The solution makes the cloud safer than an on-prem deployment because of its proactive monitoring and blocking.

One of the best time savings the solution provides is because of its antiviral nature. By deploying it on-prem, we have not had any infections on our servers since we started running it in-line. That eases workload.

We haven't had any false positives. We haven't had to blacklist or whitelist anything. The system as a whole is fairly self-contained.

We run an automated penetration testing tool and we try to get into the website and into our servers with the pen-testing tool. We couldn't get into them. We could see the attempts on the ShieldX logs, but the pen-testing tool just couldn't get through. We've got the comfort that it picks up the testing tool. We know the testing tool is working when ShieldX is working.

1. We were able to see what devices are talking to each other, giving us more visibility.
2. It has helped us tighten our security posture. Now, staff can only access things that they should be accessing. Before, users were able to see every server out there. Not necessarily meaning they could access them, but they could see them. Now, with microsegmentation using ShieldX, we have been able to tighten this down.

The primary driver, as far as how it improves our business, is that rather than having to have infrastructure teams work with our application teams on a very long and complex process to help identify the security controls and the firewall rules that should be applied to their applications, we're able to take that - say, two-week effort - down to hours, using machine-learning, in order to construct those rules automatically.

ShieldX makes the cloud safer than on-prem deployments. That is because that the number-one cause of security incidents today is human error, and those errors are often a result of very complex security structures. ShieldX makes it a lot easier and a lot simpler to define your policies and define your rules, and that greatly reduces the opportunity for user error.

In addition to our general costs going down, the cost security infrastructure in the cloud has gone down for us. 

We are starting the process of inspecting traffic in the cloud in areas that we weren't able to look at before with our prior vendors. This is something we typically refer to as east-west traffic. 

One of the challenges we have had with other vendors in the cloud is, because of the infrastructure, we were dependent and reliant on the infrastructure that the cloud vendors gave us. We couldn't insert a piece of hardware into the environment. This means that our security layer was going to be applied with the same resources that other instances and servers were running on.

We got into a situation where having a system in the cloud, an instance would generate, for example 10GBs of traffic. With our existing vendor set to apply a security policy east-west, we would need to inspect 10GBs of traffic. Unfortunately, even with their highest-end systems, legacy vendors struggle with inspecting traffic at or near this level of traffic.

What we ended up doing, if we wanted to inspect traffic east-west, was to add layers of firewalls. In a traditional data center, you might have a pair of firewalls for thousands of hosts, but in the cloud, if you are interested in doing an east-west traffic inspection, that ratio of instances to software-based firewalls is much different. You might need to put down a firewall for every five or six systems, which really doesn't scale. There is no way to do it, not from a cost, licensing, or management perspective. It doesn't make sense to do it this way.

This is one of the challenges in applying the older methodology of the legacy firewall technology in the cloud. You can do it, but it doesn't make any sense.

Enter this concept of microservices, protecting only what you need to, so we don't need to absolutely inspect everything going east-west. However, we still need to do it and microservices instrumentation allows us to insert it where we need it the most, so protecting the valuable resources in the cloud and giving us the reach and extension to do the inspection east-west is something we want to do, but only where we absolutely need it. This is something which ShieldX gets that our other vendors don't. This is an area that we are exploring right now and hope to see finalized soon.