How do you discourage hackers and fraudsters from attacking websites? By creating a disincentive to those attacks. PYMNTS.com spoke to Shuman Ghosemajumder, vice president of strategy at Shape Security, and learned that Shape’s crime-fighting strategy is simple: change the economics behind cyber attacks to make them less appealing. We learned more about Shape’s strategy, it’s relevancy to the payments industry, and a recent Series B funding round with some impressive backers.
Shape Security made headlines last week, securing $20 million in funding in a Series B round from the likes of Venrock, Google Ventures, TomorrowVentures and others. The company raised it’s first round of funding in April 2012, has been in “heads-down development mode” ever since, and has created some buzz along the way with impressive hirings and big-name backers.
Why are investors so interested in a security company that’s yet to even announce its products? Because not only is Shape Security innovating the technology behind cybercrime prevention: it’s changing the economics, too.
PYMNTS.com spoke with Shuman Ghosemajumder, vice president of strategy at Shape Security, to discuss his company’s unique take on cyber security, their timeline for rolling out products and why Shape can be a big player in the financial services protection industry.
Ghosemajumder, who joined Shape Security after several years as the “click-fraud czar” at Google, said that what makes Shape stand out in a crowded field is the technological aspects of Shape’s work, plus the strategy they’re using to discourage hackers.
“I think that the main thing that distinguishes us from other companies is the technological innovation — which unfortunately I can’t talk in great detail about,” Ghosemajumder admitted. “But the general nature of it focuses on the rise of botnets and the use of systems like crimeware-as-a-service, which allows the bad guys to basically have a stack that is very similar to what legitimate developers use to be able to create very powerful web services.
And the bad guys, unfortunately, can use these types of systems to create automated attacks that didn’t even really exist a few years ago.”
Ghosemajumder cited credential-stuffing attacks and “large-scale, advanced” denial of service attacks as two evolving threats posed to online accounts. Such attacks can use hundreds of thousands of IP addresses and machines to overwhelm servers and compromise information, and can be too advanced for common anti-fraud and anti-hacking safety measures.
Ghosemajumder also highlighted “man-in-the-browser” attacks as a threat that poses an enormous threat to the financial services industry. According to Ghosemajumder, man-in-the-browser attacks “cut right through two-factor authentication,” which is accepted by many in the industry as a secure solution for online transactions.
“Unfortunately, attacks like man-in-the-browser don’t even care about what a user’s credentials are: they just wait for the user to authenticate with as many factors as are necessary, and then they spring into action and start changing a user’s transactions in real time,” he explained.
So what is Shape’s plan to combat such advanced cyber warfare? While Ghosemajumder was limited in what he could say, he emphasized that Shape’s unique approach is in changing not only the technology behind cyber attack prevention, but the economics behind it as well. That, in Ghosemajumder’s mind, is what has caused so many to cite Shape as a disruptive player in the field.
“The difference in the way we approach this is we want to be able to make those attacks much more expensive,” he said. “And when you make those attacks much more expensive and you change the economics for those attackers, then they either shift to softer targets or they decide to do something else entirely”
To hear more Ghosemajumder on Shape’s hack-halting strategy, his company’s release dates and more, listen to the full podcast below.
*If you have trouble with the audio player above, click here.
Vice President of Strategy for Shape Security
Shuman Ghosemajumder is VP of Strategy at Shape Security, a Kleiner Perkins startup developing a new type of web security product. He previously worked at Google, where led global product management for protecting the $20+ billion annual revenue AdWords business against click fraud and other threats. He joined Google in 2003 as a product manager for AdSense and helped grow that business to $2 billion in annual revenue. He was also part of the team that launched Gmail. Prior to Google, he worked at IBM and McKinsey & Co. He holds an MBA from the MIT Sloan School of Management.