// 09 Hardware · Inline

It racks next to your firewall.
It does not replace it.

Technical reference for Shield, Intrusion's prevention-first network security platform. Shield blocks malicious traffic at the network layer using the Global Threat Engine and 8.5 billion IP and DNS combinations refined since 2001.

At a Glance

What it doesBlocks malicious network traffic at the network layer using reputation-based threat intelligence.
Who it's forSecurity teams needing prevention-first network defense.
How it deploysShield's five products cover cloud, Shield OnPremise, endpoint, monitoring, and management.
What you getPrevention of known-bad connections with full evidence of what was blocked.

A 1U appliance, 10 Gbps line rate, that drops in inline at perimeter or core. Reputation-based blocking on the wire, sub-ms, autonomous. Syslog forwarding to your existing SIEM. The hardware is the answer when cloud-native is not.

For the network architect whose datacenter is not going to AWS in this budget cycle, but whose outbound C2 problem is.

10 Gbps line rate. Sub-ms decisions.

The appliance sits inline at perimeter or core. Reputation-flagged connections terminate at sub-ms. Everything else passes through unchanged. Syslog forwarding for SIEM ingestion is configured per deployment. No appliance trade-off between throughput and decision speed.

// Platform At A Glance

The numbers, named.

10 Gbps
Line rate per appliance
Sub-ms
Decision latency
1U
Rack-mount appliance
8.5B
IP/DNS records
// What Shield OnPremise Does

Three things, specific.

// Hardware

Line Rate Enforcement

10 Gbps inline throughput per appliance. Sub-ms decision latency. Autonomous, no human in the loop. For higher cumulative throughput, deploy multiple appliances rather than oversubscribing.

// Observable

Observe Mode Available

Deploy on a SPAN port for Observe Mode validation. Log every decision without enforcing. Validate the policy against your environment, then move inline.

// SIEM-Ready

Syslog Forwarding

Forward blocked event records via Syslog for SIEM ingestion and long-term retention. Configured per deployment. The path to your existing SIEM is built in.

// Specifications

Technical spec sheet.

SpecificationDetail
Deployment1U rack-mount appliance
Throughput10 Gbps line rate per appliance
Decision latencySub-ms reputation lookup and decision
Threat intelligence8.5 billion IP and DNS records, built since 2001
ModesInline enforcement; Observe Mode on SPAN port
PlacementInline at perimeter or core; SPAN for Observe Mode
ConsoleCommand Hub (web console)
Evidence retention72 hours on-platform; Syslog forwarding for long-term
SIEM integrationSyslog forwarding
ExportCSV and Excel from Command Hub
// Where Shield OnPremise Earns Its Place

Patterns we see, repeatedly.

Perimeter outbound C2

Inline at the perimeter between core router and edge firewall. Blocks outbound C2 before it leaves the network.

East-west visibility and control

Inline at the core for control between segments. Catches reputation-flagged lateral traffic.

Observe-then-enforce rollout

Start on a SPAN port in Observe Mode. Validate the policy against real traffic. Move inline once validated.

Restricted environments

For environments where cloud-native enforcement is not an option. Hardware appliance, no cloud dependency.

BOUNDARY.

What Shield OnPremise does not do.

The list, in plain English.

// The Shield Portfolio

Five platforms. Each its own page.

Switch between platforms without going back to the overview.

STRATUS
Cloud · Inline
ONPREMISE
Hardware · Inline
ENDPOINT
Agent · Host
SENTINEL
Hardware · Monitor
COMMAND HUB
Console

Ready to rack Shield OnPremise in your datacenter?

7 to 14 day POV. SPAN port validation, then inline enforcement.

Request a POV

RECOMMENDED NEXT STEP

Ready to see what Shield finds in your environment?

Request a POV Book a Meeting Talk to an Engineer