Shield gives MSSPs a prevention-first network security capability that reduces analyst workload and improves customer outcomes. Shield blocks malicious traffic at the network layer using the Global Threat Engine.
Shield closes the gaps other tools leave behind. Inline blocking across network, cloud, and endpoint. Lower risk. Lower cost. A scalable, high-margin managed service you deliver across every customer.
| Audience | MSSP technical and operations teams evaluating Shield |
|---|---|
| Problem | Need to understand how Shield works before committing to a partner relationship |
| How Shield helps | Reputation-based DNS and IP filtering blocks risky traffic before it reaches the analyst queue |
| Best fit | MSSPs with 50+ managed tenants seeking noise reduction |
| Next step | Request a POV |
Shield doesn’t ask you to rip out what’s working. It plugs into the gaps where your team is bleeding hours.
Shield works with your stack, not against it. Existing firewall, EDR, SIEM, and ticketing investments stay in place. Shield adds prevention upstream of all of them.
Reduces alert-heavy detection and manual triage. Block at the connection level so noise never reaches your queue.
Minimizes ongoing tuning. Shield operates on reputation intelligence built since 2001, not signatures your team has to maintain.
Decreases SIEM noise and investigation workload. Less ingestion, fewer false-positive trails to chase, fewer billable analyst hours wasted.
Inline between firewall and internal network. Inspects and blocks all inbound and outbound traffic at the network edge. Up to 10 Gbps throughput.
Native to AWS and Azure. Controls inbound and outbound traffic per-direction. The only Shield platform that supports separate policies per direction.
Reputation filtering on Windows and Android for north-south protection. ZTNA on Android for secure east-west access. Browser isolation built in.
Network insertion point, cloud account access, or endpoint install permissions. Whatever your team already has authority to deploy.
Hours to live, not weeks of consulting. Stratus deploys in hours. Shield OnPremise ships in days, lives in under an hour. Endpoint installs in under five minutes per device.
Live traffic and DNS/IP lookups. Built-in reputation intelligence. No external feeds, no model training, no data ingestion required.
All inbound and outbound traffic. DNS requests, IP connections, TCP/UDP connections. No log-based blind spots, no delayed visibility.
Known malicious infrastructure based on long-term reputation and behavior. Unknown or untrusted infrastructure commonly used in attacks.
Source and destination details. Timestamp and protocol details. Reputation-based reason for enforcement. Permission to deploy customer-facing reports without guesswork.
Simple permit workflows for exceptions. Done at the individual or group level. Full visibility into why something was blocked. No complex rule rewrites, no model retraining, no escalation chain to override a single block.
Single pane of glass through Shield Command Hub. Centralized dashboards across all environments. Per-customer segmentation with unified control.
Consistent enforcement across all customers. Repeatable deployment models. Minimal customization required to onboard a new tenant.
Prevention-first reduces noise. Logging instead of analyst-driven triage. Your SOC sees the events that matter, not the static.
On-demand reports. Executive summaries and technical detail per customer. Build the rhythm your client wants, not the one your tooling forces.
A blocked event with device, destination, and reason. Immediate context for why action was taken. No digging through three tools to assemble the picture.
Drill into device activity and communication patterns. View related events and historical behavior. AI Insights summarizes activity and surfaces what matters.
Validate enforcement. Add permits if needed. Turn insights into customer recommendations and billable advisory work.
Shield gives you the raw material. You shape the customer narrative. Daily, weekly, monthly, quarterly - the cadence is yours, the data is the same.
Surfaced clearly: known indicators of compromise, suspicious endpoints, and emerging risks across the customer environment.
Visibility into how devices are talking, traffic flows, and unusual activity. The patterns most tools never surface.
Internal hostnames, IPs, MACs, protocol usage, infrastructure awareness. The asset inventory you couldn’t build before.
Clear visibility into blocked malicious and unknown traffic. Highlight hidden risk. Demonstrate gaps other tools missed. AI Insights summarizes findings in plain language.
Deploy chosen Shield product in observe or protect mode. Immediate visibility into traffic and enforcement. Show what is (or would be) blocked.
Command Hub is the centralized console for managing Shield deployments across all your customer tenants. Configure policies, view blocked events, generate reports, and manage the full Shield lifecycle from a single interface.
See Shield Command Hub Technical Overview → Command Hub Architecture →
RECOMMENDED NEXT STEP