In the News

Read what the experts are saying about Zscaler

Novel malvertising attack leads to drive-by ransomware

Zscaler researchers explained on its blog that it has seen a large number of sites, dressed up as search engines, that lead to malicious content including sites hosting the Magnitude Exploit Kit.
May 21, 2015

Malvertising makes use of the Magnitude exploit kit to deliver ransomware

Online advertisements can be annoying. But what if they spread malware too? The excessive greed of few has lead to the rise of malvertising, advertisements that redirect or lead to malware. A recent Zscalar study revealed that several compromised websites contained ads that led to ransomware.
May 20, 2015

Malvertising leads to Magnitude Exploit Kit, ransomware infection

“This is a highly profitable ransomware payload that leverages Bitcoin transactions executed over the Tor Anonymizer to monetize the attack,” wrote ZScaler researchers Edward Miles & Chris Mannon.
May 19, 2015

Michael Sutton, Zscaler : Internet des Objets, la menace est réelle

Les objets connectés se multiplient et dans le même temps les menaces de sécurité s’amplifient. Nous souhaiterions vous proposer l’expertise de Zscaler pour aborder cette thématique.
May 19, 2015

Word Press: authentification data stolen without users’ knowledge

Les sites WordPress piratés ouvrent une « porte dérobée » – backdoor – au moment où les utilisateurs se connectent à leur compte. D’après Zscaler les identifiants sont encodés et transférés au site pirate par une requête GET
May 19, 2015

You have a WordPress site? You should read this right now

The SaaS provider Zscaler said that a number of WordPress-based websites have been compromised after users have logged on to their site from a home page containing malicious code . Once the captured data, they were then sent in encrypted format to hacker.
May 12, 2015

Glasgow chair and Winchester music festival hit by 'unique' cyber-attack

The Glasgow Contemporary Choir and the Blissfields music festival near Winchester are among the innocent victims of what's being described as a 'unique' attack on WordPress-powered websites. Security firm Zscaler's Sameer Patil and Deepen Desai said they found the attack was planting backdoor code on the sites, in order to capture the credentials of everyone logging into them and send them to a US-based attacker website, the dodgy domain “”.
May 12, 2015

Venture Capitalism and the Future of IT

Ravi Mahtre from Lightspeed Venture Partners writes about the companies he believes will be the new generation of market leaders, and notes that Zscaler is the market leader in cloud-based security.
May 12, 2015

Unusual WordPress attack steals login credentials

Wordpress, the Internet's favorite content management system, is a common target for criminals who redirect innocent users to malware download sites. But a new type of malware steals user login credentials instead, while leaving the rest of the user experience unchanged. "It's an interesting attack -- we haven't seen this before," said Michael Sutton, VP of Security Research at San Jose-based cloud security vendor Zscaler, Inc., which recently issued a report about the malware.
May 11, 2015

Fresh WordPress Campaign Steals Credentials

WordPress, being one of the most popular content management systems and blogging platforms on the internet, remains an attractive target for cybercriminals due to its large user base. According to Zscaler researchers Sameer Patil and Deepen Desai, the compromised sites run backdoor code, which activates when the user submits login credentials. The credentials are then encoded and sent to an attacker website in the form of a GET request.
May 11, 2015

Got a WordPress website? You should read this now

SaaS (Security-as-a-Service) provider Zscaler reported that a number of WordPress-based websites have been compromised with users trying to login to them being served malicious code as part of the login page. Once captured, that data is then sent, in an encrypted format, to the hacker.
May 11, 2015

Small WordPress sites leaking like sieves

Wordpress admins hoping for some feet up time after last week's Twenty Fifteen XSS plugin vulnerability appear to have yet another vulnerability to handle. Researchers at Zcaler have identified a bunch of compromised sites that are all leaking user credentials to the same target domain – hosts the command and control.
May 11, 2015

WordPress Sites Backdoored, Leaking Credentials

With a raft of WordPress vulnerabilities—most of them in plugins—to address, now comes word from researchers at Zscaler that a number of sites running the content management system have been compromised and are sending credentials via a backdoor to a criminal group.
May 8, 2015

WordPress Websites Targeted by Credential Leak Campaign

With a raft of WordPress vulnerabilities—most of them in plugins—to address, now comes word from researchers at Zscaler that a number of sites running the content management system have been compromised and are sending credentials via a backdoor to a criminal group.
May 8, 2015

WordPress Patches XSS Vulnerability Exploited in the Wild

Zscaler researchers reported spotting a campaign in which malicious actors have compromised multiple WordPress website in an effort to steal their users’ credentials. The compromised websites contain a backdoor designed to harvest credentials and send them back to the attackers.
May 8, 3025

