US startup aims to turn tables on hackers

Online security

US startup aims to turn tables on hackers

Warwick Ashford

US startup Shape Security is turning the tables against hackers by using one of their own techniques against them.

The firm said its product makes it more difficult for hackers to carry out automated attacks, turning websites into “moving targets” by continually changing their code.

binary-no-entry-istock-thinkstock-290px.jpg

Shape Security’s technology changes the HTML, JavaScript and cascading style sheets (CSS) used to create websites without altering the look and feel of the website for legitimate users.

This is similar to the polymorphism technique used by hackers to avoid detection by making malware difficult to recognise because it is designed to rewrite its code each time it infects a new machine.

The novel approach is aimed at defending websites from attackers who use low-cost automated software tools that identify and exploit code vulnerabilities.

“This may help break the economics of breaches like the one Target experienced in late 2013,” Sumit Agarwal, the firm’s founder wrote in a blog post.

“Many web attacks are only profitable if automated. Criminal enterprises pursue profit – without automated scripts, many of today’s attacks cease to be economically viable,” he said.

This is consistent with the growing security trend of analysing attacker business models and looking for ways to undermine or disrupt them that is used by Microsoft, Adobe and others.

Detractors have said that given time attackers could probably identify parts of code that do not change, but that would take time and effort, diminishing an attacker’s return on investment.

According to Smart Security, several companies have tested the ShapeShifter network appliance, including Citigroup bank and the ticket seller StubHub.

The firm had raised $26m from investors ahead of its product launch and has several high-profile backers, including Google, Google chairman Eric Schmidt's investment company TomorrowVentures, and Enrique Salem, the former chief executive of security firm Symantec.

More on anti-hacker disruption

 


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy