VIRUS VERSUS ANTIVIRUS– now a few security veterans are flipping the game: Deciphering a shape-shifting chunk of code is about to become the attacker’s problem.
Goggle and the defense world unveiled a startup called Shape Security. The 58 person Mountain View, CA Company sells pizza-sized box appliance called a ShapeShifter that plugs into a company’s network and obfuscates the code behind the customer’s website. It replaces variables with random strings of characters that change every time a page is loaded.
This trick known a polymorhism makes it vastly more difficult for cyber criminals to us automated tolls to crack passwords, scrape content form thousands of sites or use malware-infected PC’s to spy on victims online banking.
Shape was born in 2010 at the DOD where confounder Smith and former Google mobile boss Sumit Agarwal met after Smith sold his last security firm. But the core shifting idea came form another Oakley alum, Justin Call, who soon became Shape’s CEO.
Since then its raised a total of $26 million form investors, including Kleiner Perkins Caufield and Byers Venrock and Googel Ventures. It already has more than 20 customers testing the technology and expects to book “low eight figures” in revenue for 2014. it plans to charge more than a million dollars a year per customer.
Shape’s challenges include persuading chief security officers to add yet another security appliance to their crowded data centers and ensuring that its code-scrambling trick doesn’t slow down a customers busy website of jumble the way it looks, says Jeremiah Grossman, chief technology officer of White-Hat Security and well- known Web-backing researcher.
“The more rational approach for the attackers is to target the hundreds of websites where their automated attack still works.”
Source—forbes, andy greenberg