VIDEO: Can Shape Security revolutionize Web defense?

By Byron V. Acohido

Shape Security. Remember that name. The Silicon Valley start-up emerged from stealth mode this morning to publicly unveil details of its plan to revolutionize cybersecurity.

If Shape can deliver, its technology could radically disrupt the engine that drives cybercrime: botnets.

Related video: Shape Security creates first “botwall’

A botnet is a sprawling network of thousands of infected PCs or Web servers, referred to as bots. The top dozen or so cybercriminal rings command massive botnets honed to automate and scale up the delivery of spam scams, the carrying out of denial-of-service attacks, the booby-trapping of legit websites and the hijacking of online financial accounts.

Botnets can’t be stopped largely because the bad guys have mastered a technique, called polymorphism, by which they continually tweak the underlying malicious code to stay a step ahead of the latest security updates.

Shape’s co-founders came up with the notion of using polymorphism against the bad guys. Shape’s technology doesn’t bother trying to detect botnet activity. Instead, it continually scrambles the exchange of information taking place between a Web server and a Web site visitor, be it a legit user or a malicious bot.

Gartner banking security analyst Avivah Litan credits Shape for breaking new ground. “You’ve got to hand it to them, they did something revolutionary, and you don’t see revolutionary technology very often,” Litan says. “No one ever comes up with new ideas in security. It’s always variations of old ideas and incremental changes.”

Shape has attracted cream-of-the-crop brainpower. Co-founder and CTO Justin Call, principal inventor, helped create the network security tools at security vendor Oakley Networks, which defense giant Raytheon acquired in 2007.

Co-founder and products vice-president Sumit Agarwal was the product chief at Google who helped port Google maps to the Android mobile device platform, and build AdWords into a $6 billion business.

And strategy vice president Shuman Ghosemajumder led development at Google of the systems the search giant uses to mitigate click fraud, in which faked clicks on advertisements — usually generated by botnets — trigger payments from the advertiser.

“We’re not actually trying to detect botnet activity,” explains Ghosemajumder. “Instead, we are disrupting the (botnet) automation. It doesn’t require detection.”

Shape also has smart money behind it. It has raised $26 million from a who’s who of Silicon Valley financial backers, including Kleiner Perkins Caufield & Byers, Venrock, Google Ventures, Allegis Capital, former Google CEO Eric Schmidt and former Symantec CEO Enrique Salem.

Ted Schlein, managing partner at Kleiner Perkins Caufield & Byers, says Shape has concocted the Internet’s first “botwall.”

“What the world needs is a new tier of security architecture that blocks all commands from bots, malware and scripts,” Schlein says. “Shape has successfully created the world’s first botwall. The Internet badly needs this.”

At this juncture, the start-up has comparatively few paying customers. Litan says converting beta testers into paying clients could take a while.

“They’ve definitely got the big banks’ attention; pretty much every big bank is trying out them out,” she says. “But they’re not proven in any large scale, mission-critical situations. They’re not quite enterprise ready, yet.”

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone