Zscaler in the media: research, information, and perspectives
2017 | 2016 | 2015 | 2014 | 2013 | 2012 | 2011 | 2010 | 2009 | 2008
December 23, 2013

Jay Chaudhry, founder and CEO of Zscaler, a cloud-based information security company, recalls a recent conversation he had with a CSO. "I asked him, 'How many employees do you have?" Chaudhry noted. "He said, '10,000.' I said, 'How many gateways to the Internet do you have?' I expected an answer like three or four or five. He said, '10,000.'"

November 15, 2013

Jay Chaudhry, founder and CEO of cloud-security company Zscaler, has a strong perspective on these developments. Zscaler has a big stake in the outcome; it's global customers depend upon the cybersecurity vendor for Web and mobile device security and bandwidth control. CyberTruth asked Chaudhry to connect a few dots

October 28, 2013

Zscaler for Office 365 a cloud-based service, enabling security and visibility into Office 365 without increased bandwidth for an undiminished user experience

October 23, 2013

Zscaler, which uses its security-proxy approach to detect malicious traffic, allows companies to avoid the sticky questions of trying to manage an employee-owned device and instead allows the business to focus on the part of the infrastructure that belongs to them: the network and the data

October 22, 2013

While larger companies have the ability to deploy DNS servers in their internal networks, cloud services have quickly begun offering much of the flexibility of internal configurations while delivering on a passel of security features as well, says Patrick Foxhoven, chief technology officer for cloud security firm Zscaler.

October 20, 2013

The Direct-to-Cloud Network (DCN) from Zscaler enables enterprises to safely conduct business beyond the corporate network by embracing mobility and cloud trends. The DCN illustrates the evolution away from the traditional hub-and-spoke enterprise network and security model.

October 14, 2013

To support such a product, Chaudhry has had to build a worldwide presence of the Zscaler cloud so that a mobile device is as close as possible in network terms to the cloud gateway. The gateway is then able to look at each request flowing to and from the mobile device and look for all of the usual cyber-security attacks, shutting them down when they are found. It is also possible to use this sort of approach for remote offices.

October 14, 2013

Making this work on a global basis is much easier said than done. I recently spoke with Jay Chaudhry, CEO and Founder of Zscaler, a pioneer in cloud-based cyber security whose global security cloud works as described above.

October 11, 2013

Zscaler provides an in-the-cloud security service for enterprise mobility, cloud applications and social media

October 04, 2013

The strategy is a significant departure from the past, when authors created code that would noisily attempt to exploit a number of vulnerabilities, says Michael Sutton, vice president of research for Zscaler, a cloud security provider.

September 25, 2013

As is customary, Apple has continued to raise the security bar with the latest version of iOS 7. Both consumers and enterprises will benefit from some of the recent changes.

September 23, 2013

The Trojan hooks itself into the browser processes of victims before using a self-signed SSL certificate to trigger encrypted “phone home” communication with remote command and control servers. This encryption is designed to keep the malware under the radar of corporate and ISP-level network security tools. Detection by endpoint security scanners is also low, according to Zscaler.

September 23, 2013

Sutton says Zscaler goes one important step further than other approaches to combatting APTs. Instead of just identifying the potential threat, the Zscaler cloud service will also remediate the threat. That significantly reduces the amount of time any APT has to inflict damage on the organization.

September 20, 2013

On the heels of a major industry first, cyber security firm Zscaler has bumped up their IPO plans up by six months after the success today’s FireEye IPO. FireEye exploded in its first day of trading today, more than doubling its projected $20 IPO price. It’s the latest stock market tech winner and one that further certifies the increasing public interest in the cyber security market.

September 20, 2013

CEO Jay Chaudry, who co-founded the company in 2008 and steered it into a global security provider to more than 4,000 enterprise customers, told Reuters in an interview that FireEye's eye-popping first-day performance clinched his decision.

September 20, 2013

"These attacks are carried out utilizing stealth tactics both on and off the wire," said Chris Mannon, a security researcher at Zscaler, in a blog post. "Caphaw avoids local detection by injecting itself into legitimate processes."

September 19, 2013

Chris Mannon, a researcher on Zscaler's ThreatLabZ team, told on Thursday that fraudsters are using variants of the malware, also known as Caphaw, to target users' online banking credentials at 24 banks around the world.

September 19, 2013

To date, it's not clear how people are being infected with the latest version of Shylock, although Zscaler ThreatLabZ security researchers Sachin Deodhar and Chris Mannon said in a blog post that "it is more than likely arriving as part of an exploit kit [homing] in on vulnerable versions of Java."

September 19, 2013

Cybercrooks wielding the Caphaw (better known as Shylock) banking Trojan are once again targeting users of financial institutions around the world, warns Zscaler.

September 19, 2013

The recent rise in the number of Caphaw infections is interesting when taken in context to the SilverSky report. The malware has been around since 2011, and mostly targets financial firms in Europe. According to Zscaler's research, the latest infections are due to Caphaw being added to several exploit kits, which are targeting vulnerabilities in Java.

September 18, 2013

“This limits the ability of traditional network monitoring solutions to dissect the packets on the wire for any malicious transactions,” said Zscaler researchers Sachin Deodhar and Chris Mannon in a blogpost today. Most of the infections, they said, are happening in the U.K., Italy, Denmark and Turkey.

September 18, 2013

Cloud security firm Zscaler is taking on the vendors selling appliances as the solution to Advanced Persistent Threats (APTs) with a new cloud-based service that claims it can stop multi-pronged attacks in real time for all types of device under its wing.

September 18, 2013

"Behavioral analysis is a really critical piece in detecting that last 'X' percent," says Michael Sutton, vice president of security research for Zscaler, which provides security for endpoints through a cloud service. "There will always be a chunk of stuff that cannot be detected through signature-based approaches."

September 17, 2013

Behavioral analysis is an important feature for identifying advanced threats, Zscaler explained, but it is not a complete solution on its own. The results from behavioral analysis should be combined with other preventative and detective controls to ensure comprehensive protection.

September 17, 2013

The first cloud-based security solution to address the advanced threat defense life cycle, including protection, detection and remediation; enables continuous coverage of any user on any device, in any location.

September 17, 2013

Zscaler is adding suspicious file analysis to its cloud security platform to better detect custom malware and zero-day exploits associated with advanced persistent threats, according to company executives.

September 12, 2013

Scammers are obviously hoping that their marks pay up to resolve the problem without giving this any further thought. The proposed opt-in system to allow adults to look at legit porn sites in the UK laws may inadvertently help the preposterous con appear a tad more plausible, according to Zscaler.

September 09, 2013

Businesses have moved directly beyond testing and development and are readily running external facing business-critical apps in the cloud, says Charles Milton, director service provider EMEA of Zscaler, the direct to cloud network provider.

September 06, 2013

Recently I had the opportunity to evaluate the Zscaler Cloud-based security solution. Zscaler provides security-as-a-service and integrates seamlessly with Forefront TMG to provide essential web security protection with URL filtering, dynamic web content control, virus and malicious software scanning, HTTPS inspection capabilities, and more.

September 05, 2013

That means that one app was removed for every two new apps that came to the Play store. According to Zscaler, a security firm, one in every five apps available on Google Play has some sort of problem with it.

September 04, 2013

"These types of attacks are very difficult to detect and cannot necessarily be discovered with an endpoint agent," James Kawamoto, director of product management at Zscaler, told TechNewsWorld.

September 02, 2013

What your CISO says when asked about moving a server to the public cloud: "No way -- we'll lose control of a mission-critical application." What she's really thinking: "No way -- it'll make my life a living hell during security audits."

August 30, 2013

"The idea here is to use a clean machine to further propagate nastiness," Chris Mannon, a security researcher at Zscaler's ThreatLabZ, said via email. He recently spotted the anti-spam service-referencing capabilities in a variant of the botnet that was first discovered in late July.

August 29, 2013

The reality about cloud computing, says Kapil Raina, Zscaler’s director, is that these challenges have been met for some time but that the message about how these issues can be solved – using a combination of governance strategy and security technologies – is only now starting to get through to the management professionals that matter.

