ShieldX Review

It has helped us tighten our security posture, but I would like more in-depth reporting


What is our primary use case?

The primary use case is microsegmentation. We are segmenting our servers, so only people who need access to a server can see and access it, then vice versa. 

We are using the latest version and deployed around September/October last year.

How has it helped my organization?

  1. We were able to see what devices are talking to each other, giving us more visibility.
  2. It has helped us tighten our security posture. Now, staff can only access things that they should be accessing. Before, users were able to see every server out there. Not necessarily meaning they could access them, but they could see them. Now, with microsegmentation using ShieldX, we have been able to tighten this down.

What is most valuable?

  • It is good for its cost.
  • It is very easy to use. 
  • It is very easy to scale.
  • It is easy to implement and doesn't take long.
  • They have a good support team with training and videos on different things.

I create CIDR groups or workload names for either IPs or servers. In the CIDR groups, I have either multiple IP addresses or I am just doing it by the IP range. If I create a CIDR group type, then I tie an ACL control to what devices I want. This is where I am spending most of my time, creating these groups and tying them down to where they only talks to certain servers. I am also finding out that there are more things talking to each other than I originally thought, which is good. I thought one server was only speaking to these set of IPs, but they are actually talking to quite a bit of IPs.

What I like about it now is that it has a single pane of glass to view our networks and groups. Also, in Vmware, it creates its own distributed switches instead of using my current VLAN distributed switches.

What needs improvement?

Since we are just rolling it out i cant really say much of what needs to be improved or not at this time. However, I do know that they have made improvements since we have first rolled out the product which has been great. One of the improvements has been its own distributed switch creation group where now all VLANs that is micro-segmented are in instead of having it in your DS/standard switch groups.

We are having some issues with their LDAP and integrating it with the Active Directory. We can't seem to set it up. I have been working with the ShieldX technical support on this, but I would like a better way to set this up. When I put in any credentials, it fails. This is possibly due to how our tiering is set up for our protective groups. However, we tried to do this process through the API and still received the same error.

I don't feel like I am using the product to its fullest extent.

I think one feature that I would like to see in the near future is having the application integrate with a SAML identity provider like Okta

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

The stability has been good. I don't have any problems with stability.

Once the product is up and running, it only takes one person to maintain (me).

What do I think about the scalability of the solution?

The scalability seems good, so far. I haven't rolled it out that much, but I don't think it should be that difficult. Everything seems like it is scalable to what I need, though we haven't rolled it out to that many servers yet. I don't see it being a problem.

We plan to do more soon. We want to implement this 100 percent in our environment, which is not large. Right now, we are at 50 percent. This will probably be done in the next two months, before summer.

My boss and I are the two people in the organization who are using the solution.

How are customer service and technical support?

ShieldX's technical support has been great. I put in a ticket or send an email, and they are very responsive. It is not just their tech support. I can call one of their directors, if needed, who helped me through the install. So, I think their support has been great so far. I haven't had a problem. 

They are pretty knowledgeable. They can definitely figure things out. If not, they know who to reach.

If you previously used a different solution, which one did you use and why did you switch?

Before ShieldX, we didn't have much of a security posture. We were trying to get there. We tried Illumio and bought the product, but it just seemed very difficult at the time. The person who took over that project left, then I came in, and I was trying to catch up on the products that he had left over. By the time, we looked at Illumio and their dashboard, learning their product seemed more time consuming than we wanted it to be. So, we decided to transition to ShieldX.

How was the initial setup?

The deployment took time, but it was more on our end. We were trying to figure out what we want to accomplish when we microsegmented it. We were making up some rules, but did not realize that the product was talking to more servers than we realized. So, we had to stop with pauses in-between and figure it out, because now when we put it into microsegmentation, people couldn't get to the SQL Servers and jobs started failing. While this all took a few months, this has all been squared away.

The initial deployment was straightforward. It was more of an eye opening for me to figure out. For example, I forgot to add our multifactor server to allow the SQL Servers. When I didn't allow it, nothing worked. Then, when I took it out of the microsegmentation, it worked, and I got to figure out what rules and IPs that I needed. 

Once everything is installed on my vCenter in Vmware. This is how my setup is set up, which I feel is safe.

What about the implementation team?

We did the implementation with the ShieldX team. I was the only staff required for the deployment.

For the implementation strategy, we needed to figure first what talks to what. We started with the most important servers, then continue on to the rest, one or two servers at a time.

What was our ROI?

We have been able to secure more things using this product. 

What's my experience with pricing, setup cost, and licensing?

For other security professions who are looking for something which is low in cost that does microsegmentation, they should look at ShieldX. It might not be the big name out there, but it does everything that you are looking for in microsegmentation at a very low price.

Which other solutions did I evaluate?

We did not try any other solutions beside Illumio. There are two main difference between the products:

  1. With Illumio, you have to install an agent on every server, and you don't have to do that with ShieldX, because it is agentless. 
  2. The ShieldX GUI that you log into is much easier to move around in than the Illumio user interface.

Both products are pretty low in cost. However, ShieldX gave us a better deal over three years, which played a role in our choice.

What other advice do I have?

Stop looking and try it. Talk to ShieldX and determine if this is what you need in your environment.

While I am familiar with the Adaptive Intention Engine, but I don't really pay much attention to it.

We haven't done any migration to the cloud. Everything is on-premise.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
1 visitor found this review helpful
Add a Comment
Guest
Sign Up with Email