Stopping automated attacks with shapeshifting websites

How we can defend against automated attacks? Tom Brewster takes a look...

There's no information on per-appliance pricing yet, though. It's not going to be cheap, at least from what Ghosemajumder tells me: "We have been focused on the high end of the marketplace and enterprise-wide, all-you-can-eat annual usage licenses, at >$1 million/year."

Smarter security doesn't have to cost the earth, even if super-smart security does.

Another concern about such innovative technology is that it could be used as an excuse not to fix underlying issues with the architecture of the website. "It shouldn't be a bandaid over poor site design (i.e. the root causes should be addressed)," says Troy Hunt, web application security expert and Microsoft most valuable professional.

"There's a benefit to be had here but it's most advantageous when security hasn't been approached sufficiently in the first place, which makes you then question how likely the owners of the site are to seek out a dedicated security appliance and indeed if they are going to invest in security, would they not begin by fixing the underlying issues?"

Given that Shape's offering doesn't really protect against particular targeted attacks, such as manual SQL injection, or any manual attack for that matter, nor volumetric DDoS attacks, it certainly shouldn't be seen as a panacea for all your web app security woes. It's incredibly clever, and has huge potential for saving banks significant amounts of money they would have lost to fraud, but this isn't the one security appliance to end them all.

"I hope it is sold responsibly and that they are upfront about its limitations. It has value but if you are to be sure you are continuing to defend effectively you need to seek proper ongoing advice," adds Professor Alan Woodward, from the Department of Computing at the University of Surrey. "The treat changes so rapidly these days that it really isn't a complete substitute for having access to expertise that knows about the evolving threat and how to defend against it.

There are simpler, cheaper things people can do to deter attackers too. Take this novel idea that could fill the hole that Shape leaves when it comes to manual attacks: researchers from the University of Maryland have shown that just warning an attacker can cut the amount of time they spend on a website. That means that if you can create or buy software that detects suspicious behaviour, you can automate messages to attackers and deter them from whatever illicit activity they were planning.

Smarter security doesn't have to cost the earth, even if super-smart security does.

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Leading the data race

The trends driving the future of data science

Download now

How to create 1:1 customer experiences at scale

Meet the technology capable of delivering the personalisation your customers crave

Download now

How to achieve daily SAP releases

Accelerate the pace of SAP change to support your digital strategy

Download now

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
Windows XP source code allegedly leaked online
Microsoft Windows

Windows XP source code allegedly leaked online

25 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020