Shield Stratus | Cloud Network Security

Your cloud workloads
are being scanned.
Stratus stops it first.

Prevention-First Cloud Network Security | AWS and Azure Native

Shield Stratus extends prevention-first network enforcement to your cloud environments. Every inbound connection to your cloud workloads is checked against 8.5 billion known-malicious IPs. Every outbound connection is screened before it leaves your cloud perimeter. Available on AWS Marketplace and Microsoft Azure.

Book a Meeting See the Proof
AWS
Available on AWS MarketplaceDeploy Shield Stratus directly from the AWS Marketplace. No separate procurement process.
Azure
Available on Microsoft AzureShield Cloud available on Azure for cloud-hosted workload protection across your Azure environment.
8.5B
IP reputation data pointsSame intelligence database that protects on-prem and government networks. Now enforced at the cloud layer.
Zero
Re-architecture requiredBlocks known threats immediately without the complexity of traditional firewall reconfiguration.
See Shield Stratus in Action
 
8.5B
IP Data Points | 99.999% Accuracy
20+
Years Threat Intelligence
Zero
Baselining Required
40+
Years Company Heritage
DoD
Contract Extended and Expanded
What Shield Stratus Does

Cloud workloads have the same
attackers. Different perimeter.

Moving workloads to the cloud does not change the threat. Attackers scan cloud-hosted infrastructure the same way they scan on-prem networks. Mapping services, identifying exposures, and looking for the moment to act. Shield Stratus enforces the same 8.5B IP reputation database at the cloud network layer.

No re-architecture. No complex rule sets before protection starts. Shield Stratus deploys as a virtual firewall gateway that analyzes cloud workload network traffic in real time and autonomously blocks outbound communications to known malicious IPs and domains.

Inbound Enforcement
Recon blocked before cloud workloads are mapped
Shield Stratus checks every inbound connection to your cloud-hosted infrastructure against 8.5B known-malicious IPs. Reconnaissance is blocked before the attacker identifies a single service or exposed endpoint.
Outbound Enforcement
C2 callbacks from cloud workloads terminated
Compromised cloud workloads attempting to reach hostile C2 infrastructure are intercepted before data moves or instructions are received. The attack is orphaned at both ends. Cloud or on-prem.
Marketplace Deployment
Available on AWS and Azure. No separate procurement
Shield Stratus is available directly on AWS Marketplace and Microsoft Azure. Deploy from the marketplace and have active enforcement running within the same procurement workflow as your other cloud services.
Unified Visibility
Cloud enforcement visible in Command Hub alongside on-prem
Cloud and on-prem enforcement in one console. Your team sees every blocked connection across your entire environment. Cloud workloads, edge hardware, and endpoints. From a single pane of glass.
Cloud Environment Fit

Works the way
your cloud team works.

Shield Stratus is built for cloud-native deployment. No physical appliance. No network re-architecture. No waiting for hardware to arrive before protection starts.

AWS
AWS Marketplace | Native Cloud Deployment
Shield Stratus is available on AWS Marketplace. Deploy as a virtual firewall gateway that analyzes cloud workload network traffic in real time. Extends Intrusion's reputation-based network enforcement to AWS-hosted workloads.
Azure
Microsoft Azure | Cloud Network Security
Shield Cloud is available on Microsoft Azure, providing the same prevention-first enforcement for Azure-hosted workloads. Same 8.5B IP database. Same autonomous enforcement. Same zero-baselining deployment model.
Hybrid
Unified Cloud and On-Prem Coverage
Shield covers your entire environment through a single Command Hub console. Cloud workloads, on-prem edge, and endpoint all enforced by the same 8.5B IP intelligence layer. Visible in one place.
What You Get

Prevention-first enforcement. At the cloud layer.

Zero
Re-Architecture Required
Shield Stratus blocks known threats immediately without the complexity or re-architecture required by traditional cloud firewalls. Deploy from the marketplace and have active enforcement running in your cloud environment the same day.
Same
Intelligence as Your On-Prem Shield
The same 8.5B IP reputation database that protects your on-prem network edge protects your cloud workloads. One intelligence layer. One Command Hub console. Consistent enforcement regardless of where your environment lives.
Full
Bidirectional Cloud Coverage
Inbound reconnaissance to cloud workloads blocked before services are mapped. Outbound C2 from compromised cloud instances terminated before data moves. Both directions covered. Autonomous enforcement 24/7.
Why Intrusion

Built since 1983.
Intelligence since 2001.

