Shape Security is an advanced application defense platform founded in 2001 in Silicon Valley by former Google and Pentagon execs. The service protects web and mobile applications from all kinds of automated attacks like content scraping, credential stuffing, and DDoS attacks. The service, called Shape Botwall, is available both in the cloud and on premises.
Shape Security has raised over $90 million in equity funding over 4 rounds, including a recent $25 million Series D in January of 2016. Investors include Google Ventures, Kleiner Perkins, and Northern Light Venture Capital.
The Shape Botwall Service can be deployed fully in the cloud, integrated with a customer’s existing infrastructure, or a combination of both. No change to the customer website or mobile application code is required.
The service protects the customer against automated bot attacks by using a polymorphic engine that dynamically changes the underlying code of the login pages of a website or mobile application. Every time a page loads, the code is different, making it difficult for an automated bot to enter credentials like username and password. This process is totally invisible to human users, but for an automated bot, it creates a moving target.
When the company first launched, the initial product was called Shapeshifter which was a hardware appliance deployed in the customer data center. Today, the product is called Botwall, and in addition to protecting website applications, it now can protect native mobile apps as well.
Shape Security Pricing
Shape Security offers both a subscription model for their cloud service and an appliance sales model for on premises. Pricing is not shared publicly and you’ll need to contact a sales rep to get a custom quote based on your individual needs.
Shape Botwall is a unique bot protection service in that it dynamically alters the code of a website or application login screen making it a moving target for automated bots trying to stuff credentials, inject malicious code, or flood an application server with requests. This is fundamentally different from other solutions on the market that use security rules and signatures to try and detect malicious activity. Perhaps the best part of this solution is that it does not require complex integrations and can be used in conjunction with other security products, like web application firewalls. As of 2016, Shape also offers the service for native mobile apps on iOS and Android as well.