Can websites use judo logic to defend themselves, turning one of their attackers’ key strategies against them? That’s the idea behind a new product that shields websites by continually morphing its visible code, creating what some have described as the first “botwall.”
As Shape Security VP of strategy Shuman Ghosemajumder told VentureBeat, a ShapeShifted website and a malware attack use “the same fundamental concept of polymorphism, but the implementation is different.”
ShapeShifter’s polymorphism, he pointed out, is conducted in real time, while “malware changes code only when it installs, because it’s trying to change its signature.” CEO Derek Smith told news media that his company’s focus is on “deflection, not detection.”
Does this replacement of the original code reduce a website’s performance? Ghosemajumder said there is “minimal latency,” adding that the process is transparent to website management. End users see the original user interface.
Currently, Shape Security’s solution is being offered as a hardware appliance, but a cloud-based version is being developed. The product is being targeted at major websites in financial services, health care, and major e-commerce at prices north of a million bucks.