August 29, 2013

In a blog posted Tuesday, Zscaler researcher Chris Mannon offers an analysis of the latest iterations of Kelihos, and four tip-offs that indicate its infection.

August 29, 2013

Some spammers apparently do care. In a post for the ZScaler blog, Chris Mannon analyses a recent Kelihos sample that I thought was interesting in this context.

August 28, 2013

Network administrators should take extra care in monitoring users with anomalous levels of traffic. A single node giving off so much traffic to different services in such a small window could be used to identify potential victims.

August 26, 2013

Cloud approaches to security offer a solution. Software-as-a-service security companies like Zscaler can scan our mobile data traffic using proxies and VPNs, scrubbing them for malware, phishing, data leaks, and bots

August 19, 2013

Researchers at Zscaler warned that the attackers behind the 'CookieBomb' attack are still hard at work compromising users through legitimate websites

August 13, 2013

Adware is now so deeply buried in Google's Play store that one in five of the most popular apps are rated a privacy risk by mobile security programs, an analysis by Zscaler has found.

August 12, 2013

The Zscaler blog suggests that there is a growing gap between Google's willingness to accept new applications that permit aggressive advertising techniques, and antivirus applications, which increasingly block applications that use such aggressive techniques.

August 12, 2013

The Zscaler Direct-to-Cloud Network lets organizations replace multiple security products with a single, cloud-delivered service to deliver application control, data traffic inspection, bandwidth allocation to core business applications and user protection, allowing safe Internet access.

August 09, 2013

Chaudhry first company turned dozens of employees into millionaires. His latest company – Zscaler- is worth a cool billion.

August 09, 2013

Mobile security vendor Lookout threw down the gauntlet a couple months ago, calling out ad networks with bad behavior. A new study by Zscaler shows that quite a few other vendors agree. The one holdout? Google.

August 09, 2013

"We have found around 1,845 applications which are flagged by one or more AV vendors as including adware. This is a big number," said Viral Gandhi, a security researcher at Zscaler ThreatLabZ, in a blog post that called out the "gap between Google Play and AV vendors on adware classification".

August 09, 2013

Zscaler, which provides cloud-based security for mobile devices, on Thursday published research that found one or more antivirus vendors had flagged 22% of the 8,000 popular apps it tested.

August 07, 2013

Many of CMS systems, like WordPress, are easy to use. That's a good thing for users, but it's not so good for site security. "The biggest issue with WordPress is that its users are not always the most technically savvy," Michael Sutton, vice president of security research at Zscaler, said in an email.

August 07, 2013

"More advanced likejacking scams will even use JavaScript to create a dynamic link that follows the user's mouse to ensure that any click, regardless of location, hits its intended target," says Michael Sutton, VP of security research for cloud security vendor Zscaler.

August 02, 2013

Zscaler said he's heard reports of malicious files hosted on Dropbox, but the they appear to have been removed, the blog noted.

July 24, 2013

"This is not a new issue, of course," said Julien Sobrier, senior security researcher at Zscaler. "Java is an old technology and it has been running on many devices for many years. It's has always been a struggle to keep it up to date."

July 12, 2013

"Enterprises tend to have reasonable control over patching at the OS and browser level, but ask the average CISO for a report on browser plug-ins installed in the organization, and they won't know where to begin," says Michael Sutton, vice president of security research for cloud security vendor Zscaler. "Attackers know this all too well."

July 08, 2013

"Zscaler has added mobile security to its arsenal of cloud-based security services which the firm is pitching as a flexible way to fix the risk of employee-owned devices bypassing conventional filtering layers."

June 06, 2013

"When we get traffic from these mobile devices, we can inspect traffic patterns to be able to tell suspicious and malicious traffic patterns and provide the user notification," said Subbu Iyer, director of product management, Zscaler.

June 04, 2013

"Focusing on mobile browser security is just one piece of the puzzle. Even some legit apps are getting a little greedy and the malicious apps are just stealing your contact list," said Punit Minocha, vice president of business development and mobile solutions.

June 03, 2013

Zscaler Mobile Security extends the benefits of the Zscaler Security Cloud to enable advanced threat protection, real-time mobile traffic analysis and granular policy controls on BYOD and corporate-issued mobile environments - without on-premise hardware or per-device software.

