IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Stopping automated attacks with shapeshifting websites

How we can defend against automated attacks? Tom Brewster takes a look...

There's no information on per-appliance pricing yet, though. It's not going to be cheap, at least from what Ghosemajumder tells me: "We have been focused on the high end of the marketplace and enterprise-wide, all-you-can-eat annual usage licenses, at >$1 million/year."

Another concern about such innovative technology is that it could be used as an excuse not to fix underlying issues with the architecture of the website. "It shouldn't be a bandaid over poor site design (i.e. the root causes should be addressed)," says Troy Hunt, web application security expert and Microsoft most valuable professional.

"There's a benefit to be had here but it's most advantageous when security hasn't been approached sufficiently in the first place, which makes you then question how likely the owners of the site are to seek out a dedicated security appliance and indeed if they are going to invest in security, would they not begin by fixing the underlying issues?"

Given that Shape's offering doesn't really protect against particular targeted attacks, such as manual SQL injection, or any manual attack for that matter, nor volumetric DDoS attacks, it certainly shouldn't be seen as a panacea for all your web app security woes. It's incredibly clever, and has huge potential for saving banks significant amounts of money they would have lost to fraud, but this isn't the one security appliance to end them all.

"I hope it is sold responsibly and that they are upfront about its limitations. It has value but if you are to be sure you are continuing to defend effectively you need to seek proper ongoing advice," adds Professor Alan Woodward, from the Department of Computing at the University of Surrey. "The treat changes so rapidly these days that it really isn't a complete substitute for having access to expertise that knows about the evolving threat and how to defend against it.

There are simpler, cheaper things people can do to deter attackers too. Take this novel idea that could fill the hole that Shape leaves when it comes to manual attacks: researchers from the University of Maryland have shown that just warning an attacker can cut the amount of time they spend on a website. That means that if you can create or buy software that detects suspicious behaviour, you can automate messages to attackers and deter them from whatever illicit activity they were planning.

Smarter security doesn't have to cost the earth, even if super-smart security does.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Most Popular

Salaries for the least popular programming languages surge as much as 44%
Development

Salaries for the least popular programming languages surge as much as 44%

23 Jun 2022
The top programming languages you need to learn for 2022
Careers & training

The top programming languages you need to learn for 2022

23 Jun 2022
Swift exit: How the world cut off Russian banks
finance

Swift exit: How the world cut off Russian banks

24 Jun 2022