One common question we get about cloud-based zero trust architectures is about stability and scalability.
If you’ve seen any of our customer presentations, you may recall that the Zscaler Zero Trust Exchange processes around 160 billion requests on a daily basis (a number that doubles every 20 months) across 150 data centers around the world.
How are we keeping up with the continually expanding global traffic on the enabling cloud platforms? The answer is that Zscaler is a cloud-built service that leverages cloud technology as it was designed to be used.
Zscaler runs applications on native/owned hardware and hypervisors. But since a lot of non-dataplane services do not need dedicated hardware, some applications are better incubated in IaaS and microservices infrastructures and then later migrated. This allows for more agile development.
The architecture is backed by over 100 patents and scales elastically to handle massive spikes in traffic. During the pandemic, a Zscaler customer securely hosted a company-wide global video webcast for over 70,000 employees. It went smoothly, mostly because our cloud-based services could easily cover the traffic spike by elastically ramping up resources. A legacy hardware solution with limited bandwidth might not have handled it as well.
Another key Zscaler architectural decision for delivering an entire security stack as a cloud service is multitenancy. Multitenancy has many advantages in use cases that require massive on-demand compute resources, such as a hyperscale cloud. Cloud SaaS solutions such as Salesforce and Workday use multitenancy.
For cloud-based security, a multitenant platform provides three powerful capabilities:
When all cylinders are firing, the metrics speak for themselves. Consider an average enterprise user browsing the internet and accessing cloud apps: Microsoft 365 for email and collaboration, Salesforce to update customer account information, and so on. The number of resultant daily TCP sessions will be very high. How high? Well, for companies shifting from on-prem Exchange and SharePoint to Microsoft 365, average user sessions can be five to 10 times greater.
Now, multiply that by all the users in the enterprise, and then again by all the enterprises with the same dynamic, worldwide. You are left with exponential growth in transaction volume. The Zscaler platform tracks this increase as the chart below illustrates:
A platform architected using multitenancy and powered by elastic cloud resources absorbs the exploding demand without reducing performance. To the contrary, the platform’s stability has improved over time, as evidenced in the inversely proportional (to traffic growth) drop in support tickets raised by customers.
Ensuring security for all these transactions means checking every one for malware and data loss. Eighty percent of all internet transactions are SSL-encrypted, meaning you need to crack these open and inspect the contents. And inspection decisioning must be incredibly fast so that users do not experience any added latency.
This is only possible when you run all security engines (URL filter, IPS, content scanning, APT and Sandbox, DLP and CASB) in parallel, reading from the packets in memory and coming with their verdicts. This is called SSMA (Single Scan Multi Action), which radically improves user experience compared to engines running in a sequential, proxy-chain manner. It works by stripping the IP header off the packets before performing all scans simultaneously with minimal latency since all operations are done in memory only. All of it results in better speed and security.
When you consider how much smarter cyber-adversaries have become, how their tool sets have evolved (ransomware payloads, user credentials from past attacks), and their availability on the dark web, it can fill any security and networking executive with anxiety. Given the sheer volume of nefarious activity, many companies are now bracing for a “when” response rather than “if” when focusing on continuously reducing threat, vulnerability, and risk exposure.
To outsmart the adversaries, Zscaler’s cloud harvests billions of transactions (not the payload but the metadata) using machine learning. The resultant insights help to identify attack patterns, improve speed of detection, and reduce false positives. Some examples are auto-classification of URLs and web content or detection of malicious files meant for zero-day attacks. This ML-driven security posture gets amplified in the multitenant cloud architecture to protect all customers.
Since March 2020, there has been a 500 percent increase in ransomware attacks over TLS. From January to October 2020, the Zscaler platform blocked 193 million phishing attempts over encrypted channels and discovered that 30 percent of encrypted attacks were delivered via AWS, Google Drive, OneDrive, and Box, according to Zscaler ThreatLabz.
Zscaler has identified and stopped 6.6 billion threats hidden inside encrypted traffic last year, a 260 percent increase from 2019. These staggering numbers are only possible with a stable and scalable cloud-based solution.