development of the Hype Event Protection feature, which is a joint solution between Queue-it and Akamai, with the main goal of taking the fight against bots to the next level. Enjoy!
A very big welcome to you, Martin and Ilia.
Ilia
Pleasure to be here. Thanks for inviting us.
Jose
Thank you. We're here today to talk about a new feature called Hype Event Protection. It's a joint solution between Akamai Bot Manager and Queue-it. Before we dive into that and get into a little more detail about the solution and the benefits, we'd like to start with just a little bit about bots, right? I mean, why are bots a problem, and why should we care?
Ilia
Well, bots are the issue, indeed. I mean, it's not news any longer for anyone. We've noticed—and when I say "we," I'm talking about the technical staff at Akamai, colleagues and such—we've noticed bots becoming a real issue since the very early days.
When it comes to "security" in the cloud, it started first and foremost with protection against volumetric attacks, like web application firewalls. And then, because bots have always been there, we saw that in the beginning, the world was protecting itself against bot traffic with firewalls. But it became pretty clear that firewalls are just hugely inefficient against bots.
First and foremost—what is actually a bot, right? If we try to define it, I think the modern definition of a bot would be: any traffic, whether web or mobile, using native mobile applications, that is not immediately or directly originating from a human.
Meaning, if I'm in front of the browser or I'm using a mobile app, that's human. If anything else—probably the latest example would be the AI agents, which we now have sometimes built into some operating systems—if I program or script or set something to be done on my behalf, but not by me directly, that is probably the best modern definition of what a bot is.
Jose
I think it was very interesting that you mentioned that kind of the now the agentic web, I guess, with all the AI agents. So I do see the point of that being a bot, but I guess it would still be a legitimate bot, right? If I, as a person, ask my bot to do something for me.
So I guess it's just adding more complexity to an already complex world of being able to identify what's a good bot or a bad bot. Is that how you're seeing it as well?
Ilia
That's an excellent point. In essence, not all bots are born equal. Some are good, some are bad, and there's a huge grey area in the middle. Good bots are naturally all those crawlers, such as web crawlers. Bing bots or Google bots are known as being the "good bots," and the world has, for many years, actually been optimizing their content for Google, for Bing, for other good scrapers depending on what geography you live in—Baidu in China, Yandex in Russia, you name it. But there are good crawlers.
Obviously, there are many bad ones, and there's even a bigger, I would say, kind of bot realm which sits in the middle. It depends who you are. If you're collecting traffic, you're like, “Oh, I like those bots. Those scrapers are actually very useful—they collect the data for me, I can find the best price for airline tickets or concert seats.” And on the other hand, if you're running the infrastructure that serves or sells those tickets or airline seats, you're saying “No, those bots are definitely nefarious because they're disrupting so many things we're doing.”
And then of course there are clearly "bad bots," for example, ones that download stolen credit card credentials and run them, trying to validate them against various websites. So from that trove of, say, 100,000 stolen credit cards, they want to get down to the list of cards that are still legit, that haven't been blocked. Or if there's a set of stolen credentials, they’ll run them against popular sites to see if the same user has been reusing their credentials across an airline website, a shopping site, etc.—so-called account takeover or credential abuse, however you call it. Those are definitely "bad bots."
Martin
Well, it's actually quite different from company to company—what is a bad bot, what is a good bot? Is a bot that ends up in the waiting room and buys the item or ticket at the end, is that a good bot? It did buy the item and didn't disrupt the sale, maybe, so maybe it's good. But then you can have other bots—let's say carting bots or denial-of-inventory bots—that pick up all the items and put them in carts and never check out, and basically destroy the entire sale so items can't be sold. So those are definitely bad. But where's the line? That's very difficult.
Jose
Yeah, fully agree. And I guess that's part of the big complexity when talking about, "Oh, can I block bots?" Well, let's talk about it. What do you mean, right?
Ilia, starting with you, how have you seen bots evolving during your career? You said you've seen them from almost the beginning, but have there been some big shifts in how they operate or the kind of impact they have on businesses?
Ilia
There's been quite an evolution. Naturally, the very first or earlier bots were actually driven by simple scripts, written in scripting languages, be that shell scripting like Bash, for example, or some Python coding, etc. Because it's pretty easy to write a simple loop that combines the necessary HTTP headers and fires that request, collecting the data. Pretty simple. Those bots have been around for quite a while, still are here, but those are, I would say, benign ones. They're very easy to detect and very easy to protect against. They're still causing harm if allowed to be out there without any restrictions or protections. So those were the simplest ones.
