Botnet Blocker Startup Takes 'Shape' In Silicon Valley
January 22, 2014

Shape Security Unveils New Network Security Device To Defend Against Hackers

Enid Burns for - Your Universe Online

The next big line of defense against hackers is the web security company Shape Security which came out of stealth mode on Tuesday. The Silicon Valley startup revealed its ShapeShifter network security appliance, which will help websites and businesses block hacking attempts such as malware and bots.

The ShapeShifter network security appliance prevents website breaches by immediately disabling the capability of malware, bots and other scripted attacks that try to interact with the web site or application.

Shape's device uses real-time polymorphism to block malware and other script attacks from websites. It uses the same polymorphism technology as malware and other hacking attempts. Polymorphism works by rewriting its code every time a new machine is infected, or in this case, every time an attempt is blocked. The appliance uses a patent-pending technology that implements real-time polymorphism to dynamically change the code on any website. This removes static elements that botnets and malware depend on.

"For years, attackers have used automated malware to conduct huge numbers of attacks on computer systems quickly and cheaply," said Bob Blakley, director of security innovation at Citigroup, in a Shape Security statement. "By taking a technique -- polymorphic code -- out of the attackers' own playbook, Shape turns the cost equation back around in the defender's favor."

"Modern cybercriminals employ sophisticated attacks that operate at large scale while easily evading detection by security defenses," said Derek Smith, CEO of Shape Security, in a corporate statement. "The ShapeShifter focuses on deflection, not detection. Rather than guessing about traffic and trying to intercept specific attacks based on signatures or heuristics, we allow websites to simply disable the automation that makes these attacks possible."

The ShapeShifter makes malware interact with a web application, adding a new layer for hackers to defeat while playing the hackers' own game.

"Shape is operating on a previously inaccessible layer of the security problem: the fact that everyone has a user interface, but user interfaces are inherently vulnerable to attacks from malware, bots and scripts," said Robert Lentz, former chief information security officer of the United States Department of defense and a member of the board of directors of FireEye. "By preventing automation against a website's user interface, Shape's technology allows enterprises to block dozens of attack categories, such as account takeover, application DDoS, and Man-in-the-Browser, with a single product. This is not only a powerful new tool for enterprises but a potentially disruptive technology for multiple sectors of the cybersecurity industry."

The new layer is being touted as a "botwall."

"The industry has long needed a botwall -- a new tier of your security architecture that blocks attacks from bots, malware and scripts, which are the source or enabler of nearly all breaches," said Ted Schlein, managing partner at Kleiner Perkins Caufield & Byers. "Shape has successfully created the world's first botwall. The Internet badly needs this. This is a game-changing technology."

The company was founded by former Googlers, USA Today reports. Co-founder Sumit Agarwal serves as products vice president. He was a product chief at Google and helped port Google maps to the Android mobile device platform. He also worked on AdWords, which grew into a $6 billion business under his supervision.

Agarwal works closely with Shuman Ghosemajumder, who serves as strategy vice president. Ghosemajumder worked at Google on development of systems that combat click fraud and other issues.