Start-up debuts 'shape-shifting' technology to protect web servers

By , Network World |  Security

Backed by a lineup of elite investors, start-up Shape Security comes out of stealth mode today by announcing technology it calls Shapeshifter that is said to prevent cyber-criminals from successfully attacking and compromising websites.

Shape Security has attracted $26 million in venture capital from Kleiner Perkins Caufield & Byers, Eric Schmidt's TomorrowVentures, Baseline Ventures, Google Ventures, Wing Ventures, Venrock and individuals including former Symantec CEO Enrique Salem.  

By putting the Shapeshifter appliance in front of a website, every HTML page that is presented for viewing is subtly transmuted in its underlying code each time so that it won't look the same twice. "The key is not to change anything to the naked eye but everything the programmer cares about," explains Shape Security's vice president of strategy, Shuman Ghosemajumder. This automatic altering of web pages to the external world creates a kind of deceptive camouflage designed to never let an attacker get a single straight shot to undermine the site through attacks such as cross-site scripting or application denial-of-service attacks.

+ ALSO ON NETWORK WORLD: 12 Hot Security Start-ups to Watch +

Shape Security calls this "real-time polymorphism" and in some regards, Ghosemajumder points out, it borrows a page from tactics that malware authors use to constantly modify malicious code so it can evade signature-based detection. With Shapeshifter, "the website will constantly re-write itself wherever you deploy it, the HTML will re-write itself," he says. But for the visitor, the content looks the same as it might be otherwise.

The goal is to create a defense against some of the natural advantages that attackers have in deeply scoping out the websites they want to attack in advance. Shapeshifter's approach does require considerable processing power, Ghosemajumder acknowledges. Because it is computationally intensive, Shapeshifter has to be tested carefully in any website environment. It can be deployed to a single web page, such as to protect a login page, or across numerous web pages. The amount of traffic and number of web pages will be factors in its use. Shape Security has no announcements yet on customers using Shapeshifter but says private betas are ongoing. Pricing for it is not yet disclosed.

Founded in November 2011, Mountain View-based Shape Security has three co-founders: CEO, Derek Smith; vice president of product management Sumit Agarwal, and chief technology officer Justin Call. Agarwal is the former senior advisor of cyber innovation at the U.S. Department of Defense as well as former deputy assistant secretary to the department. Prior to that he was head of mobile products at Google.

Ellen Messmer is senior editor at Network World, an IDG website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: emessmer@nww.com

Read more about wide area network in Network World's Wide Area Network section.

Don't miss...


18 hot IT certifications for 2014

6 IT hiring tips to weed out the duds

The helpful, handy, FREE programs your new PC needs

  Sign me up for ITworld's FREE daily newsletter!
Email: 
 


Originally published on Network World |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Spotlight on ...
Online Training

    Upgrade your skills and earn higher pay

    Readers to share their best tips for maximizing training dollars and getting the most out self-directed learning. Here’s what they said.

     

    Learn more

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness