Technical reference for Shield, Intrusion's prevention-first network security platform. Shield blocks malicious traffic at the network layer using the Global Threat Engine and 8.5 billion IP and DNS combinations refined since 2001.
A real POV has documented success criteria signed off before kickoff. A timeline you commit to. An output that procurement accepts. Yours runs in your network, with your traffic, against criteria you wrote in your own words. Not ours.
If you have run a POV that ended in "looked great, hard to share," you know exactly what we are not doing.
Three windows. You pick the depth. Each phase has documented success criteria, a kickoff session, and a final readout that includes a procurement-grade success criteria report, the full event export, and an architecture recommendation if you proceed.
Each window is a complete POV. Longer windows let us cover more deployment patterns and gather more evidence. Most evaluators run the 10-day standard. Federal procurement and complex multi-platform evaluations run 14.
For evaluators validating one specific deployment pattern fast. Most common: Stratus inline on a single VPC, or Shield OnPremise in Observe Mode at the perimeter.
Run the platform in Observe Mode for the first half. Review what would have been blocked. Flip to enforcement for the second half. The most common evaluation pattern.
For complex environments validating Stratus plus Shield OnPremise plus Endpoint together. Evaluators with formal procurement criteria requiring evidence across multiple deployment patterns.
Success criteria are written collaboratively in the kickoff meeting. The list below is criteria that have worked well in past evaluations. Yours can mirror these or be specific to your environment.
Document at least N blocked outbound connections to known-bad command and control destinations during the POV window.
Document blocked inbound connection attempts from reputation-flagged scanning IPs and bots, with full forensic record.
Document blocked DNS lookups against the 8.5 billion IP and DNS reputation records.
Validate production traffic flows are unaffected by Shield enforcement under load. Measured by your existing performance monitoring.
No legitimate business-critical destination blocked during the POV window without an allowlist remediation path.
From the Command Hub event log, an evaluator can produce the full forensic record for any blocked event in under one minute.
A POV that ends with "looked great, hard to share" is not a POV. Here is what you walk away with at the readout, ready to bring to procurement or your security committee.
| Deliverable | Detail |
|---|---|
| Success Criteria Report | Each criterion with measured outcome and the evidence supporting it. Pass, fail, or partial. Written for security committee review. |
| Event Export | CSV and Excel of every blocked event during the POV window. Source, destination, threat category, policy attribution, microsecond timestamp. |
| Architecture Recommendation | If you proceed beyond the POV, the recommended deployment topology for your environment. Platforms, placements, sizing. |
If your evaluation criteria centers on any item below, a POV is not where to start. Talk to a sales engineer first to confirm fit. We are not going to waste your two weeks on the wrong problem.
You need DPI malware scanning. Pair Shield with a secure web gateway or sandbox. We do not inspect payload.
You are evaluating endpoint-only solutions. Shield Endpoint is reputation-based agent enforcement, not an EDR.
You need a single console for monitoring + enforcement. Shield Sentinel is independent of Command Hub. Plan around the Stratus, Shield OnPremise, Endpoint family.
You are looking for full SOC tool replacement. Shield is complementary. Not a replacement.
You require a public API or pre-built SOAR integration. Not currently offered. Forward via SIEM.
Procurement requires a current FedRAMP, GSA Schedule, or SOC 2 certificate today. FedRAMP, GSA Schedule, and SOC 2 are in active certification process. ISO 27001 is not currently in scope. If your timeline cannot wait for certification close, we tell you up front so we are not in a POV against the wrong gate.
One business day response. Sales engineer drafts the criteria. You edit. Kickoff in 5 days.