Viewing posts categorised under: Company News
ShieldX Partners with AWS

New Amazon VPC Ingress Routing—What Does it Mean for Security?

We welcome the introduction of Amazon Virtual Private Cloud (Amazon VPC) Ingress Routing, a new solution from Amazon Web Services (AWS) designed to allow companies like ShieldX to simplify the integration of security appliances designed to monitor and block network traffic without the need to apply special routes or forego details such as public IP address routing between subnets. (For more, Amazon’s blog is here).

One of the biggest questions facing every senior security professional is figuring out how to secure enterprise networks as they fundamentally change over time. This requires a level of flexibility and scale heretofore unknown in the security industry. Traditional appliance-based solutions were built monolithically and are not well suited to cloud architectures. And new cloud friendly products do not provide the depth of security required to protect environments from the variety of attacks typically deployed.

As noted recently in CSO Online:

Contrary to what many might think, the main responsibility for protecting corporate data in the cloud lies not with the service provider but with the cloud customer. “We are in a cloud security transition period in which focus is shifting from the provider to the customer,” Heiser says. “Enterprises are learning that huge amounts of time spent trying to figure out if any particular cloud service provider is ‘secure’ or not has virtually no payback.”

Eventually, security professionals will find themselves asking:

  • How did we become totally marginalized as the businesses just went around us and built whatever they wanted directly in the cloud?
  • What does security entail in this new cloud architecture and can I secure critical assets as they move to the cloud?
  • Can I achieve the agility promised by the cloud, while ensuring proper visibility and control over the digital assets?
  • How do you automate enforcement of security policy as apps change without human intervention?
  • Do any of my traditional security tools provide value in the new cloud environment?
  • How can I enforce scalable and flexible access control in virtualized and cloud deployments (microsegmentation)?

Amazon VPC Ingress Routing:  What does it mean?
With AWS’s new announcement, the CISO’s job just got a whole lot easier. Moving to the cloud means you can easily cover the two major traffic concerns that inhibit public cloud adoption for data centers. How?

Amazon VPC Ingress Routing is a service that helps customers simplify the integration of network and security appliances within their network topology. With Amazon VPC Ingress Routing, customers can define routing rules at the Internet Gateway (IGW) and Virtual Private Gateway (VGW) to redirect ingress traffic to third-party appliances, before it reaches the final destination. This makes it easier for customers to deploy production-grade applications with the networking and security services they require within their Amazon VPC.

With ShieldX, enterprises can protect East/West traffic flows.  Most enterprise traffic, as you move to the cloud, has become East/West traffic. Analysts report East/West traffic (traffic within the data center and traffic between data centers) represents nearly 85 percent of total traffic in flow. This represents a gigantic blind spot in which basic visibility, compliance and enforcement become impossible.

With ShieldX, users can overcome significant management and security challenges, by adopting a full range of security controls to provide users the ability to view traffic, identify anomalies and block attacks traversing both north/south and east/west all from a single management console.

Here’s a video overview illustrating how ShieldX works to secure AWS.

So, today’s news from AWS should be widely welcomed by the broad security community.  We can finally embrace cloud security and economics at once.



Read More
Why I Joined ShieldX

We recently announced that I joined ShieldX Networks as CEO.

Like many job seekers, I relied on friends and trusted colleagues to inform my decision. Mike Fey first turned me onto ShieldX (he recently outlined his reasons for investing in ShieldX and it is a must read). Mike encouraged me to invest alongside him. Consequently, when the ShieldX team started to look for a CEO to partner with the founding team, a much more direct level of involvement began to surface. It did not take long for me to recognize that ShieldX is where I wanted to be, if the founders and board would have me. While there were several reasons this opportunity was so compelling, it came down to four main drivers.

Market opportunity.
The ShieldX Elastic Security Platform could well be THE enabling security offering with the ability to both enable the “migration to” and “security promises” of microsegmentation in the era of cloud computing. The move to the cloud is fundamentally changing how IT and networking are done, how applications are developed, where security risks need to be mitigated and how security needs to be inherently and elastically applied. To date, many enterprises have begun their data center transition to the cloud, but during this transition, hackers and malicious insiders have uncovered and exploited blind spots—particularly along the emerging East-West data center. We, as an industry, have spent a few decades focused on securing North-South network traffic boundaries; but as networks became flatter, larger and more dynamic, a growing attack surface within arose that led to an ever growing number of security breaches due to attacks spreading on the East-West axis.

