Stopping automated attacks with shapeshifting websites

How we can defend against automated attacks? Tom Brewster takes a look...

There's no information on per-appliance pricing yet, though. It's not going to be cheap, at least from what Ghosemajumder tells me: "We have been focused on the high end of the marketplace and enterprise-wide, all-you-can-eat annual usage licenses, at >$1 million/year."

Another concern about such innovative technology is that it could be used as an excuse not to fix underlying issues with the architecture of the website. "It shouldn't be a bandaid over poor site design (i.e. the root causes should be addressed)," says Troy Hunt, web application security expert and Microsoft most valuable professional.

"There's a benefit to be had here but it's most advantageous when security hasn't been approached sufficiently in the first place, which makes you then question how likely the owners of the site are to seek out a dedicated security appliance and indeed if they are going to invest in security, would they not begin by fixing the underlying issues?"

Given that Shape's offering doesn't really protect against particular targeted attacks, such as manual SQL injection, or any manual attack for that matter, nor volumetric DDoS attacks, it certainly shouldn't be seen as a panacea for all your web app security woes. It's incredibly clever, and has huge potential for saving banks significant amounts of money they would have lost to fraud, but this isn't the one security appliance to end them all.

"I hope it is sold responsibly and that they are upfront about its limitations. It has value but if you are to be sure you are continuing to defend effectively you need to seek proper ongoing advice," adds Professor Alan Woodward, from the Department of Computing at the University of Surrey. "The treat changes so rapidly these days that it really isn't a complete substitute for having access to expertise that knows about the evolving threat and how to defend against it.

There are simpler, cheaper things people can do to deter attackers too. Take this novel idea that could fill the hole that Shape leaves when it comes to manual attacks: researchers from the University of Maryland have shown that just warning an attacker can cut the amount of time they spend on a website. That means that if you can create or buy software that detects suspicious behaviour, you can automate messages to attackers and deter them from whatever illicit activity they were planning.

Smarter security doesn't have to cost the earth, even if super-smart security does.

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now

Most Popular

How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

4 Jan 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022
Microsoft Exchange servers break thanks to 'Y2K22' bug
email delivery

Microsoft Exchange servers break thanks to 'Y2K22' bug

4 Jan 2022