June 03, 2013

Reporting is comprehensive and can be delivered in near real time, meaning that it is completely up to date with users' activities. We liked that the Zscaler services move with the user, no matter where in the world the user happens to be. This by itself is a big benefit. Finally, we liked that Zscaler is constantly gathering global threat data that it uses in protecting customers' data.

May 19, 2013

"We have found a many malicious sites that specifically target Internet Explorer or Firefox users, but not often Google Chrome users," said Julian Sobrier, senior security researcher, Zscaler.

April 04, 2013

"We have traffic from 180 countries, a pretty good global view, and we didn't see any disruption," says Michael Sutton, vice president of security research at Zscaler, a San Jose-based provider of cloud security services.

March 20, 2013

Many analysts in Seoul suspect that North Korean hackers honed their skills in China and were operating there. At a hacking conference here last year, Michael Sutton, the head of threat research at Zscaler, a security company, said a handful of hackers from China "were clearly very skilled, knowledgeable and were in touch with their counterparts and familiar with the scene in North Korea."

March 20, 2013

"While the attack itself had limited sophistication, it succeeded in disrupting the activities of numerous major banks and media outlets in South Korea," said Michael Sutton, vice president of research, Zscaler.

March 20, 2013

Cyber security expert, Michael Sutton, Zscaler, says this hacker has a diabolical method. "He is not going after the individual, but rather the family and friends - the ones that are in communication with them," said Sutton.

January 31, 2013

“By combining Zscaler’s Security Cloud with solutions from our identity partners, enterprises can accelerate user protections and productivity control of their cloud applications, social media, and mobile devices.”

January 30, 2013

“Hardware vendors tend to strive for ease of use in their products– often to the detriment of security. For this reason, protocols such as UPNP, which ease deployment, tend to be enabled by default and often without forcing overall authentication to be enabled.”

January 29, 2013

“But Michael Sutton, VP of security research for Web security firm Zscaler Labs, has published research showing that embedded Web servers in devices -- such as printers and photocopiers -- are often Internet-connected and unsecured with either passwords or firewalls. That would make the devices of interest for corporate espionage purposes.”

January 28, 2013

“ZAP provides two ways to test mobile applications — Search and Scan. Zscaler has already tested many existing applications and by entering the app’s name into the Search function, you will learn how it behaves.”

January 21, 2013

"Fundamentally there are game-changing innovations going around all over the authentication space, far beyond what even Google has imagined," said Raina.”

January 18, 2013

"Everyone is worried about malware and malicious applications, but the real threat is the app that is poorly coded and we are blindly trusting it while it's placing our privacy at risk."

January 18, 2013

“Many mobile apps are actually just web pages displayed in a WebView control or, more commonly, web content mixed in with native controls, such is the case for ESPN SportsCenter,”

January 18, 2013

“The team at ZScaler recently performed a set of relatively simple tests on the ESPN ScoreCenter app, and they found several key vulnerabilities.”

January 18, 2013

“Zscaler researchers recently uncovered two significant vulnerabilities in the ESPN ScoreCenter app for iOS.”

January 18, 2013

“Security researchers from Zscaler have put their Zscaler Application Profiler (ZAP) service to good use and they’ve identified a couple of vulnerabilities in the ESPN ScoreCenter iOS app – an official ESPN Inc. application which allows users to check out live scores, videos, news and alerts.”

January 18, 2013

“This week’s security app is a clever little online tool called Zscaler Application Profiler (ZAP). Developed by security fir Zscaler, ZAP allows users to scan their iOS and Android apps to check them for security issues.”

January 09, 2013

“Clearly having the best security is not enough,” said Michael Sutton of the security firm ZScaler, otherwise RIM would be in a better position.”

January 08, 2013

"The hardware industry unfortunately has a rather abysmal history when it comes to 'baking security in'; so expect this wave of connected hardware to present a vast amount of low-hanging fruit for security researchers."

January 07, 2013

Michael Sutton, head of security research at cloud security company Zscaler, said he expects governments to spend furiously on building up their cyber arsenals. Some may even outsource attacks to online hackers.