Then came all sorts of frameworks, like PhantomJS, for example, that started—or became—much closer in emulating full-blown browsers. And I don't remember the exact year, but if memory serves, it was maybe 2017–18 when both Google and Mozilla released headless versions of their browsers. Meaning Chrome or Firefox could be driven just from the command line. And that created—I wouldn’t say a revolution—but it literally took bots to the next phase. Because if before you could say, "Well, it's pretty easy to detect," you’d look at the headers, you’d look at a bunch of passive signals around the request and go, "Oh yeah, it's clearly a known framework like PhantomJS," now everything looks like perfect Chrome or perfect Firefox.
Not perfect—there are still techniques for detecting, and many vendors, including Akamai of course, are quite successful at detecting those. But that was the next evolution. That also brought with it various offers. We're now seeing—from script kiddies, some student in a dorm room just trying to detect when the price for a certain flight drops below a threshold—scripting something like that, monitoring prices, collecting prices from several vendors.
Then it moved into more of a bot-as-a-service model. Sometimes scraping-as-a-service. There are several vendors out there that provide large commercial platforms built not just to collect data, but also analyze, aggregate it. And you don’t need to script much anymore. It's a full-blown commercial operation, which also includes things like CAPTCHA solving as a feature. They’ll say, "Oh yeah, if the information provider is presenting you with some sort of a challenge, we know how to solve it for you—transparently. No need to code it or become a hacker, or spend endless nights doing anything like that."
So it is always evolving. There is a demand for data, for data collection. And as long as there's demand—and there’s always going to be demand like that—there are going to be bots.
Martin
The demand part is actually kind of funny because, let's say ten years ago we did see bots in the waiting rooms. They weren’t that sophisticated, as you mentioned. And then, of course, the game became more sophisticated. We saw more bots in ticketing especially.
Then came the COVID pandemic, and all these organizations and bot makers couldn’t really make money on tickets anymore because they weren’t being sold. So they moved the entire business into the e-commerce part of the world. We started seeing the same bots attacking all kinds of commercial products—graphic cards, sneakers, whatnot—trying to make their money there instead. And we haven't actually seen that go away. So now we just have bots everywhere.
Jose
I feel like part of that evolution was also the increasing use of residential IPs from the bot perspective. Is that something—Ilia or Martin—is that something you have clear data on? Like, oh yes, it was around this time we started seeing more broad activity from residential IPs and not specific data centers?
Ilia
Definitely. So what’s actually happening—back to the aspect of bot-as-a-service or scraping-as-a-service—by the way, those companies usually call themselves data collection companies. What they do is, if you go to the Android Store or Apple Store, sometimes you can download free apps, like a free VPN or some games, etc.
As we all know, free cheese is only in the mousetrap. Seriously. What’s actually happening is that those apps are intentionally—and we can argue about legality, that depends on geography and the fine print—but sometimes in those free VPN clients people install, yes, they do provide a VPN service, but at the same time they’re also used as scraping agents, performing those requests.
As a result, we do see—as a big platform that analyzes traffic from hundreds or thousands of customers worldwide—we see a highly diverse set of devices performing requests. You can tell it's clearly bot traffic based on the attributes, and yet it's not uncommon to see tens of thousands of IP addresses behind it. That means there are devices performing scraping or data collection requests coming from residential IPs. That’s absolutely normal.
So there's no need—someone might say, “Oh, it must be malware running on a Windows machine.” No, not necessarily. People unknowingly—or sometimes they just don’t care—they say, “Oh, the game works,” or “The VPN client works and it’s free, it does the job, awesome.” Well, it’s also performing a few requests here and there, you know?
Jose
I also always wonder how many tickets my washing machine has purchased throughout the years, but I think I’ll never know.
Martin
Yeah, I mean, you say dozens of thousands of IPs—I think it's more like hundreds of thousands of IPs sometimes. It’s really a lot of IPs that perform these attacks.
Jose
Thank you for your knowledge and insight into the evolution of bots and how they operate. Maybe taking a step forward toward our main topic today, which is the Hype Event Protection feature. So we started talking about why bots—but maybe we should also try to define a hype event, right? The feature is called Hype Event Protection, so how would you define a hype event?
