HELP IS A CLICK AWAY
Dive into frequently asked questions by topic, or reach out for any questions or thoughts you might have.
ShieldX Elastic Security Platform Overview
ShieldX Elastic Security Platform is a 100% software, network-based security platform for protection of core business infrastructure services that span across multiple physical, virtual, and cloud-based environments — or the “multi-cloud.” It offers fully scalable and automated visibility, micro-segmentation, and threat and malware detection and prevention to support security policy creation, enforcement, and compliance.
ShieldX Elastic Security Platform is ideally suited for deployment by the cloud and infrastructure, security, and DevOps teams within enterprise, service provider, and professional services organizations.
While ShieldX Elastic Security Platform follows cloud-principles regarding elasticity, automation, and the economics of lower resource costs and on-demand deployment, it is actually a software-based product. It is not what is known as a “Security-as-a-Service” or “managed service” model. ShieldX does not host your deployment, or manage it, we just make it easier for you. Organizations acquire, deploy, and manage it within their infrastructure, whether on-premises, hosted, within public cloud, or in combinations of all of these.
Is ShieldX Elastic Security Platform a Cloud Security or a Cloud Access Security Broker (CASB), solution?
ShieldX Elastic Security Platform does secure clouds deployed by our customers. But unlike CASB solutions that secure communications between users and external environments and services like SaaS, ShieldX Elastic Security Platform focuses on securing the network traffic within the organization as part of its critical infrastructure — whether in data centers or in hosted, colocation and/or public cloud services. We call it “multi-cloud” security because of its inherent ability to traverse all varieties of cloud architectures, virtualized infrastructure, and even physical environments.
No. According to Gartner’s definition, CWPPs offer endpoint-based protection. ShieldX Elastic Security Platform is a network-based security solution, providing security controls generally categorized as network, content, and data loss prevention* (DLP) security. In addition, ShieldX Elastic Security Platform does not install software onto any of the workloads that it protects.
ShieldX Elastic Security Platform sounds a lot like a Next Generation Firewall (NGFW.) Does it replace it?
ShieldX Elastic Security Platform does offer many of the same security controls as a NGFW, including ACLs, application classification, and intrusion prevention. But ShieldX Elastic Security Platform isn’t intended to replace the physical, appliance-based firewalls at the perimeter of a data center. It is designed to complement these solutions and the customer investments they represent. However, ShieldX Elastic Security Platform is an ideal, cost-effective replacement for NGFW virtual appliances. Traditional virtual appliances exact a high tax on deployment within the data center or the cloud when considering performance, licensing, and infrastructure costs. They also present challenges in efficient operations, scale, and security management.
Customers tell us it is ideally suited to:
- Secure on-premises infrastructure — Segment and secure lateral, “east-west” traffic across virtualized and orchestrated private clouds and data centers – especially if there is a mix of new and legacy technologies, and compliance is a concern.
- Secure public clouds — Segment and secure within and at the perimeter of public cloud deployments, especially where there is a need for high performance and cost control.
- Secure a multi-cloud environment — Create, automate, and enforce uniform security policy across disparate environments.
- Enable Managed Security Services & Providers — Remotely deploy, manage and monitor infrastructure security, including within OpEx-based engagement models.
- Secure IP Transport Providers — Offer “clean pipe” connections at scale and on-demand according to current requirements, need, and subscriber requirements.
- Empower DevOps — DevOps teams can work with ShieldX Elastic Security Platform to integrate with and secure new applications and environments. Or, security and operations teams can use it for a DevSecOps style of security operations management. The ShieldX Elastic Security Platform API-First strategy allows for all of its capabilities to be dynamically controlled via RESTful APIs.
ShieldX Elastic Security Platform Architecture
Is ShieldX Elastic Security Platform an appliance? Where does it install? Does it come with hardware?
ShieldX Elastic Security Platform is the anti-appliance. Appliances, whether physical or virtual, are based on converged, monolithic software that is typically designed to run on custom, proprietary hardware in order to maintain performance with a full set of security features enabled. ShieldX Elastic Security Platform runs on your commodity hardware and hypervisors as a distributed, microservices-based architecture. It shares the same infrastructure resources as the services it protects, so it is up to you to determine how much investment and how many resources you wish to allow security services to consume. And it will only use them as you need them, freeing up resources for your core business services.
