Start-up debuts 'shape-shifting' technology to protect web servers

Start-up debuts 'shape-shifting' technology to protect web servers

Backed by a lineup of elite investors, start-up Shape Security comes out of stealth mode today by announcing technology it calls Shapeshifter that is said to prevent cyber-criminals from successfully attacking and compromising websites.

Shape Security has attracted $26 million in venture capital from Kleiner Perkins Caufield & Byers, Eric Schmidt's TomorrowVentures, Baseline Ventures, Google Ventures, Wing Ventures, Venrock and individuals including former Symantec CEO Enrique Salem.

By putting the Shapeshifter appliance in front of a website, every HTML page that is presented for viewing is subtly transmuted in its underlying code each time so that it won't look the same twice. "The key is not to change anything to the naked eye but everything the programmer cares about," explains Shape Security's vice president of strategy, Shuman Ghosemajumder. This automatic altering of web pages to the external world creates a kind of deceptive camouflage designed to never let an attacker get a single straight shot to undermine the site through attacks such as cross-site scripting or application denial-of-service attacks.

+ ALSO ON NETWORK WORLD: 12 Hot Security Start-ups to Watch +

Shape Security calls this "real-time polymorphism" and in some regards, Ghosemajumder points out, it borrows a page from tactics that malware authors use to constantly modify malicious code so it can evade signature-based detection. With Shapeshifter, "the website will constantly re-write itself wherever you deploy it, the HTML will re-write itself," he says. But for the visitor, the content looks the same as it might be otherwise.

The goal is to create a defense against some of the natural advantages that attackers have in deeply scoping out the websites they want to attack in advance. Shapeshifter's approach does require considerable processing power, Ghosemajumder acknowledges. Because it is computationally intensive, Shapeshifter has to be tested carefully in any website environment. It can be deployed to a single web page, such as to protect a login page, or across numerous web pages. The amount of traffic and number of web pages will be factors in its use. Shape Security has no announcements yet on customers using Shapeshifter but says private betas are ongoing. Pricing for it is not yet disclosed.

Founded in November 2011, Mountain View-based Shape Security has three co-founders: CEO, Derek Smith; vice president of product management Sumit Agarwal, and chief technology officer Justin Call. Agarwal is the former senior advisor of cyber innovation at the U.S. Department of Defense as well as former deputy assistant secretary to the department. Prior to that he was head of mobile products at Google.

Ellen Messmer is senior editor at Network World, an IDG website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail:

Read more about wide area network in Network World's Wide Area Network section.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags cybercrimeGooglelegalendpoint securitysymantecanti-malwareWide Area Network



Reseller News Innovation Awards 2019: meet the winners

Reseller News Innovation Awards 2019: meet the winners

Reseller News honoured the standout players of the New Zealand channel in front of more than 480 technology leaders in Auckland on 23 October, recognising the achievements of top partners, emerging entrants and innovative start-ups.

Reseller News Innovation Awards 2019: meet the winners
Malwarebytes shoots the breeze with channel, prospects

Malwarebytes shoots the breeze with channel, prospects

A Kumeu, Auckland, winery was the venue for a Malwarebytes event for partner and prospect MSPs - with some straight shooting on the side. The half-day getaway, which featured an archery competition, lunch and wine-tasting aimed at bringing Malwarebytes' local New Zealand and top and prospective MSP partners together to celebrate recent local successes, and discuss the current state of malware in New Zealand. This was also a unique opportunity for local MSPs to learn about how they can get the most out of Malwarebytes' MSP program and offering, as more Kiwi businesses are targeted by malware.

Malwarebytes shoots the breeze with channel, prospects
Show Comments