Shield gives MSSPs a prevention-first network security capability that reduces analyst workload and improves customer outcomes. Shield blocks malicious traffic at the network layer using the Global Threat Engine.
Shield enables MSSPs to manage multiple customers from a single platform while maintaining strict separation of data, policies, and access. Each tenant operates independently. You retain centralized visibility and control through Shield Command Hub.
| Audience | MSSP operations leaders managing multiple client environments |
|---|---|
| Problem | Console sprawl and per-client overhead erode service margins |
| How Shield helps | Shield Command Hub manages all tenants from one console with role-based access |
| Best fit | MSSPs managing 50-500 mid-market and enterprise tenants |
| Next step | Apply to partner program |
Logical separation of each customer’s data, traffic, and policies. No cross-tenant visibility unless explicitly authorized. Secure, per-tenant access boundaries built into the platform, not bolted on.
Group-based RBAC. Each client gets their own group by default. Groups can span devices across multiple clients when that suits your operations. A user gets a role per group, and the role controls how much editing they can do inside it. Admin for one group. User for another. Observer for a third. Real permissions, real flexibility.
Custom groups that span multiple clients are powerful for your operations team, but they are not meant for end-client users. If you build a multi-tenant group, never assign it to a customer. You’re the one keeping the walls up: Shield gives you the tools, you set the access.
Pick the platform that fits the customer’s environment. Stratus for cloud workloads. Shield OnPremise for datacenter and campus. Endpoint for remote workforce. Mix as needed.
One tenant created per customer by default. Groups configured. Roles assigned. Baseline permits set if needed. The tenant boundary is logical and enforced.
Begin enforcement and visibility within hours. Immediate insight into traffic and risk. First customer-ready report ready by week one of operations.
Deployment models. Baseline policies. Reporting structures. Apply the same templates across every tenant to keep onboarding fast and onboarding quality consistent.
Exceptions. Permits. Customer-specific reporting needs. Where the customer needs flexibility, you have it. Where the platform should standardize, it does.
Apply updates across multiple tenants simultaneously. Maintain consistency without manual reconfiguration. Threat intelligence updates happen automatically across every tenant.
Visibility into configuration changes and enforcement actions. Track who made changes and when. Built-in evidence for customer compliance reviews.
Blocked traffic and enforcement activity. Suspicious endpoints and unusual communication patterns. Trends across tenants surfaced through AI Insights.
Repeated blocked communications from high-risk connections. Indicators of compromised devices or abnormal behavior. High-risk destinations or patterns. Backed by AI Recommendations.
Prevention-first reduces volume at the source. Logging instead of constant interruption. Focus on meaningful events, not chasing every false positive.
Threat, traffic, and behavior insights per tenant. Visibility into IoCs, suspicious endpoints, and patterns. Detailed threat reports by Intrusion threat hunting experts can be added on.
On-demand access. Historical reporting available as needed. You set the rhythm with the customer, the platform supports it.
Executive summary outputs for the board. Advanced reports for the analyst details. Same data, two stories, no separate tooling required.
Hours, not weeks. Per tenant.
Reduced triage and investigation effort across the client base.
Fewer downstream events flowing into your SIEM and ticketing queues.
Clear evidence of blocked threats and reduced risk. Customer-ready.
Shield is designed to reduce what reaches the SOC queue before analysts ever see it. For MSSPs managing multiple customer environments, that means fewer meaningless alerts, lower analyst workload, and more time spent on real threats.
Shield complements your existing SIEM, EDR, and firewall stack. It does not replace any of them. It blocks the known-bad traffic those tools would otherwise have to triage.
Talk to an EngineerShield Command Hub generates blocked-event logs and exportable reports (CSV and Excel) that MSSPs can use for customer-facing reporting. Every blocked connection is timestamped, categorized, and attributable to a specific tenant.
RECOMMENDED NEXT STEP