ShieldX Integrates Intention Engine Into Elastic Security Platform

ShieldX uses containers to deploy a microservices platform that can determine intent to automatically configure and inject security policy.


ShieldX announced its new Elastic Security Platform on Oct. 17 providing organizations with Docker container based data center security, that uses advanced machine learning to determine intent.

At the core of the Elastic Security Platform is a technology that ShieldX calls the Adaptive Intention Engine that automatically determines the right policy and approach for security controls across multicloud environments. The intent-based security model can provide network microsegmentation, firewall and malware detection capabilities, among other features.

"In the cloud world, you don't replicate entire monolithic stacks over and over, you try to do horizontal scaling of the pain point," Ratinder Ahuja, ShieldX founder and CEO, told eWEEK. "So this led to an architecture that we call the containerized microservices architecture and we took the fundamental building blocks like flow processing, TLS and deep packet inspection and we actually turn them into Docker containers."

ShieldX was co-founded by Ahuja in 2015, with the company raising approximately $34 million in venture funding to date. Ahuja had previously founded multiple companies including, protocol translation vendor Internet Junction which was acquired by Cisco in 1995; content switching engine Webstack, which he sold to Extreme Networks in 2001; and cyber-security asset management Recconex, which was sold to McAfee in 2008.

ShieldX originally emerged from stealth with a security platform branded as Apeiro that is now being expanded and re-branded as the Elastic Security Platform, which benefits from the new intent-based security model. Ahuja explained that Elastic Security Platform is able to do service discovery and understands the various workloads. With the intent model, he explained that for example whenever a web tier application shows up in a deployment, it will automatically be microsegemented and protected with threat prevention.

"The reason I call it an intent system is because variable things show up that are diverse, so you need a system that can learn continuously, and then transform your security intention into actual controls that generate policy automatically," he said.

How It Works

The Elastic Security Platform is comprised of containerized microservices. Ahuja explained that the Adaptive Intention Engine includes machine learning capabilities that put together the view of the business app. With the view in place, the engine handles the orchestration and automation that will take the security intention and insert the right mix of microservices, which then form the control points of the policy. 

The ShieldX platform runs both on public cloud as well as VMware vSphere based virtualization environments. Inside of VMware, Ahuja said that the microservices are encapsulated inside of a virtual machine.

"We are completely agentless, so so we don't give you any libraries to compile and we are completely network-based," Ahuja said.


From a security policy perspective, Ahuja said that ShieldX acts as an overlay on top of existing controls that might be present in a given cloud deployment. Visibility and control across multicloud deployments is presented to ShieldX users, showing the application view, as well as providing the ability to drill down into specific tiers of the application's deployment infrastructure.

"We implement a consistent security layer on top of the cloud environment," he said."I no longer care whether it's a layer 3 network environment like AWS, or a layer 2 environment like VMware ESX, we normalize all those network variations and provide consistent security policy across different environments."

Looking forward, Ahuja has lots of plans to further improve and expand the Elastic Security Platform. One of the things coming in 2019 is a feature that will be supported on Amazon Web Services (AWS) to better collect and understand network traffic.

"We actually invented a really cool VXLAN encapsulation technique and a VXLAN switching technique to be able to do true microsegmentation in an AWS environment," Ahuja said. "Also in Q1 of 2019, we're introducing a brand new UX (user experience)."

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.