Technical reference for Shield, Intrusion's prevention-first network security platform. Shield blocks malicious traffic at the network layer using the Global Threat Engine and 8.5 billion IP and DNS combinations refined since 2001.
| What it does | Blocks malicious network traffic at the network layer using reputation-based threat intelligence. |
|---|---|
| Who it's for | Security teams needing prevention-first network defense. |
| How it deploys | Shield's five products cover cloud, Shield OnPremise, endpoint, monitoring, and management. |
| What you get | Prevention of known-bad connections with full evidence of what was blocked. |
Most network controls apply one policy in both directions. Stratus is the one Shield platform that lets you run strict outbound C2 enforcement with looser inbound for public services. Cloud-native, AWS and Azure, sub-ms decisions at line rate.
For the architect who has been asked "why is our outbound policy as loose as our inbound?" and did not have a good answer.
Stratus deploys behind AWS Gateway Load Balancer or the Azure hub-and-spoke equivalent. VPC and VNet traffic routes through the platform. Reputation-flagged connections drop at sub-ms. Inbound rules and outbound rules are configured independently.
If your network team is going to ask "what does it actually do," start here.
Native deployment patterns for both major clouds. AWS uses Gateway Load Balancer; Azure uses the hub-VNet equivalent. Cloud-elastic scaling.
The signature differentiator. Configure inbound and outbound rules independently. Strict outbound C2 control with looser inbound for public services is the most common pattern.
Run Stratus in Observe Mode first. Log every decision the platform would have made without blocking. Validate, then flip to enforcement when ready.
| Specification | Detail |
|---|---|
| Deployment | Cloud-native deployment (AWS, Azure) |
| Throughput | 1 Gbps and up, cloud-elastic |
| Decision latency | Sub-ms reputation lookup and decision |
| Threat intelligence | 8.5 billion IP and DNS records, built since 2001 |
| Policy direction | Independent inbound and outbound (Stratus only across Shield portfolio) |
| Modes | Inline enforcement; Observe Mode supported |
| Console | Command Hub (web console) |
| Evidence retention | 72 hours on-platform; long-term via SIEM forwarding |
| Export | CSV and Excel from Command Hub |
| AWS deployment | Gateway Load Balancer with VPC traffic routing |
| Azure deployment | Hub VNet pattern with spoke VNet routing |
Most cloud-first evaluators show up with one of these four problems.
The most common Stratus deployment. Block known-bad command and control destinations from cloud workloads before they leave the VPC.
Stop scanning, probing, and reputation-flagged connection attempts before they reach published cloud services.
Per-direction policy lets you apply strict outbound C2 control while running open inbound for public-facing applications.
Centralize prevention in a hub VPC or VNet, route spoke traffic through the platform. Cloud-elastic scaling handles growth.
Calibrating expectations now prevents wasted POVs.
Switch between platforms without going back to the overview.
7 to 14 day POV. Observe Mode validation, then enforcement transition.
RECOMMENDED NEXT STEP