Web Security Startup Gets Funding From Google Ventures, Former Symantec CEO

A Web security startup with an approach aimed at making it harder and more expensive for attackers to execute man-in-the-browser and other attacks on Web applications and websites just got a venture-capital infusion from some big names.

Mountain View, Calif.-based Shape Security announced that it has secured $20 million in Series B financing, led by Venrock, and including Kleiner Perkins Caufield & Byers, Allegis Capital, Google Ventures, Google executive chairman Eric Schmidt's TomorrowVentures, and former Symantec CEO Enrique Salem. That brings the company's funding to $26 million. Executives from Dropbox, Facebook, LinkedIn, and Twitter were among the initial investors in a Series A round of funding in April. That funding effort was led by Kleiner Perkins and also included TomorrowVentures, Google Ventures, and Baseline Ventures.

Why the high-profile attention? Sumit Agarwal, co-founder and vice president of products for Shape Security, says the company is coming at Web security from a different angle: "The vast majority of products are better, faster, cheaper ways of doing the same basic thing ... They are better at treating a symptom. Very few go deeper to the root cause."

That's where Shape comes in, he says. "We are computer-science-driven. We're striking at the core mechanics of how those things work and making them harder to do in the future," Agarwal says. "We focus on the most sophisticated attackers of the future, [and] the crimeware-as-a-service ecosystem."

Shape is still keeping details of its technology and products under wraps, but Agarwal says it's all about preventing attacks against websites and apps from happening in the first place. The firm plans to roll out a software-based appliance later this year.

"We're not aware of anyone doing what we're doing ... in terms of a core, computer-science-driven approach to attacking the fundamentals of how an adversary does business," he says. "Adversaries have done a good job understanding how modern Web apps work" and understanding the framework and how to exploit it, he says.

Shape's approach is to turn the tables on the attackers -- not by conducting so-called "offensive security," he says, but by making it harder and more costly for them to wage attacks.

Shape was founded in 2011 by executives from Google, major defense contractors, and the Defense Department. Google's former click-fraud czar, Cisco Systems' former vice president of application security, and Walmart's former CISO all now work for Shape Security.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.