What if we could offer improved network security by using elastic security software, which offers visibility, policy generation for microsegmentation and a rich set of dynamic security controls to enable fully automated security in this new world? What if we could simplify achieving and reporting on compliance in the cloud? For CISOs, the current set of market options means buying multiple point products, some of which are being shoehorned into solving a problem they were never designed to solve.

Further, what if we could offer security without increasing customer overhead? ShieldX does this with technology that was designed from the ground up to serve in this elastic environment where it once was impossible to define your network security posture. As Mike Fey stated in his blog, “East west security is more important than north south.”  ShieldX can—and will—protect all data center workloads in the future. As anyone interested in deploying a Zero Trust effort will understand—ShieldX is in the thick of an important market.

Today, the majority of approaches to microsegmentation require agents. Not ShieldX. Instead, ShieldX pioneered an application layer security approach that brings visibility to traffic patterns enterprises haven’t seen before the arrival of multi cloud.  And it is not just visibility. ShieldX’s approach also brings application layer threat prevention.  Remember what IPS brought to on-prem network perimeters? ShieldX does this in your cloud.  Being agentless allows for robust functionality like virtual patching, for example virtually patching cloud workloads which combats the new trend in ransomware, where the new target is unpatched workloads/VMs in your data center and cloud. And then there’s automation.  One of ShieldX’s customers used to have a firewall analyst update policies taking up four hours (!) daily. Our automated policy enforcement dynamically assigns policies based on predefined criteria aligned to your business process, enabling this valuable resource to be redeployed into more strategic activities.

I knew Ratinder and Manuel professionally and by reputation from McAfee. Both are innovators and famous within the industry for good reason. When stars aligned and Ratinder and the ShieldX board were looking for a CEO partner, it was hard to not get excited. The team that built ShieldX is hard to duplicate. Few innovators could build a platform that promises to upend security as enterprises move to the cloud. Also, if one looks at the other people associated with the company, be it investors, board members or advisors, they would have to say this is truly a “hall of fame” caliber line up.

Competitive landscape
Today, if you want security in the cloud you have to choose between virtual firewalls, agent-based technology or go with cloud-native capabilities. Virtual firewalls suffer two fundamental problems—they don’t scale elastically in the cloud and they create way too much administrative overhead in an ever-changing cloud environment. If you require more TLS decryption in an environment for inspection, for instance, you need to buy more licenses of the firewall to achieve the required TLS decryption; even if you don’t need other features included in that license. Worse, because of the extra traffic incurred by virtual firewalls, you’ll end up paying excessive CPU overhead costs and you’ll have to hire additional network security staff to administrate ACLs in your ever-changing cloud environment. Cloud native providers supply basic security capabilities, but they are hardly best of breed, they too require way too much overhead to constantly re-configure, they only support their own platform, and lack the advanced application layer security capabilities security teams require. And many new entrants in this space require agents. The drawbacks of agents are pretty well known but you can always ask one self-answering question:  Is it OK in a production environment to deploy agents to workloads without extensive QA and compatibility testing? Perhaps the biggest deficiency of all the above approaches is their lack of automation. By contrast, ShieldX installs quickly and brings fast time to value.  More importantly, our software is architected to provide elastic scalability and makes policy and control management dramatically simpler.  At the end of the day, ShieldX lowers your operational costs to enable microsegmentation and lateral movement protection. Bottom line: ShieldX brings an unfair advantage to the market.

I encourage you to try ShieldX. Three of our customers not only influenced my decision to join, but also echoed my sentiments in these detailed reviews including this compelling testimonial from Alaska Air:

We switched to ShieldX because traditional firewalls are more expensive, and they require you to take all of your traffic outside of your virtual environment to inspect it and then return it back to the virtual environment. ShieldX also enables us to migrate to cloud environments faster.

Read More
Why I invested in ShieldX

I have had the pleasure of working with the Shield X team for a couple years and recently made a significant personal investment in the company.  Why?