Martin
Yeah, so basically, a lot of what we do at Queue-it is help customers execute these hype events. It’s something where there’s high demand for an item—it could be a ticket, it could be a registration for something. And typically, when there’s high demand, there’s also, in many cases, much lower supply. So in those cases, we see a lot of bot activity, obviously.
Both because there could be a high resale value in these items, but also because maybe that’s simply the best way for a normal user—a normal person—to be sure they get a ticket. So you see genuine users also using bots just to ensure they get one. Basically, anything with high demand.
Sometimes—most of the time—it’s announced upfront. There’s a specific date, like a ticket for a concert going on sale, and it’s announced weeks in advance. Other times, it’s something that pops up out of the blue. And there we see other bots—bot makers will have bots monitoring for when something goes on sale. We see that sometimes with Pokémon cards, for instance. All of a sudden a batch is released, and the bot will know instantly, and then we get the spike. That’s also a kind of hype sale in my mind.
Jose
And you mentioned bots in relation to hype events—Martin, do you have some data to share on sales?
Martin
Very different from sale to sale, but it's not uncommon that we see 90–95% of the visitors that line up in the waiting room are actually bots. So it might be that we get a million, two million people before the sale starts, and then only, you know, 10, 20, 30,000 of those are actually real—genuine.
Jose
And Ilia, does that align with what you see on your side?
Ilia
Practically, it does align very well. And that's pretty much the reason why both companies joined forces in helping and collaborating on building this solution. But yes, indeed—be it a spontaneous event, maybe a celebrity announces something and the crowds rush to buy it—that creates a sharp spike in traffic, which is always a big issue for the infrastructure serving that traffic.
It can also be a well-planned event. If a sale is starting at a specific time, or it can be more gradual events. For example, what we're seeing around the holidays—at least in North America—with Thanksgiving, with its famous Black Friday and Cyber Monday afterward. We don’t see a super sharp spike—there’s still a certain rise in traffic, then it goes a little slower because people get to the table, right? Thanksgiving Turkey, literally.
You see for a few hours it dips a little, and then, with full bellies, people get back to their devices to start shopping, because there are deals out there. Then you see another spike. It drops a bit overnight, and then Monday—Cyber Monday—it starts again. So yeah, very much so.
I can even give you a couple of anecdotes. We see spikes around some sports games—be that American football, soccer (European football), hockey matches, and stuff like that. When the winning team is decided—for example, during a final—you never know who's going to win, right?
I was told once, again without disclosing the vendor, that one company prints t-shirts saying, “So-and-so team is the winner of [game name].” And what they do is actually print two sets—for both teams. “Team A is the world champion” and “Team B is the world champion.” They know one of those sets is going to sell out, for sure.
And once the final whistle blows, you immediately see a huge spike in purchases.
By the way, the second set of t-shirts, which reference an event that never actually happened—those usually get donated. So you may occasionally find a soccer team, maybe somewhere in Africa, wearing totally legit and authentic t-shirts saying that some team won a championship—which they never did.
But anyway, that’s our universe. It’s just far, far away, so they don’t embarrass their fans.
Jose
Very good. And as we know, there is also a big impact from that, right? Some of our own Queue-it research shows that—especially among Gen Z—there are slightly higher numbers in terms of how much they care. I think it's 73% of Gen Z who are more willing to trust a business if they know that it’s blocking bad bots and scalpers. So definitely a big business impact there.
Ilia
And vice versa. There can be just a couple of unhappy shoppers—even if the event goes really well—but especially if those shoppers happen to be influencers or so.
Nowadays, with social media, it’s pretty easy to create, I would say, a social storm of sorts. Sometimes it’s just a total incident, and sometimes it’s intentional. But yeah, you don’t need to be an influencer to occasionally spike a negative PR campaign against a certain brand.
Martin
We see some of these sales where it’s not really the earnings from the actual sales that are important. Let’s say, for instance, Pokémon cards—I used that example before—but with Pokémon cards, you’re maybe selling 20 cards or whatever.
It’s not the money made from that; it’s actually the loyalty from customers, the marketing value you get out of it. And if all of those cards end up with bots and are resold on a third-party website at a higher markup, then you're not really getting what you wanted. Because customers are unhappy, and influencers and so forth will convey that message nowadays.
