I would tell other security professionals who are looking to justify the budget for ShieldX that once you install it you can virtually forget about it. It's very low-maintenance and high-protection. There are products out there that you need to tweak and monitor and check. With ShieldX you simply don't have to do anything. You put it in, fire it up, and then you forget about it because it's sitting there in the background, monitoring. It will alert you if something occurs. It's that good. I don't think there's anything in the solution that really needs improving. It does everything that we need it to do. It depends on how you're going to deploy it, or what the endgame is. Our endgame was to be able to sleep at night because we knew that the website is proactively protected. It's done exactly what we wanted. Internally, for our file servers that we're protecting, we have around 550 users going through one environment. On the website, we will peak at taking 500 holiday bookings a day. So the website's not huge. It's not an Amazon or a YouTube. We're talking about 50 to 100 connections at one time. We're happy that ShieldX is protecting us. ShieldX is a great product. We wouldn't have moved into AWS without it, because of the protection that it gives. It's definitely well worth it.
Senior Systems Engineer at Larry H. Miller Group of Companies
Real User
2019-03-25T06:49:00Z
Mar 25, 2019
Stop looking and try it. Talk to ShieldX and determine if this is what you need in your environment. While I am familiar with the Adaptive Intention Engine, but I don't really pay much attention to it. We haven't done any migration to the cloud. Everything is on-premise.
Managing Director, Chief Information Security Officer at a transportation company with 10,001+ employees
Real User
2018-11-25T07:42:00Z
Nov 25, 2018
The advice here really is two-fold. The first is a comment I made earlier. The bulk of the security incidents that are going to be made in the environment that security professionals will be working in, in 2019, are going to be caused by human error. More than 80 percent of all of the security incidents that were reported last year in the cloud were a result of human error. So my advice is to get a solution that is dead-easy to administer and one that is not being done in the types of controls that we're used to in traditional firewalls: IP addresses, ports, protocols. We've got to stop thinking about it that way and start thinking about the language of our customers, such as the applications that they need to protect, as opposed to the ports and protocols they need to protect. Number two is that with a traditional approach to firewalls, you do not have visibility in east/west traffic inside of your virtual environment, inside of your data center, and it's no longer enough to simply segment. You've got to segment and secure the segments. Separating traffic isn't enough. You've got to put controls around the segments, meaning microsecurity in addition to microsegmentation. If we go beyond security professionals, my advice to senior management, people like me, is going to be around making sure that you're prepared, from the top down, to be supportive of a change in model in security so that you are driving security through your AppDev teams and through your DevOps teams. What you really want to do is make it dead-simple, super easy for those folks to develop secure applications. You're going to do that by taking security and reframing it into the words and language that they use instead of the words and language that a network engineer uses. We were an early adopter, and our company worked with ShieldX as they were launching the product, so we've been engaged with ShieldX for about two years, prior to the product launch, mostly helping to shape the vision of the product. As far as who is administrating ShieldX, we have about a dozen people, and that would include traditional firewall administrators, but also our DevOps teams. The teams that are developing the automated pipelines to build servers, they're also using it to automate the application of the security controls. Staffing for deployment and maintenance is similar to how you would think about traditional firewalls. If I had a team of four people that were administering my firewall and security controls in a traditional environment, I'd probably still have the same, and that's about the number we have. They are security engineers. I would rate ShieldX at eight out of ten. This product is hitting all of the marks for us. I would put it at a nine if the CPU utilization was lower. They're getting there and that's on their roadmap. It's a part of developing a new product. You first build the features and then you tune it and make it more efficient, so they're focused on efficiency right now.
CIO at a comms service provider with 1,001-5,000 employees
Real User
2018-11-06T13:09:00Z
Nov 6, 2018
Take a serious look at what you are spending today and cost model out what you might be spending in a ShieldX environment. You will see that it's very favorable. Very often, when new challengers come in, what they do is they end up coming in at a lower cost with more functionality. If you play it right, you can actually achieve more than one goal at the same time. That's better functionality with more rapid deployment and at a lower cost point. That's something which is important and very exciting. The Adaptive Intention Engine is important. The Adaptive Intention Engine explains what is the reason that we're doing this security infrastructure, what are we trying to get out of it, and what's the intent behind it? The problem with the way that things are done traditionally is you have an intent, but you now have to apply that intent in many places in order to achieve your goals. So, you end up with a duplication of effort in several areas. This is something which could take up quite a bit of time, both from an engineering, operations, maintenance, and troubleshooting perspective. If you have an issue now, you will need to look in two or three places to try and find the source of the issue. There was a lot of tracing which had to happen in our legacy operating method. In the new method, there is one place to design and apply a policy, which is simpler. It is important to work with a vendor who started their life in the cloud. Cloud vendors are pouring in a ton of money into R&D to the tune of up to $20 billion a year. They are adding a lot of features and capabilities that developers and operating staff want to leverage. Sometimes, three to five new features are appearing from cloud vendors every day. If you can imagine, it's like working in an operating environment where the chessboard is changing on you on a daily basis. It's not like the data center where you're used to working with a certain infrastructure in a certain way. As you built it, the cloud is constantly changing. This is one of the challenges that security groups have: Maintaining consistency and keeping up with the rapid state of change which is going on in the cloud. As new features come on board, it's important that those features and capabilities get integrated with the firewall and the way that the policies can be applied evenly. The cloud changes so quickly and it is one of the main reasons that a lot of companies are finding themselves exposed in areas that they may not realize. This is why a cloud-based security vendor is important because they understand these changes. When there is a new feature or functionality that might expose you in a certain way, they make sure the integration applies evenly. This is important for us and the industry.
