77,539,801. That’s how many cyberthreats Intrusion’s new AI-based Shield cybersecurity appliance stopped during a 90-day beta test of 13 companies that ended this week.
The intrusion prevention solution, which was announced in October, combines plug-and-play hardware with software, a database of 270 data feeds, billions of IP addresses and real-time artificial intelligence. This combination of technologies allows it to identify and prevent threats in real time by analyzing both current traffic entering and exiting a network and historical traffic patterns to decide whether the traffic is trustworthy. It also skips the alert step altogether, blocking suspicious traffic immediately.
Unlike other intrusion prevention systems, which are typically signature-based, Shield uses AI to analyze hundreds of databases and inventory of IP relationships. The solution applies signatures and rules based on DNS, TCP and UDP, as well as the connections between DNS and IPV4 and IPV6 addresses, to learn the behavior and patterns of cybercrime activity, according to Intrusion President and CEO Jack B. Blount.
In a statement, Blount said Shield would have been effective in defending against the Sunburst malware that anchored the SolarWinds attacks. “The malware had been living on the SolarWinds network for at least nine months undetected; it got past firewalls and many other cybersecurity products,” he said. “This is all the more reason companies need a multilayered approach to cybersecurity, and specifically one that stops threats in real time.”
LCI Industries, a component supplier for the recreational vehicle and residential housing industries, was one of those beta testers. The company was already a fan of Intrusion and has been a user of Intrusion’s Savant network monitoring and alert system for about five years.
LCI implemented two units of the Shield intrusion prevention solution during the beta period, installing them on top of the firewalls at two sites. CIO Vince Doepker tested Shield’s two major modes: the monitoring mode, which examines traffic, reports on what it sees and makes recommendations; and the blocking mode, which immediately starts blocking suspicious activity.
Doepker said he expects to begin using Shield on a regular basis both as another layer of intrusion prevention and as a way to evaluate the network security of companies it acquires. LCI typically acquires two to four companies each year. Traditionally, LCI checked the network security of new companies by adding a security sensor such as Snort or Suricata onto the network, and then asking Intrusion to examine the collected data sets for insight. Instead, the company will use Shield for that purpose.
“It will allow us to drop in the appliance at a new acquisition before we do anything else and gain insight into what traffic is taking place, and help us improve the security stance of the local network,” he said.
While the reporting is very useful, Doepker hopes to see the Shield intrusion prevention solution expand it over time. “I’d like to see reporting include a heat map that breaks everything down more granularly and ranks the risks.”
Intrusion said that capability is already on the product’s roadmap.