For decades the information security industry’s default analogy has been virus versus antivirus, a futile race to detect hackers’ weapons as they constantly mutate. Now a few security veterans are flipping the game: Deciphering a shape-shifting chunk of code is about to become the attacker’s problem.
In late January a team of entrepreneurs out of Google and the defense world unveiled a startup called Shape Security. The 58-person Mountain View, Calif. company sells a pizza-box-size appliance called a ShapeShifter that plugs into a company’s network and obfuscates the code behind the customer’s website. It replaces variables with random strings of characters that change every time a page is loaded, all without altering the way the site appears to human visitors. This trick, known as polymorphism, makes it vastly more difficult for cybercriminals to use automated tools to crack passwords, scrape content from thousands of sites or use malware-infected PCs to spy on victims’ online banking.
Read more at Forbes.