First, let’s assess just how cloud computing has impacted security.  In my view, the future of how we defend workloads in the cloud requires a ground up re-architecture.  We all grew up with a “defend the north-south” mentality and didn’t think much about east-west defense.  And for good reason—defending east-west was extremely difficult, expensive and simply couldn’t scale.  In a cloud native future, however, east west is as risk-laden as north south in the “old” days. As enterprises place their data centers in the cloud, you’ve essentially fragmented your crown jewels.  Enterprises are now realizing just how much security and compliance postures become downgraded by a move to the cloud.

Historically security was done mostly by fortifying the perimeter of the network.  That architecture is no longer effective, as there is an incongruity between the physical datacenter boundary and virtual perimeters. Those new perimeters can take up any size and shape and change at cloud speeds making it impossible for traditional security to follow. Additionally, the security controls offered by cloud vendors are weaker than traditional options and are often no match against attacks hindering confidence and compliance in cloud adoption.

Today, many vendors tackle the problem with agents, rigid rules sets or hard coded approaches.  Inevitably, you’ll be let down in your cloud migration journey if you deploy any of these options with negative repercussions on compliance, security and cost. Many early adopters of agent-based approaches already regret their decision.

This is where ShieldX comes in.

ShieldX represents a new and very needed way to do security.  ShieldX, is a perfectly designed solution built for the new cloud paradigm.  Not only does ShieldX fix the flat network problem, but it also makes compliance a no brainer.  And ShieldX doesn’t stop there, bringing:

  • Visibility:  ShieldX discovers infrastructure assets such as networks, virtual switches, DV switches, virtual private clouds, vNets, subnets, workloads, tags and so on. Monitor network traffic and using machine learning arrange assets in application views. ShieldX uses traffic classification and network scanning to understand the attack surfaces and vulnerabilities.  In addition, ShieldX uses data classification of both data in motion and data at rest to understand information loss risk.
  • Compliance: Passing an auditwhen your data and applications are all over the cloud often serve as a wakeup call for cloud security.  The ever-changing nature of the cloud are diametrically opposed to the neat, orderly and segmented environments auditors like to see.  With ShieldX’s microservices architecture, security enjoys a cloud-native solution that works the way cloud tools are supposed to—elastic and scalable while satisfying auditors.
  • Automation:  Combined with machine learning, ShieldX uses its visibility to provide a risk view and suggest appropriate micro segmentation and advanced security policies. The security operator can use the application model, along with the risk view and the suggested security policies to create their security intent easily and quickly.
  • Full-stack security controls to extend coverage where you don’t have any–ShieldX provides a comprehensive set of controls that go beyond basic ACLs, including micro-segmentation, access control, threat prevention, malware detection, URL classification and filtering, TLS decryption, indicator of pivot detection, anomaly detection, sensitive data migration detection and more which are policy-based and adaptive.

Moving forward, as enterprises continue their massive shift away from VMs and into true cloud architecture, ShieldX will be at the forefront of their defense strategy. In summary, ShieldX is the only solution that continuously discovers workload applications and associated risk, automates policy generation and control deployment in the multi cloud.

Read More
ShieldX at the RSA Innovation Sandbox
Company News

ShieldX at RSA Innovation Sandbox 2018As the RSA Conference kicked off on Monday, April 16th, I was honored to represent ShieldX as one of ten Innovation Sandbox finalists invited to take the spotlight for a three-minute pitch  demonstrating our groundbreaking security technologies to the broader conference community.

Read More
Hot off the Press – ShieldX Networks Selected as Finalist for RSA Conference 2018 Innovation Sandbox Contest!
Company News


We at ShieldX Networks are very thrilled to confirm that we have been selected as a finalist in the highly coveted RSA Sandbox Contest. The Innovation Sandbox Contest is an opportunity to spotlight new approaches to information security technology, provides advice and counsel for entrepreneurs, and exposes the RSA Conference community to venture capitalists, industry experts, senior level business practitioners, and thought leaders. Please read RSA’s announcement here:

Read More

About Author

Ratinder Ahuja

Ratinder Ahuja

Founder & CEORatinder leads ShieldX and its mission as its central pivot point, drawing from a career as a successful serial entrepreneur and corporate leader, bringing with him his unique blend of business acumen, industry network and deep technical knowledge.