IRC Botnets Are Not Quite Dead Yet

Far from going the way of the dodo as many had surmised, Internet Relay Chat (IRC) botnets are alive and thriving. A new study by security vendor Zscaler shows that IRC botnets, while not growing at a particularly rapid rate, continue to be active and have incorporated several new features over the years that make them as a potent a threat as ever.
April 29, 2015

Ipanema Releases Dynamic WAN Selection

Enable Ipanema devices (IP engines) to establish VPN tunnels via the Internet, towards remote data centers that have VPN concentrators (public or private) or web security gateways such as Zscaler
April 29, 2015

Ipanema DWS offers application performance guarantee

The Ipanema devices can establish VPN tunnels via the Internet, towards remote data centers that have VPN concentrators or web security gateways such as Zscaler.
April 28, 2015

Takeaways from RSA 2015: The stars of the show

Visibility, data center security, two-factor authentication, and services were the stars of RSA 2015.
April 27, 2015

Bogus Adult Content Page Foists Android SMS Trojan

Researchers at Zscaler say that this tactic is most likely adopted to evade detection based on blacklists with known names for malicious apps.
April 24, 2015

IRC Botnets Continue to Evolve: Zscaler

Researchers at Zscaler have conducted an analysis of some of the most prevalent IRC-based botnets and determined that these types of threats remain effective as the features incorporated into them continue to improve.
April 24, 2015

In The Know: Top 5 Must-Read Cloud Stories, April 21

Talkin' Cloud at the end of each day pulls out five must-read cloud computing stories from the news cycle for its readers to review in the morning. Today's column features Zscaler, Ericsson (ERIC) and Intel Security.
April 21, 2015

Securing The Branch Office Via the Cloud

Enter Zscaler, a provider of IT security services delivered via the cloud, which just added a next-generation firewall service that can protect both network infrastructure and applications.
April 20, 2015

What you missed in Cloud: Services galore

Zscaler, Inc. led charge with the addition of a firewall to its managed security platform that promises to keep threats outside the organization and sensitive data inside.
April 20, 2015

New Products of the Week 4.20.15

Zscaler is a cloud-based firewall, providing network security, control and visibility with no on-premise hardware or software required.
April 20, 2015

SDxCentral Weekly News Roundup

Zscaler introduced Winter 2015, its cloud-based next-generation firewall.
April 17, 2015

Zscaler Introduces Zscaler Winter 2015 Security As A Service Platform

Zscaler introduced the Winter 2015 release of the Zscaler security platform. Zscaler Winter 2015 is a cloud-based firewall providing network security and application control requiring no on-premises hardware or software.
April 16, 2015

Zscaler Introduces World's First Cloud-Based Next Generation Firewall With Zscaler Winter 2015

Zscaler democratizes security with economical, easy to deploy, easy to manage next-generation firewall for distributed enterprises and mid-market organizations
April 14, 2015

Zscaler Launches Cloud-Based Firewall

The firewall also fully integrates with Zscalers platform which offers sandboxing, web security, DLP, content filtering, SSL inspection, malware protection and correlation, reporting and analytics.
April 14, 2015

Clean Pipes At Last: Zscaler Introduces Cloud Firewall

Zscaler today announced a cloud-based firewall into a market that is finally ready for a clean pipes offering. Not in the press release is the fact that they hired iPolicy founder Pankaj Parekh to take the project forward.
April 14, 2015

Amazon launches a desktop app exchange for business software

The new AWS Marketplace for Desktop Apps makes available such desktop software as security and data storage applications, including Zscaler Security Cloud from Zscaler Inc. and IDM Ultra Security from IDM Computer Solutions;
April 13, 2015

Entrevista: Lane M. Bess and William Welch of Zscaler

Zscaler’s Bill Welch and Lane Bess were featured in a leading Spanish security and IT publication in a story about the growth of the cloud-based security model.
April 2015

5 Cloud Security Firms To Stir Crazy Spring Funding Frenzy

Zscaler is mentioned in this round up story that looks at venture funding and acquisitions dollars have been flying fast and furious over the past two months as investors try to cash in on cloud security.
April 9, 2015

Security spending shift: moving to the cloud

As companies increasingly move sensitive data into the cloud, a number of security implications arise, as well as concerns about investments in these services and technologies. While many organizations are attracted to the benefits of cloud storage, breaches persist, meaning enterprises must create effective plans for migrating their data and monitoring risks, despite the hand-off to third parties. Zscaler’s CEO, Jay Chaudhry, talks to SC Magazine about trends in security spending.
April 6, 2015

Angler Exploit Kit Now Relies on More Successful Infection Tactics

Zscaler’s research team weighs in on the browser-based attack tool Angler Exploit Kit (EK) for an article on Softpedia that outlines how the the EK attack tool works. The story also linked back to the Zscaler blog post on the topic for more information.
April 6, 2015

