Stop data exfiltration and outbound malicious traffic with real-time, autonomous enforcement backed by the world’s largest IP reputation database.
Cloud-native, deploys in minutes
Blocks risky traffic using 30 years of DoD-trusted intelligence
Analyzes all traffic, identifies and prioritizes risks
You have unique environments, so we built security that fits your needs.
Shield Stratus is a cloud-native layer that protects AWS workloads without the complexity of managing a firewall.
Our virtual firewall, Shield Gateway, gives you full routing, VPN, and hybrid control when you need deeper customization.
Both are powered by Intrusion threat intelligence — you choose the architecture that matches your environment.
| Shield Stratus | Shield Gateway | |
|---|---|---|
| Purpose | Cloud-native security layer for AWS workloads | Full-featured virtual firewall for routing, VPN, and NAT |
| Best For | AWS visibility and enforcement with no operational burden | Full firewall or hybrid WAN control |
| Primary Use Case | AWS environments needing inline protection without complexity | Hybrid or edge networks needing full firewall control |
| Deployment | AWS Gateway Load Balancer target | VM instance in AWS or private clouds |
| Visibility | Full packet inspection (no sampling) across all flows | Full packet inspection (no sampling); depends on configuration |
| Protection Modes | Protect mode = enforcement Observe mode = monitoring only | Always-on protection; Intrusion threat intelligence plugin optional |
| Setup | Deploy in minutes using AWS templates | Manual configuration required |
| Compatibility | AWS | AWS, Private Cloud |
| Real-time Blocking (Protect Mode) | ✓ | ✓ |
| Monitoring Only (Observe Mode) | ✓ | |
| Outbound Threat Blocking | ✓ | ✓ |
| Inbound Threat Blocking | ✓ | ✓ |
| Centralized Management | ✓ | ✓ |
| Advanced Threat Intelligence | ✓ | ✓ |
| Fixed Hourly Pricing | ✓ | ✓ |
Shield Gateway is a virtual gateway firewall deployed as an EC2 instance — ideal for hybrid or traditional network environments that need full routing, VPN, or NAT functionality.
Shield Stratus is an AWS-native enforcement layer that provides the same reputation-based protection through AWS Gateway Load Balancer with zero management.
Shield Gateway and Shield Stratus both perform filtering; therefore it is not recommended to deploy Shield Stratus where Shield Gateway already exists. The filtering added by Shield Stratus would be redundant and may mask the visibility to inside the NAT that Shield Gateway already has.
No. Our solutions are best known for their powerful outbound threat prevention they also support inbound inspection and policy enforcement. Depending on deployment mode (Observe or Protect), administrators can monitor or actively block both inbound and outbound traffic to maintain full bidirectional security visibility and control.
If you need a full firewall with VPNs or custom routing, choose Shield Gateway.
If you want quick, scalable protection without managing firewall rules, choose Shield Stratus.
Yes — both use Intrusion threat intelligence and rules engine for real-time, reputation-based blocking and are managed through the centralized management portal (Shield Command Hub) for unified visibility and control.
Shield Gateway software updates are performed by launching a new AMI of the updated version.
Shield Stratus software updates can be performed by launching a new AMI of the updated version or by an on-demand user-requested software update via the management portal: Shield Command Hub.
Shield Gateway customers can select the vertical scaling (EC2 instance size) when the instance is launched. Horizontal scaling is not currently supported.
Shield Stratus customers can select the vertical scaling (EC2 instance size) when the instance is launched. The underlying technology supports Auto Scaling Groups for horizontal scaling, but implementation of this is up to the customer. Management of Shield Stratus instances in an auto scaled group in the Shield Command Hub will be supported in a later release.
Both solutions follow the same fixed hourly pricing model based on instance size, simplifying billing and MSP margins.
Shield Gateway: Deployed as a VM inside public or private cloud environments.
Shield Stratus: Natively integrates with AWS Gateway Load Balancer using the GENEVE protocol for seamless inline traffic inspection.