The ShieldX Elastic Security Platform dynamically scales to deliver comprehensive and consistent controls to protect data centers, cloud infrastructure, applications and data no matter where they are or where they go to make the cloud more secure than on-premise deployments. Our frictionless approach leverages agentless technology as well as the ShieldX Adaptive Intention Engine which autonomously translates and enforces intention into a set of comprehensive controls - microsegmentation,...
I would tell other security professionals who are looking to justify the budget for ShieldX that once you install it you can virtually forget about it. It's very low-maintenance and high-protection. There are products out there that you need to tweak and monitor and check. With ShieldX you simply don't have to do anything. You put it in, fire it up, and then you forget about it because it's sitting there in the background, monitoring. It will alert you if something occurs. It's that good. I don't think there's anything in the solution that really needs improving. It does everything that we need it to do. It depends on how you're going to deploy it, or what the endgame is. Our endgame was to be able to sleep at night because we knew that the website is proactively protected. It's done exactly what we wanted. Internally, for our file servers that we're protecting, we have around 550 users going through one environment. On the website, we will peak at taking 500 holiday bookings a day. So the website's not huge. It's not an Amazon or a YouTube. We're talking about 50 to 100 connections at one time. We're happy that ShieldX is protecting us. ShieldX is a great product. We wouldn't have moved into AWS without it, because of the protection that it gives. It's definitely well worth it.
Stop looking and try it. Talk to ShieldX and determine if this is what you need in your environment. While I am familiar with the Adaptive Intention Engine, but I don't really pay much attention to it. We haven't done any migration to the cloud. Everything is on-premise.
The advice here really is two-fold. The first is a comment I made earlier. The bulk of the security incidents that are going to be made in the environment that security professionals will be working in, in 2019, are going to be caused by human error. More than 80 percent of all of the security incidents that were reported last year in the cloud were a result of human error. So my advice is to get a solution that is dead-easy to administer and one that is not being done in the types of controls that we're used to in traditional firewalls: IP addresses, ports, protocols. We've got to stop thinking about it that way and start thinking about the language of our customers, such as the applications that they need to protect, as opposed to the ports and protocols they need to protect. Number two is that with a traditional approach to firewalls, you do not have visibility in east/west traffic inside of your virtual environment, inside of your data center, and it's no longer enough to simply segment. You've got to segment and secure the segments. Separating traffic isn't enough. You've got to put controls around the segments, meaning microsecurity in addition to microsegmentation. If we go beyond security professionals, my advice to senior management, people like me, is going to be around making sure that you're prepared, from the top down, to be supportive of a change in model in security so that you are driving security through your AppDev teams and through your DevOps teams. What you really want to do is make it dead-simple, super easy for those folks to develop secure applications. You're going to do that by taking security and reframing it into the words and language that they use instead of the words and language that a network engineer uses. We were an early adopter, and our company worked with ShieldX as they were launching the product, so we've been engaged with ShieldX for about two years, prior to the product launch, mostly helping to shape the vision of the product. As far as who is administrating ShieldX, we have about a dozen people, and that would include traditional firewall administrators, but also our DevOps teams. The teams that are developing the automated pipelines to build servers, they're also using it to automate the application of the security controls. Staffing for deployment and maintenance is similar to how you would think about traditional firewalls. If I had a team of four people that were administering my firewall and security controls in a traditional environment, I'd probably still have the same, and that's about the number we have. They are security engineers. I would rate ShieldX at eight out of ten. This product is hitting all of the marks for us. I would put it at a nine if the CPU utilization was lower. They're getting there and that's on their roadmap. It's a part of developing a new product. You first build the features and then you tune it and make it more efficient, so they're focused on efficiency right now.
Take a serious look at what you are spending today and cost model out what you might be spending in a ShieldX environment. You will see that it's very favorable. Very often, when new challengers come in, what they do is they end up coming in at a lower cost with more functionality. If you play it right, you can actually achieve more than one goal at the same time. That's better functionality with more rapid deployment and at a lower cost point. That's something which is important and very exciting. The Adaptive Intention Engine is important. The Adaptive Intention Engine explains what is the reason that we're doing this security infrastructure, what are we trying to get out of it, and what's the intent behind it? The problem with the way that things are done traditionally is you have an intent, but you now have to apply that intent in many places in order to achieve your goals. So, you end up with a duplication of effort in several areas. This is something which could take up quite a bit of time, both from an engineering, operations, maintenance, and troubleshooting perspective. If you have an issue now, you will need to look in two or three places to try and find the source of the issue. There was a lot of tracing which had to happen in our legacy operating method. In the new method, there is one place to design and apply a policy, which is simpler. It is important to work with a vendor who started their life in the cloud. Cloud vendors are pouring in a ton of money into R&D to the tune of up to $20 billion a year. They are adding a lot of features and capabilities that developers and operating staff want to leverage. Sometimes, three to five new features are appearing from cloud vendors every day. If you can imagine, it's like working in an operating environment where the chessboard is changing on you on a daily basis. It's not like the data center where you're used to working with a certain infrastructure in a certain way. As you built it, the cloud is constantly changing. This is one of the challenges that security groups have: Maintaining consistency and keeping up with the rapid state of change which is going on in the cloud. As new features come on board, it's important that those features and capabilities get integrated with the firewall and the way that the policies can be applied evenly. The cloud changes so quickly and it is one of the main reasons that a lot of companies are finding themselves exposed in areas that they may not realize. This is why a cloud-based security vendor is important because they understand these changes. When there is a new feature or functionality that might expose you in a certain way, they make sure the integration applies evenly. This is important for us and the industry.