WIXLIB

DATA SHEETZscaler Internet Access Secure and fast access to the internet and SaaSZscaler Internet Access delivers your security stack as a service from the cloud, eliminatingthe cost and complexity of traditional secure web gateway approaches. By moving securityto a globally distributed cloud, Zscaler brings the internet gateway closer to the user for afaster experience. Organizations can easily scale protection to all offices or users, regardless oflocation, and minimize network and appliance infrastructure.Cloud and mobility have broken perimeter securityThe data center used to be the center of gravity. When applications resided there, it made sense to backhaul traffic from branchoffices over a hub-and-spoke network. As traffic patterns shifted to the internet, gateways were built with stacks of securityappliances to allow secure internet access. These gateways were also centralized to minimize the cost and complexity ofsecuring multiple locations.However, as applications have moved to the cloud, the center of gravity has moved with it. User traffic often goesstraight to the cloud, bypassing the security perimeter. Additionally, today’s complex threats have triggered an explosion ofnew security appliances, all finding their way into your overworked gateway. Administrators are in a constant battle to keep upwith required security updates for their appliances. The complexity of deploying and managing all these appliances — and theirassociated costs—are out of control. Furthermore, it’s all associated with what is now an outdated architecture.A 90s internet gateway–Bad design?A new center of gravityDelivering security in today’s gateway is expensiveto deploy, complex to maintain, and delivers a pooruser experience.Your applications have moved to the cloud.Does it make sense to keep forcing usersthrough traditional gateways? Firewall/IPSWeb/URL filterAntivirusBackhauling andlayered applianceshinder the userexperience.DLP inspectionSSL interceptionSandbox analysisDespite massive appliance investments,breaches continue. It’s clear this aging design haslost its effectiveness.HQ DATA CENTERSlow gateways driveusers to use direct-tocloud connections forapplication access.The new world? Your perimeter has dissolvedand the internet is your new network. A newinternet security architecture is needed.The failing hub-and-spokearchitecture

DATA SHEETZscaler Internet AccessZscaler Internet Access is a secure internet and web gateway delivered as a service from the cloud. Think of it as a secureinternet onramp—all you do is make Zscaler your next hop to the internet. For offices, simply set up a router tunnel (GRE orIPsec) to the closest Zscaler data center. For mobile employees, you can forward traffic via our lightweight Zscaler ClientConnector (formerly Zscaler App/Z App) or PAC file. No matter where users connect—a coffee shop in Milan, a hotel in HongKong, or the office—they get identical protection.Zscaler Internet Access sits between your users and the internet, inspecting every byte of traffic inline across multiple securitytechniques, even within SSL. You get full protection from web and internet threats. And with a cloud platform that supportsCloud Firewall, Cloud IPS, Cloud Sandbox, Cloud DLP, CASB and Cloud Browser Isolation, you can start with the services youneed today and activate others as your needs grow.Secure internet and web gateway as a serviceZscaler Internet Access delivers a completely integrated gatewaythat inspects all ports and protocols, even across SSL.THREAT PREVENTION GLOBAL POLICY ENGINE REAL-TIME ANALYTICSID ProviderDefault route to InternetBlock the bad, protect the goodSIEM LoggingClient Connectoror PAC FileGRE/IPsecHQ/IoTACCESS CONTROLDATA PROTECTIONProxy (Native SSL)Cloud FirewallCloud DLP w/EDM & IDMIPS/Adv. ProtectionURL FilteringCASBCloud SandboxBandwidth ControlCSPM/SSPMDNS SecurityDNS ResolutionCloud Browser IsolationJust point your traffic to the Zscaler cloud. For offices, you can setup a tunnel from your edge router. For mobile, you can use ZscalerClient Connector or a PAC file.Data CenterAll these capabilities are delivered from the Zscaler global, multitenant cloud security platform, which processes more than120B requests/day at peak periods. With more than 100 patents, the Zscaler platform has been architected from the groundup as a truly distributed, multitenant cloud with enterprise performance and scale.What sets Zscaler apart?FULL INLINE CONTENT/SSL INSPECTIONCLOUD EFFECTFinally inspect ALL your traffic, with no compromises. OurGet millions of users working for you. Any threat detectedpatented ByteScan engine inspects each outbound andanywhere in our cloud is immediately blocked for allinbound byte, even including hard-to-inspect SSL traffic, withcustomers. Zscaler also delivers more than 175K uniqueonly microsecond delay.security updates to the cloud every day.120,000 DAILY THREAT UPDATESMORE THAN 40 INDUSTRY THREAT FEEDSSay good-bye to change windows. Get automatic updatesFind and stop more threats with a platform that consumesfar beyond what could be accomplished with appliances.more than 40 third-party threat feeds across open source,commercial, and private sources. 2021 Zscaler, Inc. All rights reserved.

