// For the Network Architect

Detection-only is a tax
on your analysts.

Technical reference for Shield, Intrusion's prevention-first network security platform. Shield blocks malicious traffic at the network layer using the Global Threat Engine and 8.5 billion IP and DNS combinations refined since 2001.

At a Glance

What it doesBlocks malicious network traffic at the network layer using reputation-based threat intelligence.
Who it's forSecurity teams needing prevention-first network defense.
How it deploysShield's five products cover cloud, Shield OnPremise, endpoint, monitoring, and management.
What you getPrevention of known-bad connections with full evidence of what was blocked.

Your EDR sees the endpoint. Your firewall enforces L7. Your SIEM correlates after the fact. Nothing in your stack stops a connection at the wire because the destination is known-bad. We are the layer that does.

Built for the architect running the POV. Not the marketing decision-maker.

Reputation-based pre-emptive blocking.

Every connection your network attempts is checked against 8.5 billion IP and DNS records of proprietary threat intelligence built since 2001. Match a known-bad destination, the connection drops at sub-ms. No alert. No analyst triage. No queue.

// What This Journey Covers

You are here for the technical answer.

Twelve pages. Architecture, mechanism, console workflow, POV process, downloadable assets, FAQ, and a technical sheet for each of the five Shield platforms. Read in order, or jump to the page that answers your question.

// Where Shield Sits in Your Stack

You already have these. Shield is not replacing any of them.

Most evaluators arrive expecting us to position against their existing controls. We are not. Shield is a network-layer reputation control that operates alongside everything you have already deployed. The honest version of where it fits:

// EDR

Sees the host.

Behavioral analysis on the endpoint. Process trees, file activity, memory inspection. Catches what runs after the connection is made.

// Firewall

Enforces policy.

Rule-based traffic control at L3 to L7. Allow this port from this subnet. Deny that protocol. Critical for policy. Not a reputation control.

// SIEM

Correlates after.

Aggregation, retention, correlation across logs from everything else. Tells you what happened. Does not stop what is happening.

// Shield

Blocks the wire.

Reputation-based pre-emptive blocking on the connection itself. Identity of the destination, not behavior on the host or signature in the packet.

// What That Actually Means

Four things you can verify.

If you are running an EDR plus a firewall plus a SIEM, the legitimate question is what Shield adds. Four answers.

01

It blocks before the connection completes.

The decision happens at sub-ms. No round trip to a cloud verdict service. No human in the loop. The connection drops at the wire before anything on either side knows it was attempted.

02

It uses identity, not behavior.

The decision is based on who the destination is, not what the packet contains or what the process is doing. Encryption, novel payloads, and TLS 1.3 with no SNI are all irrelevant to the decision.

03

The dataset is proprietary, not bought.

8.5 billion IP and DNS records, built since 2001, continuously refreshed. Not a reseller of someone else's threat feed. The 20+ year heritage is the moat.

04

It does not generate alerts.

Shield blocks. It does not surface decisions for you to triage. Every block is logged with full forensic context, but the volume of blocks does not translate to volume of analyst work.

// The Boundary

What this is not.

Saying yes to everything is a vendor tell. Here is the explicit list of what Shield does not do, so you can decide if you are in the right place before you spend twenty minutes more.

SHIELD IS NOT.

A replacement for the controls you already have.

If your evaluation criteria includes any of the items below, talk to a sales engineer first to confirm fit. We are not going to waste your time with a POV against the wrong problem.

// Where To Go From Here

Read in order. Or jump to your question.

The next eleven pages are written for you, not for a buying committee. Architecture and mechanism first. Console workflow next. POV process. Then the per-platform technical sheets. Skip what you do not need.

Ready to walk through the architecture?

30 minutes with a sales engineer. Your network diagram on screen. We answer "what does this not do" before you ask.

Talk to an Engineer

RECOMMENDED NEXT STEP

Ready to see what Shield finds in your environment?

Request a POV Book a Meeting Talk to an Engineer