Shape Security today announced that it has raised $25 Million in a Series D funding round to accelerate deployments of its Botwall Service, with specific plans to expand further in China.
The Mountain View, California-based web security firm has now raised a total of $91 million, including $20 million in a Series B round in 2013 and $40 million in Series C round February 2014. Well before emerging from stealth mode in January 2014, the company raised $6 million in a Series A round in 2012, led By Kleiner Perkins Caufield & Byers and Eric Schmidt's Tomorrow Ventures.
Founded by former Google, Department of Defense and major defense contractor employees, Shape's “Botwall” technology helps protect web sites and mobile apps against automated attacks conducted by threat actors that use automation. These automated attacks are growing rapidly, Shape says, and currently account for more than half of all traffic to the login pages of major websites, and bypass products that many enterprise use, such as WAFs, DDoS and fraud controls, and IDS/IPS.
Shape previously explained to SecurityWeek that its platform takes the advantage away from attackers by implementing real-time polymorphism, or dynamically changing code, to remove the static elements that malware, bots and other automated attacks use to interact with web applications.
“We’re making it the attacker’s problem to figure out how to be able to create a scripted programmatic attack against an application which is constantly rewriting itself,” Shuman Ghosemajumder, Shape Security’s VP of Strategy, told SecurityWeek in 2014.
Beijing-based Northern Light Venture Capital participated in the funding round to assist Shape with expansion into China.
“In the same way that automation has transformed traditional industries, automation is transforming the economy of cyber attackers, and rewriting the rules of enterprise risk in the process,” SecurityWeek columnist Wade Williamson wrote in a September 2014 column.
Web technologies are inherently vulnerable to automation, and have given rise to a new breed of scripted attacks, Williamson said.
“Automated attacks are cheap, tireless, and can target virtually any functionality that we expose to our end-users. Because of their reach, these attacks become both highly probable and enormous in scale. This makes understanding automated threats essential in order to understand IT and enterprise risk,” Williamson, a previous employee of Shape Security, explained.
Lead investor in the round Baseline Ventures, Northern Light and Epic Ventures join existing investors Kleiner Perkins Caufield & Byers, Venrock, Norwest Venture Partners, Google Ventures, Tomorrow Ventures and other prominent investors in this round.
The company says customers include global airlines, US banks, insurers, major federal government agencies, and several of large retailers.
"Cycling through user IDs and passwords at various websites, such as online banking or credit card portals... these massive automated account takeover attacks have become much more sophisticated and have escalated substantially, according to our clients, with big pickups in such attacks during and right after the 2014 holiday season," wrote Avivah Litan, VP Distinguished Analyst at Gartner. "Some report that such scripted attacks against large online sites doubled in the first two months of 2015."
"Attackers are constantly evolving, but we are able to stay ahead of them successfully. Our new funding will allow us to take our proven approach and scale it to other major markets around the world," said Derek Smith, CEO of Shape Security.
Shape’s Botwall technology can deployed in the cloud or on premise.