Security, performance, and availability are converging like never before. Nowhere is this more evident than in the seemingly unending waves of DDoS attacks. What all of these attacks have in common, whether targeted at the carrier networks or application servers, is the use of automation by attackers. For years, we have been told to scan for and patch vulnerabilities. Yet, we are still getting DoS'd and worse yet, breached. Identifying Botnets and other automated traffic dynamically has a far greater impact by shrinking the threat model and reducing traffic load. This talk explores various detection and mitigation methods as well as the material impact of successful deployment. The talk does not espouse a product so much as countermeasures that should be sought in any of a variety of security products, including Web App Firewall (WAF).