Known to the world of application developers and DevOps teams, a microservices-based architecture is an application model that deconstructs traditional, monolithic software into its component parts, and then distributes and chains them. This allows dynamic replication and scale of each component as needed, rather than having to replicate the entire code set when just one function fails to scale, or simply, fails.
ShieldX Elastic Security Platform is “containerized.” What exactly does that mean and why does it matter?
Each of the ShieldX Elastic Security Platform micro-services, or xServices, is packaged into a container to offer a lightweight footprint, reliability, scale, and non-disruptive upgrades. These containers are then “wrapped” in a virtualized form factor that allows them to be deployed into the environments requiring protection, such as VMware vSphere®, OpenStack®, AWS EC2®, or Microsoft Azure®.
What does ShieldX Elastic Security Platform “unlimited scale” and “uncompromised security” really mean? And could it eat my network?
Due to its 100% software, microservices-based architecture, ShieldX Elastic Security Platform scale is limited only by the infrastructure resources allocated to support it. It will grow with your network, its traffic and its security needs — even with deep packet inspection and TLS decryption/re-encryption fully enabled, which are both resource intensive services. In addition, ShieldX Elastic Security Platform is built to serve and protect core business critical services, not displace them. Its active, self-orchestration functions continually monitor infrastructure utilization to ensure it doesn’t overrun your hosts or networks.
SHIELDX ELASTIC SECURITY PLATFORM COMPATIBILITY
The ShieldX Elastic Security Platform architecture is designed to quickly integrate with most environments. Version 1.2 supports VMware vSphere™ 5.5-6.0, OpenStack® Mitaka, and now both AWS EC2® and Microsoft Azure® environments. Please refer to www.shieldx.com for more information and inquiries. Additional environments are in development and we would like to hear from you about your specific and unique requirements.
ShieldX Elastic Security Platform runs over “commodity hardware” or “infrastructure” Which chipsets or hardware platforms does ShieldX Elastic Security Platform support?
ShieldX Elastic Security Platform is currently optimized for operation over Intel® Xeon® CPUs (Sandy Bridge or later).
ShieldX lists partnerships with other companies. Is ShieldX Elastic Security Platform certified with any of these environments?
ShieldX Elastic Security Platform is certified VMware-Ready® and OpenStack Compatible®. We are partnering with multiple vendors and will be updating our certification list soon. Please contact us if you have any questions.
ShieldX Elastic Security Platform currently integrates with FireEye® AX appliances and Helix Cloud. IT teams and their providers may also use our REST-based APIs and syslog export to create custom integration with other systems, like SIEMs.
Yes. Everything that can be done through the management console (and more) can be accessed and controlled via RESTful API.
Can ShieldX Elastic Security Platform import more intelligence feeds? Where does its intelligence come from?
ShieldX Elastic Security Platform uses and embeds third-party intelligence feeds from market-leading providers. These feeds pair with the intelligence ShieldX Elastic Security Platform gains through its discovery and profiling analytics to provide a tailored combination of community knowledge with intel that is automatically customized to your environment. In addition, to support an industry best practice of leveraging community intel, ShieldX Elastic Security Platform can import additional feeds you may already subscribe to. Please contact us if you have questions and are interested in assistance in configuring this capability for your deployment.
Deploying ShieldX Elastic Security Platform
How can we estimate and effectively size the supporting hardware infrastructure that ShieldX Elastic Security Platform needs to operate?
ShieldX offers resource requirement tables per each supported environment to help your team estimate the resources ShieldX Elastic Security Platform will consume, based on how much traffic you will inspect (with or without TLS decryption). If you are uncertain of your traffic volume and trends, you can ask us for guidance, evaluate ShieldX Elastic Security Platform for a snapshot, and/or start with a base configuration with the freedom to upgrade as needed without penalty.
Is ShieldX Elastic Security Platform deployment disruptive? Does it require shutdown of the network or its services to deploy for the first time?
Not at all. And this is a defining difference between ShieldX Elastic Security Platform and other solutions on the market which require network shutdown, image edits/reloads, or manual (and ongoing) reconfigurations of the service chain. ShieldX Elastic Security Platform inserts transparently into each network you have configured it to secure using the credentials you have provided. It automatically discovers the details it needs to use to work within each environment, freeing valuable security architect and analyst time to focus on strategic security policy creation, process, and investigation.
