// 05 Proof of Value

Most "POVs" are vendor-led.
Yours is yours.

Technical reference for Shield, Intrusion's prevention-first network security platform. Shield blocks malicious traffic at the network layer using the Global Threat Engine and 8.5 billion IP and DNS combinations refined since 2001.

A real POV has documented success criteria signed off before kickoff. A timeline you commit to. An output that procurement accepts. Yours runs in your network, with your traffic, against criteria you wrote in your own words. Not ours.

If you have run a POV that ended in "looked great, hard to share," you know exactly what we are not doing.

7 days. 10 days. 14 days.

Three windows. You pick the depth. Each phase has documented success criteria, a kickoff session, and a final readout that includes a procurement-grade success criteria report, the full event export, and an architecture recommendation if you proceed.

// The Three Windows

Pick the depth. Commit the timeline.

Each window is a complete POV. Longer windows let us cover more deployment patterns and gather more evidence. Most evaluators run the 10-day standard. Federal procurement and complex multi-platform evaluations run 14.

// Express
7
days

Single platform. Single placement.

For evaluators validating one specific deployment pattern fast. Most common: Stratus inline on a single VPC, or Shield OnPremise in Observe Mode at the perimeter.

  • One platform deployed
  • One placement validated
  • 3 to 5 success criteria documented
  • Final readout with sales engineer
// Standard
10
days

Validate, then enforce.

Run the platform in Observe Mode for the first half. Review what would have been blocked. Flip to enforcement for the second half. The most common evaluation pattern.

  • One or two platforms deployed
  • Observe Mode then enforcement
  • 5 to 8 success criteria documented
  • Mid-POV checkpoint plus final readout
// Extended
14
days

Multi-platform, real depth.

For complex environments validating Stratus plus Shield OnPremise plus Endpoint together. Evaluators with formal procurement criteria requiring evidence across multiple deployment patterns.

  • Multiple platforms deployed
  • Multi-placement coverage
  • 8 to 12 success criteria documented
  • Two checkpoints plus final readout
// Sample Success Criteria

Written in your words. Signed off before kickoff.

Success criteria are written collaboratively in the kickoff meeting. The list below is criteria that have worked well in past evaluations. Yours can mirror these or be specific to your environment.

// C2 Outbound

Block N outbound C2 attempts.

Document at least N blocked outbound connections to known-bad command and control destinations during the POV window.

// Inbound Recon

Block scanning sources at the perimeter.

Document blocked inbound connection attempts from reputation-flagged scanning IPs and bots, with full forensic record.

// DNS

Block DNS resolutions to known-bad domains.

Document blocked DNS lookups against the 8.5 billion IP and DNS reputation records.

// Latency

No measurable user-facing latency.

Validate production traffic flows are unaffected by Shield enforcement under load. Measured by your existing performance monitoring.

// False Positive Rate

Zero high-impact false positives.

No legitimate business-critical destination blocked during the POV window without an allowlist remediation path.

// Investigation Time

"Why blocked" answer in under 60 seconds.

From the Command Hub event log, an evaluator can produce the full forensic record for any blocked event in under one minute.

// What You Get Back

Three deliverables. Procurement-ready.

A POV that ends with "looked great, hard to share" is not a POV. Here is what you walk away with at the readout, ready to bring to procurement or your security committee.

DeliverableDetail
Success Criteria ReportEach criterion with measured outcome and the evidence supporting it. Pass, fail, or partial. Written for security committee review.
Event ExportCSV and Excel of every blocked event during the POV window. Source, destination, threat category, policy attribution, microsecond timestamp.
Architecture RecommendationIf you proceed beyond the POV, the recommended deployment topology for your environment. Platforms, placements, sizing.
// Before You Request One

When a POV is not the right next step.

If your evaluation criteria centers on any item below, a POV is not where to start. Talk to a sales engineer first to confirm fit. We are not going to waste your two weeks on the wrong problem.

SHIELD IS NOT FOR.

The disqualifier list, in plain English.

You need DPI malware scanning. Pair Shield with a secure web gateway or sandbox. We do not inspect payload.

You are evaluating endpoint-only solutions. Shield Endpoint is reputation-based agent enforcement, not an EDR.

You need a single console for monitoring + enforcement. Shield Sentinel is independent of Command Hub. Plan around the Stratus, Shield OnPremise, Endpoint family.

You are looking for full SOC tool replacement. Shield is complementary. Not a replacement.

You require a public API or pre-built SOAR integration. Not currently offered. Forward via SIEM.

Procurement requires a current FedRAMP, GSA Schedule, or SOC 2 certificate today. FedRAMP, GSA Schedule, and SOC 2 are in active certification process. ISO 27001 is not currently in scope. If your timeline cannot wait for certification close, we tell you up front so we are not in a POV against the wrong gate.

Ready to write the success criteria?

One business day response. Sales engineer drafts the criteria. You edit. Kickoff in 5 days.

Request a POV

RECOMMENDED NEXT STEP

Ready to see what Shield finds in your environment?

Request a POV Book a Meeting Talk to an Engineer