Security Experts:

Cloud Security Firm ShieldX Emerges From Stealth

ShieldX Networks Emerges From Stealth Mode With New Product to Protect Cloud Infrastructure

San Jose, CA-based cloud security start-up ShieldX Networks has today emerged from stealth with a new product, Apeiro. Apeiro takes microsegmentation as its baseline, and then layers additional security on top. In November 2015, the company completed a $9 million Series A financing round led by Bain Capital Ventures with participation from Aspect Ventures.

ShieldX delivers its security through microsegmentation that "provides full security controls, as well as visibility, automation and coordination across multiple cloud environments. As a result, a breach in one area of the network will not compromise other areas," claims the company.

ESG Labs has certified that Apeiro "supports VMware vSphere, OpenStack/KVM, and AWS environments, with additional cloud support on the horizon. Highly available and multi-tenant, Apeiro REST APIs support integration with DevOps-oriented processes." It also verifies that Apeiro "is fast and easy to deploy over an existing infrastructure (ShieldX boasts 15 minutes), and enables organizations to natively, automatically segment and secure cloud workloads at scale, across both physical and multi-cloud infrastructures."

But, claims ShieldX, microsegmentation alone is not enough. "Note that microsegmentation only restricts who can communicate to who and not what they say to each other," Dr. Ratinder Paul Singh Ahuja, CEO and founder of ShieldX told SecurityWeek. "This then creates the situation where a compromised system can still propagate malware because microsegmentation by itself doesn't inspect that level of detail in the communications between systems."

In a Friday blog post he gave an example. "The recent WannaCry malware propagated laterally within businesses using the Server Message Block (SMB) protocol. As a matter of policy, you are not going to use micro-segmentation to block the SMB port, or for example, the SQL port, in communications between applications and users in your network as those are used to carry legitimate traffic to conduct business. Yet these are common techniques used for exploits. So, if you now depend on microsegmentation alone to secure your data center or public cloud traffic, you could easily fall prey to WannaCry or the next generation of attack."

Apeiro provides deep packet inspection (DPI), visibility, policy management, and enforcement at cloud scale. Organizations can implement security policies on-demand, based on microsegmentation application-aware access control; threat detection from a combination of 10,000+ threat definitions; malware detection through integration with third-party products such as FireEye; TLS decryption/termination; and URL filtering. DLP is expected in a future release.

Although both the ShieldX announcement and the ESG Labs review specify 'FireEye', Ahuja told SecurityWeek that it is singled out only because many of ShieldX customers already use FireEye. "Apeiro can integrate with other advanced malware detection technologies as well as offer that capability from the ShieldX cloud if customers don't have such systems in place," he said.

The 10,000+ threat definitions, he added, "are sourced commercially as well as from our own research. These are dynamically updated and pushed out to Apeiro installations from the ShieldX cloud."

"We chose ShieldX as our cloud security partner," says Joe Jozen, VP of Tokyo Electron Device Limited (TED), "because our customers want to leverage the power and cost saving benefits of cloud innovation without compromising security. The Tokyo 2020 Olympics are a perfect example of how the partnership between TED and ShieldX will be critical to enabling the secure storage and transfer of information while protecting against cyber threats to provide a safe, enjoyable and connected experience for attendees."

In May 2017, ShieldX was featured in Gartner's 'Cool Vendors in Cloud Security, 2017'. "ShieldX is a pure-play security vendor with a cross-cloud microsegmentation product branded Apeiro that functions as network security middleware to support hosts and containers," writes Gartner. It "will appeal to I&O and security and risk management leaders in enterprises that have a virtualized infrastructure requiring segmentation, especially where those clouds are or will be heterogeneous, or if the enterprise is more a Mode 2 (i.e., DevOps) style and needs Mode 2 security for it."

view counter
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.