Transcription
Enabling the securetransformation to the cloudIt’s no longer a question of if. It’s a question of how.Here’s how.
Welcome to the era ofcloud and mobilityYour applications are movingto the cloud — Salesforce,Office 365, AWS, and Azure — butyour security appliances are stillsitting on-premises, protectingyour corporate ��————————————“ It’s obvious that legacy IT security methodsfocused on protecting the perimeter are inadequate.Just read any paper. Elvis has left the building —and so have your users, devices, and applications.”Larry BiaginiChief Technology Evangelist, Zscalerformer CIO and Chief Technology Officer, GE
The evolution of IT securitySAAS SAASSAASTHE SECURITY PERIMETER PROTECTSTHE CORPORATE NETWORKBranch BranchBranch1 NetworkHQHQHQBranch BranchBranchA security perimeter was established to protectthe network. The data center was the center ofgravity and all traffic was backhauled.OPEN boundOutbound InboundInboundgatewaygatewaygatewaygateway gatewaygatewayBranch BranchBranch HQ / IoTHQHQ/ IoT/ IoT Branch BranchBranch2 InternetOutbound Internet and inbound VPN gatewayswere built to provide Internet access and givemobile users access to the network.The Internet is the new network OPEN OPENOPENINTERNETINTERNETINTERNETS AAS S AASS dOutboundOutbound InboundInboundgatewaygatewaygatewaygateway gatewaygatewayBranch BranchBranch HQ / IoTHQHQ/ IoT/ IoTBranch BranchBranch3 CloudThe threat landscape changed and moreappliances were deployed to protect thenetwork. But the cloud was the new centerof gravity and the Internet the new network —connecting users to apps.If you no longer control the network, how can you protect users and applications?
To secure this new world of IT,you simply need a new approachOne that transforms the way applications are accessed and security controls are enforced.Zscaler provides an architectural approach to secure IT transformation, in which software-definedpolicies, not networks, securely connect the right user to the right app or service.OPEN INTERNETSAASFROMPUBLIC CLOUDDATA CENTERTOInboundgatewayOutboundgatewayHub & spoke architectureCloud-enabled architecture Secure the network to protectusers and appsOutbound Software-defined policies connectusers to apps, not networksInboundgatewaygateway Internal app access requiresnetwork access Access policies determine whichapps are visible and which are darkZ-Cloud All users must be on thenetwork for protection Internet traffic must bebackhauled for protection On-net or off-net, the protectionis identicalBranchHQ / IoTBranchMobileHQ / IoTBranch Secure local Internet breakoutsZ-CloudBranchHQ / IoTBranchMobileHQ / IoTBranch
The Zscaler platform: a new approachto application access and securityFast and secure policy-based access that connects the right user to the right serviceor application. The Zscaler platform is designed to replace your appliances at theinbound and outbound gateways. OPENINTERNETZscaler Internet Access provides secure access to the openInternet and SaaS apps, no matterwhere users connect. It provides inlineinspection of all traffic to ensure thatnothing bad comes in and nothinggood leaves.DATACENTERSAASPUBLICCLOUDZscaler Private Access delivers a completely new way toprovide access to internal applications,whether they reside in the data centeror cloud, without a VPN. It enablessecure application access withoutnetwork access — and withoutexposing apps to the Internet.INBOUNDG AT E W AYOUTBOUNDG AT E W AYMobileHQ/IoTBranchThe notion of protecting the network is no longer relevant. You need to protect your users and your apps.
Zscaler Internet Access: fast, secure accessto the Internet and SaaS appsEnabling secure network transformationBy making Zscaler Internet Access your default route to the Internet, you will provide all users, everywhere, with identicalprotection. Zscaler sits between your users and the Internet, inspecting every byte of traffic inline, applying multiple securitytechniques for the highest level of protection.What sets Zscalersecurity apart?THE SECURE INTERNET ANDWEB GATEWAY DELIVEREDAS A SERVICE Full inline content inspection Native SSL inspectionGlobal VisibilityAll users, all locations,all applications,and botnet-infectedmachinesGlobal Policy EngineDefine by user, location,and AD group; policiesfollow users for identicalprotection in alllocationsDefault route to the Internet;Block the bad, protect the goodZscaler Client ConnectorGRE / IPsecHQ/IoTData CenterThe Zscaler cloud optimizes traffic flows by allowing secure, direct connectionsto the Internet over broadband and reserving MPLS for data center traffic. Cloud intelligence Real-time threat correlation 60 industry threat feedsThe Zscaler architectureis the best approach forsecure SD-WAN andOffice 365 deployments
Purpose-built, multitenant cloud security platformEliminates the appliance mess and provides the highest level of securityZscaler Internet Access moves the entire security stack to the cloud with integrated security services that correlate data instantlyfor the highest level of protection. The Zscaler cloud was built from the ground up for comprehensive security and low latency.And due to its elastic scale, customers can add users and activate services almost instantly.Zscaler purpose-built cloud security platformAccess ControlThreat PreventionData ProtectionGlobal visibilityZscaler offers global visibility, in nearreal time, into all users, locations,Cloud FirewallAdvanced ProtectionData Loss PreventionURL FilteringCloud SandboxCloud Apps (CASB)as threats blocked and attemptedBandwidth ControlAntivirusFile Type Controlsbotnet-infected machines.DNS FilteringDNS SecurityPowered by patented technologiesSSMA All security engines firewith each content scan;only microsecond delayByteScan Each outbound andinbound byte scanned;native SSL scanningPageRisk Nanolog PolicyNow Risk of each web page 50:1 compression of Policies follow the userelement computedlogs with real-timefor the same on-net,dynamicallyglobal log consolidationoff-net protectionBuilt on a global, multi-tenant cloud architectureservices, and applications, as wellcommunications to C&Cs from any
