New shape-shifting security tech to prevent cyber attacks


by CBR Staff Writer| 23 January 2014

Projected to cut down global cyber attacks by half.

US start-up Shape Security has unveiled a new technology, dubbed ShapeShifter, which is claimed to defend websites against cyber hackers by constantly changing websites' code.

Working with HTML, JavaScript and CSS languages, the new network security appliance instantly disables the capability of malware, bots and other scripted attacks to interact with users' web application by transforming the site's code into a 'moving target'.

Shape Security founder Sumit Agarwal said that all the process happens without creating any user-visible changes.

"The website looks and feels exactly the same to legitimate users, but the underlying site code (HTML, JavaScript, and CSS) is different on every pageview," Agarwal said.

"Because bots must reference the content is some manner, this never-ending modulation of the site code breaks scripts and deflects attacks.

"Ultimately, the ShapeShifter aims to stop non-human visitors from executing large-scale automated attacks.

"This may help break the economics of breaches like the one Target experienced in late 2013, by eliminating the monetisation path."

The new technology also ditches hackers' efforts to counter detection via 'real-time polymorphism', which facilitates their bots to modify their own code always when infecting a new device and make them harder to be detected.

The start-up has also raised $26min funds to support the launch of the new product, with backers including Kleiner Perkins Caufield & Byers, Venrock, Google Ventures, Wing Venture Partners, Allegis Capital, TomorrowVentures, and ex-Symantec CEO Enrique Salem.

Shape Security CEO Derek Smith said modern cybercriminals employ sophisticated attacks that operate at large scale while easily evading detection by security defenses."

"The ShapeShifter focuses on deflection, not detection. Rather than guessing about traffic and trying to intercept specific attacks based on signatures or heuristics, we allow websites to simply disable the automation that makes these attacks possible," Smith said.

Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

716 people like this.
1561 people follow this.

Security Intelligence

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.