Forty years of company heritage. Threat intelligence forged in federal environments that nation-state adversaries never stop targeting. DoD contract extended and expanded. The same intelligence now available to every organization regardless of size or sector.

Heritage
Founded 1983. Intelligence Since 2001.
The threat intelligence dataset has been built and refined since 2001 in federal environments, giving Shield a depth of IP reputation data that no newer platform can match.
Leadership
Led by a Former Federal CIO
CEO Tony Scott served as Federal CIO of the United States. He built Intrusion to the standard of the most security-conscious environments on the planet.
Validation
DoD Contract Extended and Expanded
The U.S. Department of Defense renewed and grew its Shield deployment. Independent IDC analysts confirmed Shield delivers on every claim. Zero customer churn.
Honest Fit Assessment

We will tell you if we are
not the right fit.

Not the right fit if:
-
Your primary requirement is deep payload DPI malware scanning. Shield operates at the IP reputation and connection layer.
-
You want a full SOC replacement or MDR-only service. Shield is a prevention layer, not managed detection and response.
-
You will not run a proof of value. We do not ask you to buy before you see it work in your environment.
-
You want a pure firewall replacement. Shield works alongside your firewall. It does not replace it.
Right fit if:
You have a SIEM or EDR and want to reduce the noise they see
You want protection that starts before an alert fires
You need logged, reportable evidence for auditors or leadership
You want active protection from day one without months of tuning
You are willing to run a short POV to see what Shield blocks in your environment
What Customers and Analysts Say
Independent Analyst
"Intrusion Shield provides the comprehensive network monitoring and analysis required in a bidirectional Zero-Trust solution."
Charles Kolodgy, Former Research VP, IDC | Principal, SecurityMindsets LLC
Media | TechSpective
"Moves your security posture from reactive to proactive, and significantly improves your cyber defenses."
TechSpective
Media | Cybercrime Magazine
"Has the potential to be a game changer in cybersecurity."
Cybercrime Magazine
Frequently Asked Questions

Shield Stratus &
Cloud Security

What's the difference between Shield Gateway and Shield Stratus?
Shield Gateway is a virtual gateway firewall deployed as an EC2 instance — ideal for hybrid or traditional network environments that need full routing, VPN, or NAT functionality. Shield Stratus is an AWS-native enforcement layer that provides the same reputation-based protection through AWS Gateway Load Balancer with zero management.
Can I use both together?
Shield Gateway and Shield Stratus both perform filtering; therefore it is not recommended to deploy Shield Stratus where Shield Gateway already exists. The filtering added by Shield Stratus would be redundant and may mask the visibility to inside the NAT that Shield Gateway already has.
Do Intrusion cloud security products only do outbound blocking?
No. Our solutions are best known for their powerful outbound threat prevention but they also support inbound inspection and policy enforcement. Depending on deployment mode (Observe or Protect), administrators can monitor or actively block both inbound and outbound traffic to maintain full bidirectional security visibility and control.
Which should I choose for my cloud environment?
If you need a full firewall with VPNs or custom routing, choose Shield Gateway. If you want quick, scalable protection without managing firewall rules, choose Shield Stratus.
Do both solutions use the same threat intelligence?
Yes — both use Intrusion threat intelligence and rules engine for real-time, reputation-based blocking and are managed through the centralized management portal (Shield Command Hub) for unified visibility and control.
How are software updates handled?
Shield Gateway software updates are performed by launching a new AMI of the updated version. Shield Stratus software updates can be performed by launching a new AMI of the updated version or by an on-demand user-requested software update via the management portal: Shield Command Hub.
How are scaling updates handled?
Shield Gateway customers can select the vertical scaling (EC2 instance size) when the instance is launched. Horizontal scaling is not currently supported. Shield Stratus customers can select the vertical scaling (EC2 instance size) when the instance is launched. The underlying technology supports Auto Scaling Groups for horizontal scaling, but implementation of this is up to the customer.
Are there pricing differences?
Both solutions follow the same fixed hourly pricing model based on instance size, simplifying billing and MSP margins.
What AWS services do Intrusion cloud solutions integrate with?
Shield Gateway: Deployed as a VM inside public or private cloud environments. Shield Stratus: Natively integrates with AWS Gateway Load Balancer using the GENEVE protocol for seamless inline traffic inspection.
See Shield Stratus in Your Cloud Environment

Same intelligence.
Now at the cloud layer.

Book a 30-minute conversation. We will walk through your cloud architecture, your current exposure, and exactly how Shield Stratus fits alongside your existing cloud security controls.

Book a Meeting See the Proof