Technical reference for Shield, Intrusion's prevention-first network security platform. Shield blocks malicious traffic at the network layer using the Global Threat Engine and 8.5 billion IP and DNS combinations refined since 2001.
| What it does | Blocks malicious network traffic at the network layer using reputation-based threat intelligence. |
|---|---|
| Who it's for | Security teams needing prevention-first network defense. |
| How it deploys | Shield's five products cover cloud, Shield OnPremise, endpoint, monitoring, and management. |
| What you get | Prevention of known-bad connections with full evidence of what was blocked. |
Most network controls protect the network. Endpoint protects the user. Reputation filtering on Windows and Android. Browser isolation inside and outside the perimeter. ZTNA on Android. The user gets the same enforcement on coffee shop Wi-Fi as on the corporate LAN.
For the architect whose mobile workforce is the de facto perimeter, but the budget for a SASE rebuild is not approved.
A lightweight agent that runs reputation-based connection filtering on Windows and Android. Browser isolation works inside and outside the perimeter. ZTNA is Android-only. Coverage that follows the user, not the network.
Connection filtering against the 8.5 billion IP and DNS records. Same threat intelligence as the network platforms, applied at the host. North-south protection that travels with the user.
Browser isolation works whether the endpoint is on the corporate LAN or off-network. Coverage does not depend on the user being inside the firewall.
Zero Trust Network Access for Android. Mobile-first ZTNA pattern: secure east-west access without the latency of a full-tunnel VPN. Android only. Not available on Windows.
| Specification | Detail |
|---|---|
| Deployment | Software agent |
| Operating systems | Windows; Android |
| Reputation filtering | Windows and Android (north-south protection) |
| Browser isolation | Inside and outside the perimeter |
| ZTNA | Android only (not available on Windows) |
| Threat intelligence | 8.5 billion IP and DNS records, built since 2001 |
| Install time | Under 5 minutes per endpoint |
| Activation | Entra ID supported for activation only (not Command Hub auth) |
| Console | Command Hub (web console) |
| Evidence retention | 72 hours on-platform; long-term via SIEM forwarding |
Users on coffee shop Wi-Fi or LTE get the same enforcement they get on the corporate LAN. Coverage does not require VPN.
Reputation filtering and browser isolation on Android. ZTNA for east-west access without the latency of a full-tunnel VPN.
Lightweight agent install on personal Windows or Android devices for programs that allow it. Browser isolation contains web-based threats.
Combine Endpoint with Stratus or Shield OnPremise for both host-level and network-level enforcement. Same threat intelligence at both layers.
If your evaluation criteria includes any of these, Shield Endpoint is not the answer.
Switch between platforms without going back to the overview.
7 to 14 day POV. Pilot group install, validate enforcement and isolation.
RECOMMENDED NEXT STEP