US start-up Shape Security has unveiled a new technology, dubbed ShapeShifter, which is claimed to defend websites against cyber hackers by constantly changing websites’ code.
Working with HTML, JavaScript and CSS languages, the new network security appliance instantly disables the capability of malware, bots and other scripted attacks to interact with users’ web application by transforming the site’s code into a ‘moving target’.
Shape Security founder Sumit Agarwal said that all the process happens without creating any user-visible changes.
"The website looks and feels exactly the same to legitimate users, but the underlying site code (HTML, JavaScript, and CSS) is different on every pageview," Agarwal said.
"Because bots must reference the content is some manner, this never-ending modulation of the site code breaks scripts and deflects attacks.
"Ultimately, the ShapeShifter aims to stop non-human visitors from executing large-scale automated attacks.
"This may help break the economics of breaches like the one Target experienced in late 2013, by eliminating the monetisation path."
The new technology also ditches hackers’ efforts to counter detection via ‘real-time polymorphism’, which facilitates their bots to modify their own code always when infecting a new device and make them harder to be detected.
The start-up has also raised $26min funds to support the launch of the new product, with backers including Kleiner Perkins Caufield & Byers, Venrock, Google Ventures, Wing Venture Partners, Allegis Capital, TomorrowVentures, and ex-Symantec CEO Enrique Salem.
Shape Security CEO Derek Smith said modern cybercriminals employ sophisticated attacks that operate at large scale while easily evading detection by security defenses."
"The ShapeShifter focuses on deflection, not detection. Rather than guessing about traffic and trying to intercept specific attacks based on signatures or heuristics, we allow websites to simply disable the automation that makes these attacks possible," Smith said.
