Skip to main content
  1. News
  2. Business & Finance
  3. Personal Finance

Shape Security creates first proactive technology to fight cyber attacks

See also

On Jan. 21 a new, until now, secretive start=up created a loud buzz in the cyber security world after it announced the unveiling of a technology that takes a new approach to fighting malware attacks. It has the potential to cut global cyber attacks in half.

Shape Security is the first to attack the problem of hackers stealing information from large website servers containing critical personal information such as usernames, passwords, credit card and Social Security numbers. Instead of trying to detect bots or malware the new technology disrupts the ability of hackers to steal such information with controlled bots.

"There are armies of 'bots' sitting on user machines that quietly take over for a few unnoticed moments, then go back to sleep," Shape co-founder Sumit (pronounced "summit") Agarwal said recently from the company's compact offices.

A botnet is a sprawling network of thousands of infected PCs or Web servers, referred to as bots. The top dozen or so cybercriminal rings command massive botnets which increase their ability to send out things such spam scams, the booby-trapping of legit websites, and the hijacking of online financial accounts.

Botnets can't be stopped largely because the bad guys have mastered a technique called polymorphism. It continually changes or tweaks the underlying malicious code to stay a step ahead of the latest security systems which are monitoring for known malware coding.

"This problem (bots) is bigger today than it's ever been because every American household is wired," Agarwal said. After brainstorming with another security expert, they came to the conclusion that the key is to disrupt or block the ability to steal data from websites that bots have visited.

Simply put, Shape Security’s software program creates a wall of confusion so a malware program or directed bots that are searching for fields such as username, Social Security or credit card numbers and password can’t find them.

The software actually replaces the codes each field with constantly changing random coding preventing the malware from tagging the real information coding. It is invisible to Internet users. Essentially it blocks all commands from bots, malware and scripts to lift data.

Those rapid changes are called "real-time polymorphism," a technique traditionally used by malware to rewrite its code every time a new machine is infected. In a clever turn of events Shape turned this scrambling activity into a unique, proactive tool to stop hackers and organized cybercrime groups.

"It can be a game-changer," said Gartner Research vice president Avivah Litan, a security consultant who previously was director of financial systems at the World Bank. "You don't run across something this radical very often."

Current security software is often handicapped because it fights reactively and is based on recognizing known malware coding. A new virus or bit of malicious software may not be discovered until long after it's begun to work.

While not discussed, it is highly probable that Homeland Security is interested in Sharp’s new technology. Former Defense Secretary Leon Panetta, in a recent speech in San Jose, said the agency is hit with malware attacks more than 100,000 times each day.

Shape's software has been used for the past six months by about a dozen Fortune 200 companies, though the start-up isn't identifying them.

The question will be if these beta-testers and others will invest in this revolutionary software. The upfront investment could be more than $1 million. However, taking into account both the actual costs of a breach along with the secondary financial costs attached to investigations, consumer ire, lawsuits or even an attack on a critical energy system, it might be both the preferable and the cost-effective choice.

"It's almost the wild west in security, because threats are happening at so many levels," said Daniel Ives, a security analyst with FBR Capital Markets. "Every enterprise and every government agency in the world is trying to figure out what's the next shiny toy in security software."

Another security expert has said that the Internet has badly needed something like this. Avivah Litan believes hackers eventually will find ways to outfox any new technology -- a point Agarwal also concedes. One would expect this forward-thinking company is already strategizing the next level of proactive technology.

Advertisement

News

  • Gaza school shelled
    Israeli airstrikes topple a school in Gaza suspected of housing rockets; dozens killed
    Video
    Video
  • Ebola outbreak
    An American with Ebola virus died shortly after boarding three planes
    World News
  • Why dogs smell butts
    Researchers figure out why dogs like to smell each other's butts
    Pets
  • Time to stop tanning
    The surgeon general advises us not to tan as melanoma cases are on the rise
    Health News
  • Zimmerman lands dream job
    George Zimmerman lands his dream job as a security guard at a gun/motorcycle shop
    Headlines
  • 10 smartest states
    Here are the 10 most educated states in the U.S., did yours make the cut?
    US News

Related Videos:

  • Mickey Mouse's Driver License
    <iframe width="560" height="315" src="//www.youtube.com/embed/4ma2Coxjc1A?VQ=HD720&amp;allowfullscreen=true&amp;autoplay=1"></iframe>
  • Apollo Nida sentenced
    <div class="video-info" data-id="518222061" data-param-name="playList" data-provider="5min" data-url="http://pshared.5min.com/Scripts/PlayerSeed.js?sid=1304&width=480&height=401&playList=518222061&autoStart=true"></div>
  • Apollo Nida and Phaedra Parks
    <div class="video-info" data-id="518222061" data-param-name="playList" data-provider="5min" data-url="http://pshared.5min.com/Scripts/PlayerSeed.js?sid=1304&width=480&height=401&playList=518222061&autoStart=true"></div>