APEIRO™ is Available
APEIRO is available for purchase from ShieldX and ShieldX authorized Channel Partners. Contact us to learn more.
APEIRO customers may purchase a global, 7×24 annual support subscription with access to our Customer + Partner Portal that includes product downloads, documentation, updates, training and our online support system.
APEIRO is a 100% software, network-based security platform for protection of core business infrastructure services that span across multiple physical, virtual and cloud-based environments — or the “multi-cloud”. It offers fully scalable and automated visibility, microsegmentation, and threat and malware detection and prevention to support security policy creation, enforcement and compliance.
APEIRO is ideally suited for deployment by the cloud and infrastructure, security and DevOps teams within enterprise, service provider and professional services organizations.
While APEIRO follows cloud-principles regarding elasticity, automation, and the economics of lower resource costs and on-demand deployment, APEIRO is actually a software-based product. It is not what is known as a “Security-as-a-Service” or “managed service” model. ShieldX does not host your deployment, or manage it for you. We just make it easier for you. Organizations acquire, deploy and manage it within their infrastructure, whether on-premises, hosted, within public cloud or combinations of all of it.
APEIRO does secure clouds deployed by our customers. But unlike CASB solutions that secure communications between users and external environments and services like SaaS, APEIRO focuses on securing the network traffic within the organization as part of its critical infrastructure — whether in data centers or in hosted, colo and/or public cloud services. We call it “multi-cloud” security because of its inherent ability to traverse all varieties of cloud architectures, virtualized infrastructure and even physical environments.
No. According to Gartner’s definition, CWPPs offer endpoint-based protection. APEIRO is a network-based security solution, providing security controls generally categorized as network, content and Data Loss (or Leak) Prevention* (DLP) security. In addition, APEIRO does not install software onto any of the workloads that it protects.
APEIRO does offer many of the same security controls as a NGFW including ACLs, application classification and intrusion prevention. But APEIRO isn’t intended to replace the physical, appliance-based firewalls at the perimeter of a data center. APEIRO is designed to complement these solutions and the customer investments they represent.
However, APEIRO is an ideal, cost-effective replacement for NGFW virtual appliances. Traditional virtual appliances exact a high tax on deployment within the data center or the cloud when considering performance, licensing and infrastructure costs. They also present challenges in efficient operations, scale and security management.
While the APEIRO platform and its modularity render it capable of many use cases, our customers tell us it is ideally suited to:
- Secure on-premises infrastructure — Segment and secure lateral, “East-West” traffic across virtualized and orchestrated private clouds and data centers – especially if there is a mix of new and legacy technologies, and compliance is a concern.
- Secure public clouds — Segment and secure within and at the perimeter of public cloud deployments, especially where there is a need for high performance and cost control.
- Secure a multi-cloud environment — Create, automate and enforce uniform security policy across disparate environments.
- Enable Managed Security Services & Providers — Remotely deploy, manage and monitor infrastructure security, including within OpEx-based engagement models.
- Secure IP Transport Providers — Offer “Clean Pipe” connections at scale and on-demand according to current requirements, need and subscriber requirements.
- Empower DevOps — DevOps teams can work with APEIRO to integrate with and secure new applications and environments. Or, security and operations teams can use APEIRO for a DevSecOps style of security operations management. The APEIRO API-First strategy allows for all of its capabilities to be dynamically controlled via RESTful APIs.
APEIRO is the anti-appliance. Appliances, whether physical or virtual, are based on converged, monolithic software that is typically designed to run on custom, proprietary hardware in order to maintain performance with a full set of security features enabled.
APEIRO runs on your commodity hardware and hypervisors as a distributed, microservices-based architecture. It shares the same infrastructure resources as the services it protects, so it is up to you to determine how much investment and how many resources you wish to allow security services to consume. And it will only use them as you need them, freeing up resources for your core business services.
Known to the world of application developers and DevOps teams, a microservices-based architecture is an application model that deconstructs traditional, monolithic software into its component parts, and then distributes and chains them. This allows dynamic replication and scale of each component as needed, rather than having to replicate the entire code set when just one function fails to scale, or simply, fails.
Each of the APEIRO microservices, or xServices, is packaged into a container to offer a lightweight footprint, reliability, scale and non-disruptive upgrades. These containers are then “wrapped” in a shell that allows them to be deployed into the environments requiring protection, such as VMware vSphere®, AWS EC2® or OpenStack®.
Due to its 100% software, microservices-based architecture, APEIRO scale is limited only by the infrastructure resources allocated to support it. It will grow with your network, its traffic and its security needs — even with deep packet inspection and TLS decryption/re-encryption fully enabled, which are both resource intensive services.
In addition, APEIRO is built to serve and protect core business critical services, not displace them. Its active, self-orchestration functions continually monitor infrastructure utilization to ensure it doesn’t overrun your hosts or networks.