Jose
But it is, as I mentioned, a very complex scenario we’re in. And it’s a fine line between protecting against bots while also trying to avoid impacting legitimate users. The more bots look like legitimate users, the more likely there are going to be some errors. It's a constant focus to get that right.
Ilia
We've noticed that our customers—or companies that try to protect their events—they often use the term "fair purchase experience." Their goal is to serve their customers—humans—as best as they can. You're absolutely correct that with limited inventory—tickets or whatever items—it’s going to be sold out. The question isn’t whether it sells out. It will. The question is: to whom?
Are there going to be humans who, by the end of it, say, “Nah, I never have a chance to buy those tickets. They announce the sale, I go to the page, boom, everything is sold. Who can buy them?” And then you hear, “Oh yeah, there’s this resale website where some seller has dozens of those tickets.” How did he get them?
Naturally, it’s been through a scripted mechanism of some sort. No one is opening 20 windows on their screen—maybe some do—but it still takes time to navigate between them. Scripted techniques are so much faster than any human being.
Martin
There's also been a change in how this is perceived by companies. If I remember some years back—say five or seven years ago—we had this mindset of, “Oh yeah, we're gonna sell out, that’s fine. Doesn’t matter who buys.”
But then artists became unhappy because their fans weren’t getting tickets, and collectors' items were being resold, and so on. There’s been a shift over the last five years or so, with more and more focus on this. We even see governments starting to get involved in the conversation.
Ilia
Anecdotally again—I’ve seen this only once so far—but I went to a show long ago, and I can even mention the artist: Tom Waits, here in Atlanta. Anyone buying a ticket had to provide their name, and before the show, everyone had to collect their tickets physically. Even though it was absolutely common at that time to buy tickets online, you still had to stand in line at a window, show your ID, and only if the ID matched the printed name would they give you the ticket.
That was actually the artist’s demand—Tom Waits—saying that to combat resellers, that was the technique. He wanted to enforce a fair purchase. And of course, it was a fair purchase that way, but as we always know, things like that come at the cost of great inconvenience.
You couldn’t be late—very high probability you'd miss the show if you were. You had to go to the windows, have people there, people standing in line. It was quite efficient, I have to say, but still added an extra ten or fifteen minutes for everyone to arrive before the show to collect their tickets.
So again, there are techniques—not necessarily programmatic or tech-based—but you need to be absolutely sure your fans are going to be okay with them.
Jose
And talking about programmatic techniques, I think it’s a good segue into Hype Event Protection and the feature that has just been released. Before we go into the joint solution we have—using both Akamai and Queue-it in this feature—Ilia, can you tell us a bit more about Akamai Bot Manager, which is definitely part of that solution?
Ilia
Yeah, happily. In short, Akamai is delivering content downstream to our customers, supplying all sorts of traffic and performance optimization—and traffic shaping techniques if necessary. On top of that content delivery platform, there’s also a security stack that runs on it.
That security stack starts from the bottom up—basic stuff like network firewall (layer 3, layer 4), going up to layer 7 firewalls, protecting against attacks like SQL injections, path traversal, cross-site scripting, and so on.
Then, on top of that, the next layer of inspection is determining whether the traffic we're seeing—those requests coming through—are actually from human beings or not. It all starts with detection. We provide that insight in near real time to our customers, and then they can choose whether or how they want to mitigate it.
There are different ways to mitigate—not just blanket denial or blocking. There are more subtle and smarter ways of dealing with bad traffic, especially with that "shades of grey" kind of traffic. And that’s the idea: it starts with detection, and on top of it comes the virtual waiting room, right? Which Martin is definitely more qualified to speak about.
Martin
So Queue-it provides a virtual waiting room. It’s much like a physical line you’d stand in at the pharmacy—you get a number in the line, and then you move to the transaction side when it’s your turn.
Basically, we take all the users, offload them to our service, put them in a sequential line, and then process them when the site is ready. And while doing this, we put a lot of focus on fairness, transparency, and creating trust for the end user. We want the experience to be trustworthy.
One of the ways we do this is through first-in, first-out lining—so you know exactly where you are in the waiting room, along the line.
Jose
How would you say that it then—what does it bring to Hype Event Protection? How do you see these two together working to prevent bots?
Ilia
I think it all starts with availability, first and foremost. Because it doesn’t really matter—bots or no bots—if the system is not available. It becomes kind of an oxymoron. So availability is key.