How do we upgrade ShieldX Elastic Security Platform? Does it require a rip-and-replace upgrade process?
Due to its microservices-based architecture, ShieldX Elastic Security Platform is designed to inherently support high availability and non-disruptive update, patch, and removal. Updates/upgrades will be downloadable as they become available.
ShieldX Elastic Security Platform is a security product. But as a containerized, microservices platform, does deploying it introduce new vulnerability into my network?
ShieldX is a team of security experts. We’ve taken special care to employ best practices in the development of our product, following guidelines of the SSDLC, using leading test and code analysis tools, and employing concepts such as “defense in depth” and the “principle of least privilege.” We also use ShieldX Elastic Security Platform in our own production IT environment. If you would like to learn more, please contact us for a briefing.
Where can we learn more about ShieldX Elastic Security Platform security features? And what is an “IoP”?
You are always welcome to contact us for product documentation and materials that detail the capabilities of ShieldX Elastic Security Platform security controls, policy creation, its analytics and yes, IoP. Indicator-of-Pivot (IoP) is a security feature unique to ShieldX Elastic Security Platform. Unlike the Indicator-of-Compromise (IoC) that typically represents volumes of perimeter-based alerts and contributes to time-consuming or distracting false positives, ShieldX Elastic Security Platform uses real-time analytics to identify lateral movement by attackers, reduce actions on false positives, and helps security analysts start tracking threats earlier and throughout the entire Cyber Kill Chain.
GETTING SHIELDX ELASTIC SECURITY PLATFORM
Yes. ShieldX Elastic Security Platform is available now. Customers and partners may engage with ShieldX today for a briefing and demonstration, and to run a proof-of-value evaluation.
ShieldX Elastic Security Platform is designed to offer the agility and flexibility IT organizations expect of cloud-native solutions. ShieldX Elastic Security Platform is offered in a capacity-based license model, beginning at 10 Gbps of security inspection, with incremental upgrades of 2 Gbps as needed. Primarily sold as a subscription, for simplicity, our support contract is now included. ShieldX Elastic Security Platform is also available in consumption based models for public clouds.
Do we buy a separate ShieldX Elastic Security Platform license for every environment we will run it in?
No. ShieldX Elastic Security Platform offers an “all you can eat” model. You can use all of its security controls, in any supported environment, and for as many data planes and microservices as you need. The ShieldX Elastic Security Platform license is tied to a single virtual chassis defined by a single management plane. If you decide to buy more than one license, it will be due to your unique business and operational requirements, and not for any lack of scale or separation of duties in ShieldX Elastic Security Platform.
When evaluating ShieldX Elastic Security Platform, our presales team is available to assist with your questions and your proof-of-value deployment. ShieldX Elastic Security Platform customers are entitled to premium, 24×7 support and updates online and by phone. Whether evaluating or actively using ShieldX Elastic Security Platform to secure your environment, you may request access to our Customer + Partner Portal for product downloads, documentation, training, and our knowledgebase.
Absolutely. In fact, we encourage you to evaluate it thoroughly and compare it to other solutions on the market. Contact ShieldX to request an evaluation.
How do we right-size our ShieldX Elastic Security Platform license purchase? And can we upgrade later?
This is where evaluation can help. While you may have some estimations of your traffic, ShieldX Elastic Security Platform can help provide visibility into how much traffic is actually traveling across your network — including its peaks and valleys. And you will not be penalized for starting low and upgrading later as you gain more insight, or your requirements change.
Our company has a defined purchase process and approved vendor and supplier list. Can you work with our process and approved list?
Yes. ShieldX can work with your process and your vendors and providers. If your preferred provider is not already engaged with us, please direct them to contact us.
ShieldX Elastic Security Platform fully embraces cloud principles — the ability to access and pay for what you need or consume, when you need it, with cost-effective prices and flexible business models. Enabled by its elastic architecture, ShieldX Elastic Security Platform offers lower TCO and helps reduce operations costs of licensing, hosting/services, infrastructure, staff, and maintaining SLAs. If you would like to hear more details on our business case, please contact us for a briefing.