Movers and Shakers

The SF Chronicle featured Sydney Carey’s appointment as Zscaler’s CFO in it’s regular feature on loca executive moves.
April 5, 2015

Cloud Security Platform for the Consumer: Zscaler

Zscaler CEO Jay Chaudhry discusses the important of internet security in the cloud and Zscaler’s IPO plans. He speaks with Bloomberg’s Alix Steel on “Street Smart.”
March 25, 2015

njRAT Infections on the Rise: Security Firms

The notorious remote access Trojan (RAT) known as njRAT is making a comeback, according to security firms Zscaler and PhishMe.
March 23, 2015

Cyber Threat Alliance signs up 4 new members

Zscaler have joined the Cyber Threat Alliance (CTA) in its efforts to make united progress in the fight against sophisticated cyber enemies through deep collaboration on threat intelligence and sharing indicators of compromise.
March 18, 2015

This Google product was so full of hackers and trolls that Google shut it down

Google Code may have been especially attractive to no-goodniks given that people trust anything downloaded from the domain without knowing or caring that it's from a third-party developer, security firm Zscaler pointed out in 2013. People would download a game or app and unknowingly hand the keys to the kingdom to a bad actor.
March 13, 2015

The full Cybersecurity 500 list

CRN published The Cybersecurity 500 List, which ranked Zscaler 108 out of 500 cybersecurity companies. The list ranked companies based on innovation, rather than size or revenue. Zscaler was on the list alongside many well-known players in cybersecurity, including FireEye and Palo Alto Networks.
March 10, 2015

IPO prep? Cloud security upstart hires former TIBCO, MongoDB CFO

Seven-year-old Zscaler has accepted relatively little outside money compared to other security startups, but big companies like Dollar General, Hormel Foods, La-Z-Boy, Nestle and United Airlines rely on its cloud services to fight cyberthreats.
March 4, 2015

High Risk, High Reward: The Ups And Downs Of Security Startups

Cloud security is a focus of many of the startups coming to market. When Zscaler arrived in 2008, it aimed to take on secure Web gateway vendors with its cloud security platform. Today the company does SaaS-based Web filtering, cloud-based anti-malware, data loss prevention and secure Wi-Fi services.
February 26, 2015

Cloud security software set for boom time

Vendors included in the research include CA Technologies, McAfee, Symantec, Trend Micro, CipherCloud, CloudLock, CloudPassage, Commtouch Software, CREDANT Technologies, CYREN, HyTrust, IBM, Okta, Panda Security, SafeNet, Skyhigh Networks, ThreatMetrix and Zscaler.
February 23, 2015

Cloud security software set to balloon by 50 percent

endors included in the research include CA Technologies, McAfee, Symantec, Trend Micro, CipherCloud, CloudLock, CloudPassage, Commtouch Software, CREDANT Technologies, CYREN, HyTrust, IBM, Okta, Panda Security, SafeNet, Skyhigh Networks, ThreatMetrix and Zscaler.
February 23, 2015

President’s cyber security summit: Share attack info but protect privacy, civil liberties

During the summit, the Cyber Threat Alliance, founded by Palo Alto, Symantec, Fortinet and McAfee, announced four new members: Barracuda Networks, Reversing Labs, Telefonica and ZScaler. The goal of the group is for members to share threat information so they can build stronger defenses against advanced adversaries.
February 17, 2015

Microsoft Corporate Clients Targeted with Volume License Phishing Email

Cybercriminals adept at social engineering take aim at corporate users luring them with fake emails purporting to be from Microsoft Volume Licensing Service Center and informing the recipient that they received administration permissions for handling volume licenses. Zscaler researchers named it Chanitor, and it has been seen in January to deliver the Vawtrak banking Trojan, but it can also be employed to funnel in other types of malware, too.
February 10, 2015

In The Know: Top 5 Must-Read Cloud Stories

One of Talkin’ Cloud’s “must-read” stories of the week, VeloCloud announced its support for a policy engine on its namesake service and the signing of a new alliance with Zscaler. These new relationships are making it possible to extend data protection and security policies across the WAN.
February 10, 2015

VeloCloud Enhances its SD-WAN Service with Zscaler and Websense

VeloCloud Networks, a start-up offering a subscription-based, virtualized WAN service for enterprises that aggregates multiple access lines (cable modem, DSL, LTE) into a single secure connection, announced interoperability with leading cloud security platform, Zscaler, spurring growth of its SD-WAN ecosystem.
February 9, 2015

The Rise Of The Software-Defined WANs

VeloCloud today announced its support for a policy engine on its namesake service and the signing of a new alliance with Zscaler, making it possible to extend data protection and security policies across the WAN.
February 9, 2015