The virtual waiting room helps by becoming that kind of virtual buffer that can withstand the potential tsunami or surge of traffic. That’s a very important value. And once we have that buffer—once we ensure that the event is available—now the question becomes: available to whom? To bots or to humans?
That’s where the bot manager comes in, helping event managers and operators prioritize humans and deprioritize bots.
Martin
Yeah, and I think for me that’s the essential part. We’re focusing now on giving genuine visitors access to the items. And it’s a kind of new way of mitigating, because as we talked about, it’s different from company to company and use case to use case—how you actually want to treat bots, and what are good bots versus bad bots.
Hype Event Protection gives you different ways to manage the traffic coming from bots.
Ilia
Just to summarize, there’s one more aspect worth mentioning. Naturally, there’s brand reputation and the fair purchase experience—but then there’s also a matter of cost.
Some vendors, preparing for a high increase in traffic, without having appropriate tools in their toolbox, fall back on traditional approaches—like overprovisioning their environment. They provision for much higher traffic, which is often caused by bots.
So the cost—in terms of a potentially smaller infrastructure footprint, and also fewer human resources needed to monitor the event and respond to issues—that’s significant. These tools help reduce the cost aspect as well.
Martin
That’s an excellent point. We’ve seen customers in the past doing hype events—starting them because they see the marketing value—and then giving up, because it’s just too hard to do.
Both from the standpoint of resources needed to execute, and because bots end up messing up the entire sale. You spend a lot of resources executing a sale, and it goes sideways because of bots. We’ve seen that over and over again.
On the other hand, we’ve also seen organizations start this, and maybe at first it involved 30 people to execute a sale. Then, after they’ve done it a few times, that comes down to just a few people.
So it’s definitely possible—but there’s this joker: bots actually destroying the whole sale. And then we get back to brand reputation and everything else that turns the outcome into a negative one for customers.
Jose
Let’s say I’m a customer—or a potential customer—with a peak event coming up. How would the preparation for that event look with Hype Event Protection?
Actually, I want to ask two things: how the preparation would look, and what results are to be expected. I think we have some really exciting data on the initial results because we’ve had customers running this in beta. So it would be really nice to touch on those two things. Maybe starting with the preparation—how would that look?
Martin
We always recommend that if it’s a scheduled, planned sale, you inform the end users—your visitors—that the sale is coming, say a week or two in advance. That way, people are ready before the event starts.
This is really important because if you don’t inform users and just release a batch of items, bots will definitely be the first to notice. So it’s important that genuine visitors actually get a chance to attend the sale.
That’s the first part. Then of course, we need to get the whole thing set up—the Akamai Bot Manager and Queue-it working together to look at the visitors and manage them in the way you want them to be managed.
Jose
Ilia, anything to add—especially from the Akamai side? Would there be anything beyond the waiting room and the Hype Event Protection experience that you’d be discussing with a customer?
Ilia
Oh yeah, there’s actually quite a lot. We’ve been preparing customers for seasonal traffic or specific events for years, naturally. And there are quite—well, I wouldn't exactly call them checklists—but a very well-defined set of recommendations.
The virtual waiting room is a big and very important one. But I’d break it down at a higher level into three main areas: performance, security, and people—because someone has to run all of this.
From a performance aspect, any performance engineer will tell you that the fastest request is the one that’s never made. So improving offload through techniques like caching is essential—not only to speed things up but also to reduce load on the infrastructure during events.
There are many techniques to reduce the need for building dynamic pages, which are compute-intensive and expensive. Optimizing images is another—serving the correct size for the screen instead of sending megabytes that just get downsized by the device. Browser cache techniques, reviewing what third-party content is on the page—especially for retailers, who often have lots of third-party scripts you don’t control—all of that matters. Not losing control over those is important.
Virtual waiting rooms are, of course, super important—especially when it comes to protecting the infrastructure behind the most expensive and most critical pages. That’s where you want the virtual waiting room and Hype Event Protection in place.
Then there’s the security aspect: protecting the infrastructure against volumetric attacks. Just because some unhappy teenager can trigger a DDoS storm doesn’t mean you should be vulnerable. We occasionally see that with gaming customers, for example. There's been a big tournament, and right after that, there's a volumetric DDoS attack. Why? Because the losing team decided, "Okay, we lost on the battlefield—we’ll show you on the cyber battlefield."