Zscaler Private Access: fast, secure access to internal appsEnabling secure application transformationApplication access has traditionally required networkaccess — and bringing users on the network alwaysintroduces risk. Zscaler has introduced a new approachto internal application access that connects a nameduser to a named app.HOW ZPA WORKS INFOUR SIMPLE STEPS3APP CONNECTORW I T H Z S C A L E R P R I VAT E A C C E S SUsers are never on the corporate networkwhich minimizes your attack surfaceApps are invisible, never exposed to the Internetand internal apps cannot be discovered or exploitedThe Internet becomes a secure network without a VPNand third parties can’t intercept dataIf authorized,the Zscalercloud initiatesoutboundconnectionsbetween ClientConnector andApp Connector42Policy determinesif access is permitted(SAP)Connections arestitched together inthe Zscaler cloudYou can segment apps without network segmentationlateral movement is impossibleInternal apps can easily be moved to Azure or AWSprivate apps are accessible without VPN infrastructure1CLIENT CONNECTORUser requests accessto an app (SAP)(formerly Zscaler App)HOW LEADING ORGANIZATIONS ARE USING ZSCALER PRIVATE ACCESSSECUREPARTNER ACCESSGrant partners access to onlya server in the data center, notthe networkM&As /DIVESTITURESProvide named users accessto named apps withoutmerging networksACCESS TOINTERNAL APPSProvide secure access toprivate apps without deployingappliancesVPN REPLACEMENTPolicies connect users to specificapps; they’re never brought onthe network and apps are neverexposed to the Internet
The world’s largest security cloudThe Zscaler platform was built in the cloud, for the cloud. We knew that service-chaining boxestogether could never serve customers on a global scale, so we designed our platform and securityservices from scratch. Zscaler and its engineering team have been granted scores of patents forarchitectural innovations.Oslo150 DATA CENTERS6 CONTINENTSThe Zscaler cloud encompassesdata centers around the world,with peering in the majorexchanges that make up theInternet eMadridSan FranciscoDenverFrankfurtBrusselsNew anWashington DCTel AvivAtlantaLos EMumbaiJeddahChennaiLagos1 6 0 B I L L I O N R E Q U E S T S / D AY AT P E A K P E R I O D STaipeiHong KongKuala LumpurSingaporeSao Paulo1 0 0 M I L L I O N THREATS DETECTED/DAYCape TownJohannesburgSydneyMelbourneTHE CLOUD EFFECTIf a threat is detected anywhere, customers areprotected everywhere. Our volume and our threatsharing partnerships contribute to 120,000unique security updates/day. Can yourappliance do that?ZSCALER: ZENITH OF SCALABILITYUSERS PROTECTED1.3 MILLIONTRAFFIC SECURED185 COUNTRIESLOCATIONSPROTECTED 30,000OFFICE 365 TRAFFIC401TB per MONTHAuckland
Zscaler is trusted by G2000 leadersHow a bank weathered a CryptoLocker runBefore Zscaler 1,352 CryptoLocker emails arrived over six hours 114 blocked by legacy controls 9 employees clicked the link 6,500 file shares destroyedAfter Zscaler 5,405 infected emails arrived over six hours 169 blocked by legacy controls 11 employees clicked the link 0 infectionsHow a customer deployed Office 365 across hundreds of locationsA highly distributed organization migrating its users to Office 365 was experiencing significant WAN congestion andOffice 365 sessions were overwhelming its firewalls. With Zscaler, the company was able to deliver a great Office 365experience across 650 locations. And Zscaler made it easy to prioritize Office 365 traffic over recreational or lesscritical traffic.“We have over 350,000 employees in192 countries in 2,200 offices being secured by Zscaler.”Frederik Janssen, Global Head of IT Infrastructure
Secure ITtransformationis hereZscaler Internet Access enables securenetwork transformation from hub-and-spoketo cloud-enabled with local Internet breakouts.Zscaler Private Access enables secureapplication transformation, from networkbased access to policy-based access, whereusers are never on the network.Together, they enable you to embrace the eraof productivity and agility enabled by the cloud.Three simple steps tosecure IT transformation1 Secure2 Simplify3 TransformUp-level security now;make Zscaler your nexthop to the Internet; noinfrastructure changesPhase out point products;reduce costs andmanagement overheadEnable local breakouts forInternet traffic to deliver abetter, more secure userexperience
About ZscalerContact Zscaler if you’reZscaler was founded in 2008 on a simple but powerfulconcept: as applications move to the cloud, security needsto move there as well. Today, we are helping thousandsof global organizations transform into cloud-enabledoperations. Moving to Office 365Securing a distributed and mobile workforceMoving apps to Azure or AWSSecuring an SD-WAN transformationDriving toward a cloud-first strategyNo matter where you are now in your journey, thetransformation has begun, and it’s enabled by Zscaler.www.zscaler.com 2021 Zscaler, Inc. All rights reserved. Zscaler , Zscaler Internet Access , ZIA , Zscaler Private Access , and ZPA are either (i) registered trademarks or service marks or(ii) trademarks or service marks of Zscaler, Inc. in the United States and/or other countries. Any other trademarks are the properties of their respective owners. V.062220
How a customer deployed Office 365 across hundreds of locations A highly distributed organization migrating its users to Office 365 was experiencing significant WAN congestion and Office 365 sessions were overwhelming its firewalls. With Zscaler, the company was able to deliver a great Office 365 experience across 650 locations.
