Shape Security disclosed today that after two years of research and development, the company has built a network security appliance called a botwall, which it said protects websites against a wide range of cyber attacks – scripts, bots and malware.
Shape said its network security appliance is the first commercial use of real-time polymorphism as a defense against scripted web attacks. It transparently modifies the underlying web code these attacks rely upon making web sites and web apps much more difficult to attack.
The new network security appliance is called ShapeShifter. It continuously changes the attack surface of a website by changing the web code, the HTML, CSS and JavaScript. Shape said this process removes the static elements in a website’s code that botnets and malware depend on for their automated attacks.
“Malware is very brittle and unprepared for constantly changing web codes,” said Neal Mueller, Shape’s head of product marketing. “Criminals will inevitably reprogram their malware, but it will still be deflected the next time they try to make an automated attack on a polymorphic website.” Meanwhile, Mueller added, the botwall reproduces the original experience for anyone who comes to the website.
“Shape’s technology bankrupts fraudsters by taking a page out of their own playbook,” added Robert Capps II, Senior Manager, Global Trust and Safety at StubHub, and who is familiar with the new technology. “ShapeShifter makes automated attacks more difficult and expensive. A ShapeShifter-protected website becomes a moving target for fraudsters.”
Shape’s Mueller said the company is ramping up channel distribution for sales. For now, the company is selling individual site licenses with multi-year contracts to brand name enterprises. Shape said beta tested the network appliance with more than 20 large enterprises over the past nine months.
Shape Security, based in Mountain View, CA was launched in 2011 by CEO Derek Smith, CTO Justin Call and VP of Products Sumit Agarwal. Smith and Call worked together earlier at Oakley Networks. Smith and Agarwal met when they were both working in the U.S. Department of Defense.
The founders raised $26 million from a number of venture capital firms. These included Venrock, Google Ventures, Allegis Capital, Kleiner Perkins Caufield & Byers and Tomorrow Ventures, the investment vehicle owned by Eric Schmidt, Google’s executive chairman.
Gail Bronson is an accomplished technology journalist and security start-up entrepreneur. She was the Founding Managing Editor of Bloomberg and the Founding Editor of Forbes Science & Technology section and she held stints at other publications including U.S. News & World Report and Internet Week.