Shape Security Raises $40M to Expand Its Global Reach

Shape Security emerged from stealth two years ago with ShapeShifter technology. Today, the company's platform consists of a back end that analyzes the transactions flowing through a given system.

Download the authoritative guide: The Ultimate Guide to IT Security Vendors

Shape Security financing

Shape Security has closed a $40 million Series D round of funding, bringing total funding to date for the company to $106 million.

The new funding will be used to expand the company's sales and marketing efforts around the world.

"We could have raised a lot more funding, but the guidance from our board was to take only the amount we needed to achieve profitability," Derek Smith, CEO of Shape Security, told eWEEK.

The target for Shape Security is to be break-even on cash flow next year, Smith added.

Shape Security emerged from stealth in 2014 with its ShapeShifter technology. The early premise behind ShapeShifter was about enabling an organization to shift or adjust the attack profile that is available to an attacker in a bid to minimize risk.

"The ShapeShifter element continues to be a part of our overall platform," Shuman Ghosemajumder, CTO of Shape Security, told eWEEK. "I think we highlighted ShapeShifter in the past because it was a physical appliance in its first manifestation."

ShapeShifter is now available in multiple modalities, including a hosted model and as a virtual appliance, he added. The broader Shape Security platform in 2016 also consists of a back end that analyzes the various transactions that are flowing through a given system.

"We're also are now active in native mobile applications, and we're also able to protect mobile APIs," Ghosemajumder said. "Thanks to the great size of our customers and the number of users they have on their applications, Shape Security is now protecting 20 percent of the world's in-store mobile payments."

Shape Security has a software development kit (SDK) that can be embedded into a mobile application. When it comes to mobile security, many organizations are primarily concerned with securing a specific device and not an API, said Ghosemajumder, adding that attackers are now increasingly going after the API, without directly compromising anything on the client device itself.

"In many cases, attackers using desktop systems and cloud servers are impersonating mobile devices, sending requests to a mobile API at high volume," Ghosemajumder said. "What we're able to do is distinguish between automated attacks coming from cyber-criminals, from requests coming from a native mobile app that has been secured with our SDK."

While the early idea behind ShapeShifter involved the use of deception technologies, in 2016, deception is only a small subset of Shape Security's focus, Ghosemajumder explained.

"We certainly offer the capability to change the response that goes out to an attacker," Ghosemajumder said. "If the attacker is fooled by the response, that can offer a certain amount of protection."

A more comprehensive way of looking at the problem is to limit the feedback that goes to attackers from a system that is under attack, he said.

"Overall, what we're doing is preventing attackers from reaching any type of scale from automated attacks," Ghosemajumder said. "There are various mechanisms by which you can do that, and deception is just one of them."

Investors in Shape Security include Hewlett Packard Pathfinder, EDBI, Baseline Ventures, Kleiner Perkins Caufield & Byers, NVP, Venrock, Google Ventures, Eric Schmidt and Northern Light Ventures.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.