Other techniques include blocking traffic from certain countries. For example, years ago, with COVID shot registration—if the shots were in Atlanta, there’s no real reason to accept traffic from Mozambique. No offense to Mozambique—but it just doesn’t make sense for that context. So you focus only on the traffic from the relevant geography. That’s a simple but effective technique.
Then rate limiting—making sure you’re not allowing, say, 20 requests in two seconds from the same IP. That’s likely not human behavior. So reviewing your rate limiting posture is crucial, especially ahead of holidays or major events where traffic will spike. The rules that work well on a “sunny day” may not hold up on a “rainy day” with elevated traffic.
And last but not least: people. Having people on standby if necessary, making sure they know what they’re doing, who to call, and how to act if there’s an incident. All those processes need to be in place, and everyone needs to know what to do.
Jose
Thank you—and the examples you gave are just further proof of the complexity of what we're dealing with, right? You gave the example of the COVID vaccines in Atlanta and blocking Mozambique. But what if there’s a U.S. citizen from Atlanta who’s on holiday in Mozambique and wants to register for a vaccine?
Or what if it’s a benign VPN endpoint? You might naturally see a lot of requests from those IPs. So it just adds nuance and complexity to those algorithms.
Ilia
Absolutely. There’s no single solution that’s going to be a silver bullet. It’s layered. You can think of it like a funnel—you gradually reduce the probability of nefarious traffic down to the bare minimum, to make it as manageable as possible.
Martin
There's also an aspect of practice. It’s not going to be perfect the first time—it’s a process of continuous improvement. That’s been my experience.
Jose
And Martin, I know that when I started asking about the example of a customer or prospect with a peak event, I also alluded to the fact that we have some data from our beta customers—on what a customer or prospect should expect from bot protection with our Hype Event Protection solution. Can you share a little of that?
Martin
Yeah, sure. We've been talking about some of it, and I just want to start by stressing that every use case is different. But we do have some cases where we’ve seen 98% of sessions coming from bots. And if you think about it, that means bots would have a fifty times better chance of getting the items you’re selling.
I’m happy to say that Akamai was successful in detecting those bots, and we were actually able to give access in the waiting room to the genuine users.
Jose
That's some impressive numbers, and it’s such a pleasure to be part of that—to be helping our customers serve their users, right?
Martin
But that’s an extreme example. We have other data from sales that go a bit further and say, okay, maybe 10% of the traffic was real—visitors we’re confident were genuine. And what we see is that they actually complete 60 to 80% of the transactions.
So if they're there to buy, let’s say, tickets, that 10% will end up buying the majority of the tickets. Meanwhile, the 50 to 70% we marked as clearly bots only complete 1 to 2% of the actual transactions.
In my mind, that’s exactly what we’re going for here—we’re trying to give access to items or resources to the people we want to serve.
Jose
Maybe before we wrap up, I’d like to ask: what are the prerequisites? So if there’s anyone listening out there—whether they’re already a customer or not—what should they do to get more info, and what are the overall prerequisites for setting this up?
Ilia
The prerequisite is very simple—you just need to have the proper tools in place. Literally, Bot Manager and a virtual waiting room. They need to be in place—pretty simple and straightforward.
Finding more information is easy; it’s out there on how to set things up. That’s part of the documentation, of course. And the announcement, I believe, is going to be published any moment now, so our customers should be well informed.
And last but not least, both the Queue-it team and the Akamai team have excellent professional services who know how to spring into action and set things up. So that’s yet another source of support.
Jose
We went through bots and the evolution of bots. We talked about what a hype event is and how important it is to prepare and be ready. Then we talked about Hype Event Protection—our new joint solution from Queue-it and Akamai—to help businesses protect their hype events against bots.
Really appreciate your time, Ilia, Martin. Anything you’d like to add before we wrap up?
Martin
No, not from my side.
Jose
Thanks a lot.
Ilia
Thank you very much for having us.
Jose
Thank you for the great chat.
And that's it for this episode of the Smooth Scaling Podcast. Thank you so much for listening. If you enjoyed it, consider subscribing—and perhaps share it with a friend or colleague. If you want to share any thoughts or comments with us, send them to smoothscaling@queue-it.com.
This podcast is researched by Joseph Thwaites, produced by Perseu Mandillo, and brought to you by Queue-it—your virtual waiting room partner.
I'm your host, Jose Quaresma. Until next time, keep it smooth, keep it scalable.
[This transcript was generated using AI and may contain errors.]