DATA SHEETZscaler Internet AccessIntegrated functionality to eliminate point productsThreat PreventionProxy (native SSL)IPS and advanced protectionCloud SandboxDNS securityFind threats where theyhide with full and unlimitedinspection of SSL traffic atscale.Deliver full threat protection frommalicious web content, such asbrowser exploits, scripts, andidentify and block botnets andmalware callbacks.Block zero-day exploits byanalyzing unknown filesfor malicious behavior, andeasily scale to every userregardless of location.Identify and route suspiciouscommand-and-controlconnections to Zscalerthreat detection engines forfull content inspection.Access ControlCloud FirewallURL FilteringBandwidth ControlDNS FilteringFull DPI and accesscontrols across allports and protocols.App and user aware.Block or limit websiteaccess based on a user orgroup across destinationsor URL categories.Enforce bandwidth policiesand prioritize businesscritical applications overrecreational traffic.Control and block DNSrequests against knownand malicious destinations.Data ProtectionCloud DLP w/EDMand IDMCloud Access SecurityBroker (CASB)Cloud Security PostureManagement (CSPM)CloudBrowser IsolationEasily scale DLP acrossall users and inside SSL.Improve custom datadetection with ExactData Match and IndexedDocument Matching.Prevent data exposure andensure SaaS compliancewith out-of-band CASB.Discover and controlunknown cloud apps withInline CASB.Extend data protectioninto AWS, Azure and SaaS.Monitor and mitigate appmisconfiguration along withcompliance reporting andviolation remediation.Eliminate exposure to riskyweb content and dataexfiltration by separatingbrowsing activity from theend user device.Globally distributed security cloud – Powered by patented technologiesSSMA ByteScan PageRisk NanoLog PolicyNow All security engines firewith each content scan;only microsecond delayEach outbound andinbound byte scanned;native SSL scanningRisk of each web pageelement computeddynamically50:1 compression oflogs with real-timeglobal log consolidationPolicies follow the userfor the same on-net,off-net protection 2021 Zscaler, Inc. All rights reserved.

DATA SHEETZscaler Internet Access EditionsComplete security for internet and SaaS access in convenient subscription editions or a-la-carte:ZSCALER INTERNET ACCESS SERVICEPROFESSIONALBUSINESSTRANSFORMATIONCLOUD SECURITY PLATFORMData Centers Global access, high availability, with latency SLAsTraffic ForwardingGRE tunnel, IPsec, proxy chaining, PAC file, or Zscaler Client ConnectorAuthenticationSAML, secure LDAP, Kerberos, hostedReal-Time Cloud Security UpdatesReceive full cloud threat sharing (cloud effect), unique security updates(over 175K /day) and 60 security feedsReal-Time Reporting and Logging Report on web transactions anywhere in seconds. Select geography of choice for all logstorage (US or EU).SSL Inspection Full inline threat inspection of all SSL traffic with SLA. Granular policy control for contentexclusionAdd-onNanolog Streaming Service Transmit logs from all users and locations to an on-premise SIEM in real timeAdd-onCLOUD SECURITY SERVICESACCESS CONTROLURL and Content Filtering Granular policy by user, group, location, time, and quota; dynamic content classificationfor unknown URLs and Safe SearchFile Type ControlTrue file type control by user, location, and destinationWeb Access ControlEnsure outdated versions of browsers and plugins are compliantAdd-onBandwidth ControlEnsure business apps like Office 365 are prioritized over recreational trafficAdd-onStandard Cloud Firewall Secure SaaS and internet access with IP address, port, and protocol rules (5-tuple)Advanced Cloud Firewall and IPS Secure SaaS and internet access with full outbound layer 7 cloud firewall and IPSAdd-onAdd-onCYBER THREAT PREVENTIONInline Antivirus and Antispyware Signature based antimalware and full inbound/outbound file inspectionReputation-Based Threat ProtectionStop known botnets, command-and-control communications, and phishingMobile Application Reporting & ControlVisibility, granular policy control, and threat protection for mobile devices on oroff the corporate networkAdvanced Threat Protection PageRisk and advanced threat web signatures for protection from malware, callbacks,cross-site scripting, cookie stealing, and anonymizersAdd-onStandard Cloud Sandbox Zero-day protection for .exe and .dll files from unknown and suspicious sitesAdvanced Cloud Sandbox with QuarantineZero-day protection for all file types from all sites; ability to hold file delivery until confirmedsandbox clean; advanced reportingAdd-onAdd-onCloud Browser IsolationEliminate the risk of active web content and prevent data lossAdd-onAdd-on 2021 Zscaler, Inc. All rights reserved.Add-on