Shape Security raises $40M to fight cyber attacks with machine learning


Mountain View-based cybersecurity firm Shape Security has just secured an impressive $40 million in Series D funding led by the investment arm of the Singapore government’s economic development board (EDBI).  The funding round also included investments from both Google Ventures and Hewlett Packard Enterprise’s (HPE) Pathfinder program.

According to a statement by Singapore’s EDBI, in addition to its investment in Shape Security, the agency will help the company expand in the Asian market, which has its share of struggles with cybersecurity threats.

“As automated attacks on web and mobile sites become more prevalent and harder to defend against with existing solutions, we believe Shape Security’s highly innovative cybersecurity platform can be a game changer that offers enterprises real-time protection against such threats,” said CHU Swee Yeok, CEO and President of EDBI. “We are pleased that Shape is leveraging Singapore to access Asian customers and partners in the region to advance their global growth strategy.”

On its website, Shape Security notes that today’s top three cybersecurity threats are not manual attacks like in the olden days of hackers, but rather automated attacks that are difficult to stop. These threats include credential stuffing, which uses brute force to break into a system by entering matching pairs of compromised usernames and passwords; content scraping, which rips unprotected text and other content from websites for use in other applications; and application-layer distributed denial of service (DDoS), which overloads a website or other online system by flooding it with millions of seemingly legitimate data requests.

Shape offers several layers of protection with its “security as a service” product, which is aimed at defending websites and servers from these sorts of attacks. Shape’s security service includes a few of the usual features like active threat monitoring, but some of Shape’s other features take advantage of machine learning to continuously adapt to new automated attacks.

For example, the company’s ShapeShifter application subtly alters the source code of a website each time it is viewed, making it difficult for automated bots to accurately read and understand the information, thereby making it harder to exploit.

According to Shape, its service analyzes around 1.1 billion login requests each week for its customers, and its Shape Cloud service handles up to 500,000 requests per second. The company claims that its security features have helped prevent over $1 billion in fraud losses.

The fight never ends

While companies like Shape Security are certainly making impressive strides in cybersecurity technology thanks to machine learning and other innovations, they will not likely be able to claim a victory any time soon, and many security experts are concerned about the possibility of cyber criminals taking advantage of some of those same innovations to develop smarter malicious programs.

Earlier this year, for example, researchers at the University of Louisville in Kentucky published a paper outlining the potential for “malevolent AI,” which would essentially function like intelligent computer viruses. Rather than using brute force as an automated attack, as is the case with DDoS attacks, an AI powered by machine learning could intelligently attack systems and exploit weaknesses with a precision that could be difficult to stop.

This is one reason that a number of tech companies and research groups, such as Elon Musk’s Open AI project, are pushing for ethical guidelines for the development of AI. Of course, these guidelines would only matter if everyone actually followed them.

Photo by perspec_photo88