Looking for a Cloud Computing Job? Here are the Best Companies and CEOs to Work for in the Industry

According to a list compiled by Forbes based on data, there are several CEOs of cloud companies with more than 90-percent employee approval. Zscaler’s Jay Chaudhry, is among the highest rated CEOs.
February 4, 2015

New Banking Trojan Targets Android, Steals SMS

A relatively new Android Trojan that specializes in stealing banking information by intercepting SMS messages has been making the rounds. Researchers at zScaler spotted the as yet unnamed Trojan circulating as 888.apk. Like many types of malware that came before it, at least for the moment, the Trojan appears to be targeting Chinese Android users.
February 3, 2015

The 20 Coolest Cloud Security Vendors

Zscaler is an IPO candidate for 2015. The Security-as-a-Service provides secure Web gateway capabilities, Web filtering, intrusion prevention and deep packet inspection capabilities. Its data loss prevention can decrypt and inspect content encrypted with SSL.
January 28, 2015

The Best Cloud Companies and CEOs to Work for in 2015

Using the 2015 CRN list as a baseline to compare the scores of the (%) of employees who would recommend this company to a friend and (%) of employees who approve of the CEO, the following series of tables were constructed.
January 29, 2015

Cybersecurity Utilities - The Future of Managed Security Services

Z-Scaler (, another cloud based solution, takes the OpenDNS model a step further by integrating additional security features into its offering such as malware sandboxing. Z-Scaler's approach is to address complex security issues by engineering the capability into their solution.
January 27, 2015

On the Move: William Welch

The San Jose Internet Security Provider named William Welch global vice president of sales and chief revenue officer. Recently he was vice president and general manager at HP Software Americas.
January 27, 2015

Adobe to patch Flash Player zero-day next week

Researchers at Zscaler provide more details on the use of the vulnerability in the Angler exploit kit. They say that two legitimate ad networks are being used to serve malicious ads, which redirect users to the exploit kit. This is then used to push the 'Bedep' trojan onto the victim's system.
January 23, 2015

Viptela brings Software-Defined WANs to the enterprise

Traditional WANs are too complex, too costly and too inflexible to support today's bandwidth-intensive services and applications. Viptela says software defined WANs can fix that.
January 22, 2015

Zscaler Appoints HP, Symantec Exec Global VP of Sales

Bill Welch, veteran software industry executive, joins Zscaler as Vice President of Global Sales and Chief Revenue Officer to scale the company’s sales and channel organizations and accelerate growth worldwide.
January 14, 2015

The Convoluted Trail Linking North Korea to Sony

"I know a number of people who are concerned that we don't have definitive proof to give proper attribution to the attack, but in cases like this we rarely have all the evidence we need to provide attribution," noted Michael Sutton, vice president of security search for Zscaler. "I do think that while we don't have conclusive proof -- the FBI hasn't been that transparent with us -- I do think North Korea remains the most viable suspect in this attack," Sutton said.
January 13, 2015

Cradlepoint & Zscaler Get Together to Reinforce the Branch Office

One of the biggest security problems when it comes to mobile technology is that of the retail store and the branch office. To that end, Cradlepoint and Zscaler got together to introduce a new breed of hybrid solution that takes the best of a cloud-based solution and matches it with parts of an on-premise solution to deliver powerful, yet useful, protection.
January 13, 2015

Cradlepoint Releases Zscaler Support

Yesterday at the 2015 NRF Conference (National Retail Federation), Cradlepoint has announced the availability of the long awaited Zscaler Internet Security integration. Developed as a joint program between Cradlepoint and Zscaler, this advanced protection monitors data breaches, ensures PCI compliance, and helps remote offices by running a single threat management solution. Built into enterprise routers like the MBR1200, MBR1400, AER 2100, and COR IBR, this is both a rapidly deployed, and easily managed, threat protection solution.
January 13, 2015

William Welch

William Welch has joined Zscaler as global vice president of sales, responsible for for scaling Zscaler’s sales and channel organizations and accelerating growth worldwide.
January 13, 2015

New Variant of Vawtrak Banking Trojan Delivered by Chanitor Downloader

A new strain of the Vawtrak banking Trojan has been discovered by Zscaler security researchers, who observed that it was delivered by malware downloader Chanitor.
January 12, 2015

Feedback Friday: Is North Korea Behind the Sony Hack?

In late November, Sony Pictures Entertainment was hacked by a group calling itself Guardians of the Peace (GOP). What initially appeared to be another hacktivist attack, later turned out to be a sophisticated operation possibly orchestrated by a state actor. Zscaler’s Michael Sutton weighs in.
January 9, 2015

Ad Retargater