Shape Comes Out of Stealth, Launches Product to Reinvent Website Security
January 21, 2014 - Mountain View, CA
Shape Security today launched a revolutionary new product to protect websites against the most dangerous cyber attacks. The ShapeShifter is a network security appliance that prevents website breaches by immediately disabling the capability of malware, bots and other scripted attacks to interact with your web application.
"For years, attackers have used automated malware to conduct huge numbers of attacks on computer systems quickly and cheaply," said Bob Blakley, director of security innovation at Citigroup. "By taking a technique -- polymorphic code -- out of the attackers' own playbook, Shape turns the cost equation back around in the defender's favor."
The revolutionary technology
The key to being able to block attacks on websites from malware and other scripts is a technique called real-time polymorphism. Malware has long used polymorphism, rewriting its code every time a new machine was infected, to easily evade antivirus detection systems. Shape is now reversing this advantage, using polymorphic code as a powerful new foundational tool for website defense. Shape has invented patent-pending technology to be able to implement real-time polymorphism, or dynamically changing code, on any website, to remove the static elements that botnets and malware depend on for their attacks.
"Modern cybercriminals employ sophisticated attacks that operate at large scale while easily evading detection by security defenses," said Derek Smith, CEO of Shape Security. "The ShapeShifter focuses on deflection, not detection. Rather than guessing about traffic and trying to intercept specific attacks based on signatures or heuristics, we allow websites to simply disable the automation that makes these attacks possible."
When a ShapeShifter protects a website, instead of encountering an application with fixed elements that are trivial to program an attack against, cybercriminals now face the daunting task of making their malware interact with a web application that has become a moving target, constantly rewriting itself. All of this happens transparently, with legitimate users continuing to see the original, unchanged user interface.
"Shape is operating on a previously inaccessible layer of the security problem: the fact that everyone has a user interface, but user interfaces are inherently vulnerable to attacks from malware, bots and scripts," said Robert Lentz, former chief information security officer of the United States Department of Defense and member of the board of directors of FireEye. "By preventing automation against a website's user interface, Shape's technology allows enterprises to block dozens of attack categories, such as account takeover, application DDoS, and Man-in-the-Browser, with a single product. This is not only a powerful new tool for enterprises but a potentially disruptive technology for multiple sectors of the cybersecurity industry."
"The industry has long needed a botwall -- a new tier of your security architecture that blocks attacks from bots, malware and scripts, which are the source or enabler of nearly all breaches," said Ted Schlein, managing partner at Kleiner Perkins Caufield & Byers. "Shape has successfully created the world's first botwall. The Internet badly needs this. This is a game-changing technology."
Shape Security is led by a world-class team of former leaders from Google, the Pentagon, VMware, Cisco, Mozilla and Palo Alto Networks. The company has raised $26M in Series A and B funding from Kleiner Perkins Caufield & Byers, Venrock, Google Ventures, Wing Venture Partners, Allegis Capital, Google Executive Chairman Eric Schmidt's TomorrowVentures, and former Symantec CEO Enrique Salem. The company is currently accepting product demo and sales requests at www.shapesecurity.com.