Shape security spent more than two years working in secret before officially launching its buzzy web security appliance last month. But at its first public appearance at the RSA security conference this week, the company is coming out of stealth with a bang.
On Tuesday, Shape announced another $40 million round of a venture capital funding led by Norwest Venture Partners. That injection brings its total investment to $66 million after previous investments by Google Ventures, Kleiner Perkins and others, a sizeable war chest for a startup that only recently saw the light of day. The company, founded by ex-Googler Sumit Agarwal and ex-Oakley Network chief executive Derek Smith, sells a pizza-box-sized appliance called a “Shapeshifter” that dynamically alters the code on a customer’s website to confound any automated program that’s attempting to exploit it; The company’s executives call their product the world’s first “botwall.”
Shuman Ghosemajumder, a former Google click fraud czar and now Shape’s VP of strategy, says that the money is intended to help Shape hire a larger salesforce and develop its R&D team to prepare for the inevitable cat-and-mouse game it expects to face with advanced hackers’ automated attacks on customers’ sites. “We need to move faster,” says Ghosemajumder, to “put out a worldwide salesforce, invest in engineering and meet the demand we’ve seen since launch.”
Shape told me last month that it expects “ten-figure” bookings in 2014, and says it’s on track to meet that number. The company current has 60 employees, and plans to double its headcount in the next 12 months.
Ghosemajumder says Shape’s intention in staying in stealth for so long before launching its quick-growth strategy was to hide its shapeshifting techniques both from other security firms and the hackers it hopes to stymie. “This is about staying ahead of the competition and ahead of adversaries,” he says.
By making web sites unreadable to bots, Ghosemajumder says Shape hopes it can initially persuade hackers to simply target their automated attacks at easier targets without its code-obfuscating protections. But he acknowledges that the most highly-motivated attackers will outsmart those protections, and Shape will need the research resources to adapt as well.
“Eventually they’re going to re-architect,” he says. “We need to invest from an engineering standpoint so that whatever our adversaries evolve is also deflected by our technology.”
Follow me on Twitter , email me, anonymously send me sensitive documents or tips , and check out the new paperback edition of my book, This Machine Kills Secrets: Julian Assange, the Cypherpunks, and Their Fight to Empower Whistleblowers.