What is our primary use case?
Our primary use case is protection of our website. About 70 percent of our holiday bookings, about 7,000 in total, go through our website. ShieldX protects that environment. When we moved from a physical environment in Rackspace — and this was a project that we started two and a half years ago — we identified the main risk to the business, which was infection of the website. We were moving our site to AWS, from a hosted, private environment to a private AWS environment. We were concerned about the potential damage to the business if we got hacked. ShieldX was a necessity to enable us to move the business forward into AWS.
We have two installations of ShieldX. We have one installation running in AWS, it's protecting our web environment. And we have another installation on-prem which is protecting corporate servers.
How has it helped my organization?
The solution makes the cloud safer than an on-prem deployment because of its proactive monitoring and blocking.
One of the best time savings the solution provides is because of its antiviral nature. By deploying it on-prem, we have not had any infections on our servers since we started running it in-line. That eases workload.
We haven't had any false positives. We haven't had to blacklist or whitelist anything. The system as a whole is fairly self-contained.
We run an automated penetration testing tool and we try to get into the website and into our servers with the pen-testing tool. We couldn't get into them. We could see the attempts on the ShieldX logs, but the pen-testing tool just couldn't get through. We've got the comfort that it picks up the testing tool. We know the testing tool is working when ShieldX is working.
What is most valuable?
The most valuable feature is the automatic scaling. With its microservices, it scales both up and down, depending on traffic and throughput. The traffic through our website depends on holiday bookings. It's very quiet in November through January, and then our traffic picks up quite rapidly and, at our peak, we will take in excess of a million pounds of business a day through our website.
The UI was also one of the huge selling points. My web development manager was blown away with the detail and the granularity that you can get out of the UI. It is a very strong and informative UI, with the amount of data it provides.
Uptime on the system has been 648 days and we do very little to it because it self-updates and alerts. It does everything that we need it to do, so the administration side of it is zero. One of the beauties about ShieldX is that it's such a good "fire-and-forget" product.
For how long have I used the solution?
We have been using ShieldX for nearly two years now.
What do I think about the stability of the solution?
I haven't any problems with it whatsoever. It's been solid.
What do I think about the scalability of the solution?
The scalability is fine. One of the concerns in running in AWS — and AWS costs you — is that you don't have any control. As long as you keep an eye on the AWS costs for that ShieldX server, you don't get any fits from AWS costs.
As threats evolve and ShieldX evolves with it, it's like you've got a forever-evolving beast and the solution is evolving to meet the threats. It updates itself automatically to tackle those threats, which is why it's such an easy and lightweight product to manage. It really does everything for itself.
How are customer service and technical support?
The times where we used tech support to run through the installation, the setup, the testing, they were first-rate. They really know the product well.
We've contacted them with some "how-to-use" issues or "how-to-view" and how to get reports out of it, but it's an easy-to-use product.
In terms of documentation, we were a very early adopter of ShieldX and we were guided by them.
The one criticism I might have is there should be a bit more customer care, with regular review meetings on it or regular reports. It would be nice to have a quarterly or biannual review of what ShieldX has blocked. Maybe we don't have that because we go through a third-party vendor and maybe they should do it, but one way or the other, it would be helpful.
Which solution did I use previously and why did I switch?
We used a product called Alert Logic. That was the product that Rackspace wanted us to purchase. I think there are different incarnations of the product now, but because that product was reactive — it was analyzing the logs — this was the thing that we were concerned about. By the time an issue occurred, if 15, 20, or 30 minutes had passed, that could end up being a lot of data that's been taken out of the system. For us, it was a non-starter. ShieldX with its proactive nature was a lot better.
The biggest selling point — and we were being offered various monitoring systems to monitor our website for intrusion detection and alerting, and albeit they were very good — was that ShieldX, at the time, was the only product that would proactively monitor, block, and then report that it had blocked things. It then had the ability to allow that traffic or leave it as denied. For us it was a no-brainer because somebody could suck all the information out of our website within a matter of an hour. Whereas ShieldX, if it detects that sort of intrusion, would lock it down and shut it down instantly.