The APEIRO architecture is designed to very quickly integrate with most environments. In its first release it supports VMware vSphere™ 5.5-6.0 and OpenStack® Mitaka environments, with AWS EC2® to follow in subsequent releases. Please refer to www.shieldx.com for more information and inquiries. Additional environments are in development and we would like to hear from you about your specific and unique requirements.
APEIRO is currently optimized for operation over Intel® Xeon® CPUs (Sandy Bridge or later.)
APEIRO is in process of getting various certifications. Please contact us with questions at www.shieldx.com.
APEIRO currently integrates with FireEye® AX appliances and Helix Cloud. IT teams and their providers may also use our REST-based APIs and syslog export to create custom integration with other systems, like SIEMs.
Yes. Everything that can be done through the management console (and more) can be accessed and controlled via RESTful API.
APEIRO uses and embeds third-party intelligence feeds from market-leading providers. These feeds pair with the intelligence APEIRO gains through its discovery and profiling analytics to provide a tailored combination of community knowledge with intel that is automatically customized to your environment.
In addition, to support an industry best practice of leveraging community intel, APEIRO can import additional feeds you may already subscribe to. Please contact us if you have questions and are interested in assistance in configuring this capability for your deployment.
ShieldX offers resource requirement tables per each supported environment to help your team estimate the resources APEIRO will consume, based on how much traffic you will inspect (with or without TLS decryption). If you are uncertain of your traffic volume and trends, you can ask us for guidance, evaluate APEIRO for a snapshot, and/or start with a base configuration with the freedom to upgrade as needed without penalty.
Not at all. And this is a defining difference between APEIRO and other solutions on the market which require network shutdown, image edits/reloads, or manual (and ongoing) reconfigurations of the service chain.
APEIRO inserts transparently into each network you have configured it to secure using the credentials you have provided. It automatically discovers the details it needs to use to work within each environment, freeing valuable security architect and analyst time to focus on strategic security policy creation, process and investigations.
Due to its microservices-based architecture, APEIRO is designed to inherently support high availability and non-disruptive update, patch and removal. Updates/upgrades will be downloadable as they become available.
ShieldX is a team of security experts. We’ve taken special care to employ best practices in the development of our product, following guidelines of the SSDLC, using leading test and code analysis tools, and employing concepts such as “defense in depth” and the “principle of least privilege.” We also use APEIRO in our own production IT environment. If you would like to learn more, please contact us for a briefing.
You are always welcome to contact us for product documentation and materials that detail the capabilities of APEIRO security controls, policy creation, its analytics and yes, IoP.
Indicator-of-Pivot (IoP) is a security feature unique to APEIRO. Unlike the Indicator-of-Compromise (IoC) that typically represents volumes of perimeter-based alerts and contributes to time-consuming or distracting false positives, APEIRO uses real-time analytics to identify lateral movement by attackers, reduce actions on false positives, and helps security analysts start tracking threats earlier and throughout the entire Cyber Kill Chain.
APEIRO is designed to offer flexibility in licensing and purchasing, including both traditional, CapEx and new cloud-economics, OpEx-based models.
In its first release, APEIRO may be purchased via a one-time, perpetual license fee that is based on a selected maximum rate of traffic inspection. The base license is offered at 10 Gbps with upgrades in increments of 2 Gbps at time of initial purchase, or as needed.
Subsequent releases of APEIRO will offer a consumption-based licensing model based on the volume of traffic inspected.
No. APEIRO offers an “all you can eat” model. You can use all of its security controls, in any supported environment, and for as many data planes and microservices as you need. The APEIRO license is tied to a single Virtual Chassis defined by a single management plane. If you decide to buy more than one license, it will be due to your unique business and operational requirements, and not for any lack of scale or separation of duties in APEIRO.
Customers may purchase an annual, 24×7 support subscription from ShieldX and/or their preferred provider or vendor to receive a support entitlement.
This is where evaluation can help. While you may have some estimations of your traffic, APEIRO can help provide visibility into how much traffic is actually traveling across your network — including its peaks and valleys. And you will not be penalized for starting low and upgrading later as you gain more insight, or your requirements change.
Yes. ShieldX can work with your process and your vendors and Providers. If your preferred Provider is not already engaged with us, please provide us their contact information, or direct them to contact us.
APEIRO fully embraces cloud principles — the ability to access and pay for what you need or consume, when you need it, with cost-effective prices and flexible business models.
Enabled by its elastic architecture, APEIRO offers lower TCO and helps reduce operations costs of licensing, hosting/services, infrastructure, staff, and maintaining SLAs. If you would like to hear more details on our business case, please contact us for a briefing.
BETTER BUSINESS OUTCOMES
APEIRO reduces customer risk through state-of-the-art design, rapid security time-to-service, and helping IT to end the unacceptable compromises between security, performance and cost.