IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Stopping automated attacks with shapeshifting websites

How we can defend against automated attacks? Tom Brewster takes a look...

There's no information on per-appliance pricing yet, though. It's not going to be cheap, at least from what Ghosemajumder tells me: "We have been focused on the high end of the marketplace and enterprise-wide, all-you-can-eat annual usage licenses, at >$1 million/year."

Another concern about such innovative technology is that it could be used as an excuse not to fix underlying issues with the architecture of the website. "It shouldn't be a bandaid over poor site design (i.e. the root causes should be addressed)," says Troy Hunt, web application security expert and Microsoft most valuable professional.

"There's a benefit to be had here but it's most advantageous when security hasn't been approached sufficiently in the first place, which makes you then question how likely the owners of the site are to seek out a dedicated security appliance and indeed if they are going to invest in security, would they not begin by fixing the underlying issues?"

Given that Shape's offering doesn't really protect against particular targeted attacks, such as manual SQL injection, or any manual attack for that matter, nor volumetric DDoS attacks, it certainly shouldn't be seen as a panacea for all your web app security woes. It's incredibly clever, and has huge potential for saving banks significant amounts of money they would have lost to fraud, but this isn't the one security appliance to end them all.

"I hope it is sold responsibly and that they are upfront about its limitations. It has value but if you are to be sure you are continuing to defend effectively you need to seek proper ongoing advice," adds Professor Alan Woodward, from the Department of Computing at the University of Surrey. "The treat changes so rapidly these days that it really isn't a complete substitute for having access to expertise that knows about the evolving threat and how to defend against it.

There are simpler, cheaper things people can do to deter attackers too. Take this novel idea that could fill the hole that Shape leaves when it comes to manual attacks: researchers from the University of Maryland have shown that just warning an attacker can cut the amount of time they spend on a website. That means that if you can create or buy software that detects suspicious behaviour, you can automate messages to attackers and deter them from whatever illicit activity they were planning.

Smarter security doesn't have to cost the earth, even if super-smart security does.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Most Popular

Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
Microsoft successfully tests emission-free hydrogen fuel cell system for data centres
data centres

Microsoft successfully tests emission-free hydrogen fuel cell system for data centres

29 Jul 2022