A blueprint unfurled, a vault room scrutinized, an exit path recorded. Even if you’ve never participated in a bank heist you can imagine the preparations its conspirators must carry out.
Cyber crime is no different. Get away with the loot—that’s the game. In the virtual world attackers recently worked out a neat trick for skedaddling inconspicuously: By connecting to common Internet services like YouTube or Dropbox, malicious hackers can use sophisticated malware to vacate premises, spoils in hand, without attracting attention from computer network custodians. Nothing looks out of the ordinary when Gmail is the getaway car.
This year Shape Security, a Mountain View, Calif. startup that revealed itself at the beginning of the year, encountered this emergent attack through its customer base. Its 100-person team is just now beginning to devise a solution. Shape’s core technology harnesses a concept called polymorphism—rewriting the code of websites in real time to make them more difficult to assail. The ShapeShifter, an appliance serving as the company’s main product, offers HTML camouflage. It turns readable, static webpages into moving targets—encryption, essentially, for the user interface layer. At the moment, it shields only entry points.
Sumit Agarwal, a co-founder of the company and its vice president of products, believes polymorphism can extend not just to cover routes of ingress but means of egress as well. “Right now if you’re an enterprise we protect your website. The evolution here for us is now trying to protect your enterprise’s employees,” he says. “It’s one of the exciting things on the horizon, a brand-new approach to web architecture on top of our core idea.” If Shape Security succeeds, digital crooks’ marked-up floor plans will no longer be as handy as doors morph and shuffle around them mid-job. And when that happens? Good luck getting out.
For more stories from our Shape the Future package, click here.