Our concern was that if somebody is reactively monitoring and they detect an event, there is a 15-minute or 30-minute SLA on it. They then report it to us. If it's 2:00 in the morning and the infection continues until 7:00 in the morning, when we pick up the message, and it then gets locked down, by that time all our data and customer information would have been sucked out of the website. That was one of the main factors for moving to AWS: We had to have some form of proactive blocking and monitoring, intrusion detection, on the website.
For us, Alert Logic was an old-tech product and ShieldX was an up-to-date, new-tech, modern product. When you talk about having a call center monitor stuff on your behalf, there is always going to be inherent delay between an attack occurring, detection, and then notification. The more you can reduce that window when an attack occurs, then the less susceptible you are and the less risk there is to the business. That was one of the main reasons we didn't like Alert Logic. With ShieldX, that window completely closed.
How was the initial setup?
The initial setup was really straightforward. It took about two hours of ShieldX's time for the install. It took about four hours in total. At that point it was fully integrated into our system.
We had a few conference calls beforehand, to discuss the environment. We exchanged environment maps. But the injection of ShieldX into the AWS environment was very straightforward. It sits in-line. All network traffic flows in and out of it. It was a case of having the box set up and then the ports changed to route traffic directly through it.
In terms of implementation strategy, we were in quite an easy position because our existing web environment was sitting and running on a physical Rackspace server. We had a brand-new website sitting on AWS and ready to go. We actually had the time and the luxury of being able to sit and configure ShieldX and put it into situ. It was two or three months later when we did the live cut-over to AWS. We installed ShieldX and put it in listen mode so we could see what detections or what potential problems there would be. We quite quickly switched it to full protection mode because it became apparent that it wasn't going to cause us any problems. And it hasn't. It hasn't caused us any problems, it hasn't caused any performance issues. The throughput is fine.
What about the implementation team?
It took one main engineer from ShieldX. And we used the UK reseller, a company called Cloud Digital.
Cloud Digital was really good. We put any issues or any questions to Cloud Digital and they resolved them with ShieldX for us. It was fairly easy. The original proof of concept and testing that we did were very impressive. We staged up little virtual machines within our environment which attempted to hack or flood the servers. We could actually watch as ShieldX picked up the attack and within less than a second blocked the attack. We simulated a DDoS attack and ShieldX blocked it almost instantly. There were very various things they did to prove how well the product works.
The most recent issue that we had had to contact Could Digital for had to do with an upgrade in the environment. That one came in the other way. It was ShieldX that contacted us because they needed to update ShieldX. Other than that — and I'm looking at the dashboard now — it's been fine. I'm looking at the throughput and various events that have been touching the website and I can't fault it.
What was our ROI?
ROI is not something that you can really quantify on a security product. Look at some of the companies that have been hacked. It'd be very difficult to justify that.
What's my experience with pricing, setup cost, and licensing?
We did quite a good deal on ShieldX. For a three-year deal we paid £55,000 plus tax. That works out to about £1,500 a month. Alert Logic was £2,500 a month on a three-year deal.
But, and this is a big "but," this was over two years ago. ShieldX had only just hit the market. We were the first company in Europe to buy ShieldX. I think one other company became the first customer worldwide, just before us. So ShieldX was very keen to get a customer base.
What other advice do I have?
I would tell other security professionals who are looking to justify the budget for ShieldX that once you install it you can virtually forget about it. It's very low-maintenance and high-protection. There are products out there that you need to tweak and monitor and check. With ShieldX you simply don't have to do anything. You put it in, fire it up, and then you forget about it because it's sitting there in the background, monitoring. It will alert you if something occurs. It's that good.
I don't think there's anything in the solution that really needs improving. It does everything that we need it to do. It depends on how you're going to deploy it, or what the endgame is. Our endgame was to be able to sleep at night because we knew that the website is proactively protected. It's done exactly what we wanted.
Internally, for our file servers that we're protecting, we have around 550 users going through one environment. On the website, we will peak at taking 500 holiday bookings a day. So the website's not huge. It's not an Amazon or a YouTube. We're talking about 50 to 100 connections at one time.
We're happy that ShieldX is protecting us. ShieldX is a great product. We wouldn't have moved into AWS without it, because of the protection that it gives. It's definitely well worth it.