Stopping automated attacks with shapeshifting websites

How we can defend against automated attacks? Tom Brewster takes a look...

There's no information on per-appliance pricing yet, though. It's not going to be cheap, at least from what Ghosemajumder tells me: "We have been focused on the high end of the marketplace and enterprise-wide, all-you-can-eat annual usage licenses, at >$1 million/year."

Smarter security doesn't have to cost the earth, even if super-smart security does.

Another concern about such innovative technology is that it could be used as an excuse not to fix underlying issues with the architecture of the website. "It shouldn't be a bandaid over poor site design (i.e. the root causes should be addressed)," says Troy Hunt, web application security expert and Microsoft most valuable professional.

"There's a benefit to be had here but it's most advantageous when security hasn't been approached sufficiently in the first place, which makes you then question how likely the owners of the site are to seek out a dedicated security appliance and indeed if they are going to invest in security, would they not begin by fixing the underlying issues?"

Advertisement - Article continues below

Given that Shape's offering doesn't really protect against particular targeted attacks, such as manual SQL injection, or any manual attack for that matter, nor volumetric DDoS attacks, it certainly shouldn't be seen as a panacea for all your web app security woes. It's incredibly clever, and has huge potential for saving banks significant amounts of money they would have lost to fraud, but this isn't the one security appliance to end them all.

"I hope it is sold responsibly and that they are upfront about its limitations. It has value but if you are to be sure you are continuing to defend effectively you need to seek proper ongoing advice," adds Professor Alan Woodward, from the Department of Computing at the University of Surrey. "The treat changes so rapidly these days that it really isn't a complete substitute for having access to expertise that knows about the evolving threat and how to defend against it.

There are simpler, cheaper things people can do to deter attackers too. Take this novel idea that could fill the hole that Shape leaves when it comes to manual attacks: researchers from the University of Maryland have shown that just warning an attacker can cut the amount of time they spend on a website. That means that if you can create or buy software that detects suspicious behaviour, you can automate messages to attackers and deter them from whatever illicit activity they were planning.

Smarter security doesn't have to cost the earth, even if super-smart security does.

Featured Resources

The essential guide to cloud-based backup and disaster recovery

Support business continuity by building a holistic emergency plan

Download now

Trends in modern data protection

A comprehensive view of the data protection landscape

Download now

How do vulnerabilities get into software?

90% of security incidents result from exploits against defects in software

Download now

Delivering the future of work - now

The CIO’s guide to building the unified digital workspace for today’s hybrid and multi-cloud strategies.

Download now

Most Popular

Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Amazon Web Services (AWS)

What to expect from AWS Re:Invent 2019

29 Nov 2019
Business strategy

Huawei takes the US trade sanctions into its own hands

3 Dec 2019

Five signs that it’s time to retire IT kit

29 Nov 2019