https://www.zscaler.com/ Press releases and announcements, featuring Zscaler. en https://www.zscaler.com/press/zscaler-appoints-syam-nair-chief-technology-officer-accelerate-innovation-and-product Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced that Syam Nair has been appointed as the company’s Chief Technology Officer and EVP of Research and Development. In this role, Nair will be responsible for driving the research and development engines to expand Zscaler’s Zero Trust Exchange platform, accelerate AI/ML innovations, and further scale the largest security cloud in the world. Nair will join Zscaler’s senior executive team on May 24, 2023. “I am excited to welcome Syam to the Zscaler’s leadership. He has real-world experience in leading and scaling engineering and product development teams that accelerated innovation cycles at Salesforce, one of the largest SaaS and cloud platforms in the world,” said Jay Chaudhry, CEO, Chairman, and Founder, Zscaler. “As we drive our business to reach $5 billion in annual recurring revenue, with eyes set to go much farther, Syam’s proven experience will play an important role in scaling Zscaler’s platform and organization.” Nair will bring more than 25 years of engineering and product development leadership with expertise in ground-up incubation and in leading large teams at Salesforce and Microsoft through R&D transformations. During his tenure at Microsoft, Nair was part of the leadership team responsible for building and the accelerated expansion of planet-scale globally distributed Azure data services. At Salesforce, Nair's leadership has been a driving force for key strategic innovations, including Salesforce Genie, a hyper-scale CRM Data Platform, while continuing to integrate inorganic innovations and scaling the AI-powered customer engagement platform for accelerated growth and 10x Scale. Nair and his leadership team were also responsible for the vision and execution of next-generation AI, Search, and Analytics experiences. “I am delighted to join the Zscaler leadership team and drive innovation and cloud platform scale at the industry leader in cloud security,” said Nair. “Enterprises are at the cusp of a technology evolution where massive amounts of data are converging in the cloud and being put into action with advanced AI and cybersecurity technologies. Zscaler is at the forefront of this transformation with access to the largest, most valuable data pool for cloud security, with more than 300 billion transactions per day. As part of this leadership team, I am very excited to drive the innovation vision and continue to accelerate and deliver on the AI/ML-led cybersecurity transformation for our customers with a hyper scale Zscaler platform.” Nair holds a master’s degree in computer science and applications Engineering from Goa University and a Master of Business Administration from Indiana University – Kelley School of Business. Forward-Looking Statements This press release contains forward-looking statements that are based on our management's beliefs and assumptions and on information currently available to our management. These forward-looking statements include the potential impact of the hiring to Zscaler's future recurring revenue expected platform development and ability to scale. These forward-looking statements are subject to the safe harbor provisions created by the Private Securities Litigation Reform Act of 1995. A significant number of factors could cause actual results to differ materially from statements made in this press release. Additional risks and uncertainties are set forth in our most recent Annual Report on Form 10-Q filed with the Securities and Exchange Commission (“SEC”) on March 8, 2023, which is available on our website at ir.zscaler.com and on the SEC's website at www.sec.gov. Any forward-looking statements in this release are based on the limited information currently available to Zscaler as of the date hereof, which is subject to change, and Zscaler will not necessarily update the information, even if new information becomes available in the future. Tue, 16 May 2023 12:00:00 +0000 press@zscaler.com https://www.zscaler.com/press/zscaler-appoints-syam-nair-chief-technology-officer-accelerate-innovation-and-product https://www.zscaler.com/press/zscaler-expands-digital-experience-monitoring-new-ai-powered-insights-and-analysis-support Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced advancements to Zscaler Digital ExperienceTM (ZDX™), an integrated solution that provides end-to-end visibility and IT troubleshooting capabilities accessed through the Zscaler security cloud. The modern workforce is geographically dispersed, resulting in difficulties for IT and helpdesk teams that need to ensure non-stop productivity and high-quality digital user experiences for all employees. With the recent ZDX updates, Zscaler uses AI-powered insights to empower IT Operations and Service Desk teams with insights, diagnostics, and remediation needed to ensure flawless digital experiences and support workforce productivity, especially within organizations where applications, data and their users are widely distributed. Leveraging AI can accelerate the troubleshooting process dramatically, reducing remediation time from hours, days or even weeks, to a few minutes. Zscaler’s new AI-powered monitoring capabilities provide more transparency into the user experience and offer intelligent solutions for user issues and performance inefficiencies. In addition, Zscaler now provides meeting quality metrics for WebEx to fine-tune the user experience, and ZDX has already implemented support for UCaaS applications like Microsoft Teams and Zoom. This comprehensive approach to digital experience monitoring allows service teams to maximize digital dexterity, achieve approximately 70% improvement in IT Ops productivity when AI-powered root cause analysis is used and scale their global enterprise with environments secured by Zscaler. “With the move to cloud, SaaS and hybrid work, it’s becoming increasingly difficult for IT teams to monitor performance across distributed apps, data, and users. Siloed network, application and device monitoring tools provide fragmented visibility and fail within zero trust environments, leaving IT teams unprepared,” said Dhawal Sharma, Vice President and General Manager at Zscaler. “These new capabilities provide deep insights and AI-powered analysis that help IT teams thrive within these complex environments so that they can ensure optimal digital experiences, and increase employee productivity.” The new Zscaler Digital Experience capabilities provide actionable insights and diagnostics by analyzing enormous amounts of telemetry gathered by unifying monitoring silos across diverse end-user devices, a user’s local network, ISP and corporate networks, proxies, the Zscaler Zero Trust Exchange and applications. IT teams within enterprise-sized organizations can now: Achieve faster IT resolutions using AI: Using AI and machine learning processes, ZDX automates root cause analysis to eliminate fragmented data, alert fatigue and finger pointing across IT teams. With a unified view of performance across the entire application delivery chain, instant root cause analysis, and integration with ServiceNow, IT and service desk teams are empowered to quickly triage and resolve user complaints. Furthermore, with AI-powered analysis and dynamic alerts, IT teams can quickly compare optimal versus degraded user experiences and set intelligent alerts based on deviations in observed metrics. Enable higher quality collaboration: ZDX now integrates with Webex to present video conferencing quality insights, alongside device and network performance metrics, to instantly isolate root causes of poor experiences and to ensure uninterrupted and productive meetings. Effortlessly scale global enterprises: Desktop support teams often struggle with resolving device issues for remote workers and employees in other regions. This release adds a range of key metrics including device health, active processes and Windows OS metrics that are critical to troubleshooting device issues. In addition, ZDX now supports remote packet capture for complex network troubleshooting, even when the user device is not on the corporate network. Data is stored in local file systems, to comply with data privacy laws like GDPR, CCPA and PIPEDA. ZDX also supports deep tracing and adaptive traceroute visibility into applications protected by ZPA with web caching, which reduces the load on applications without impacting monitoring fidelity. “As a leader in the equipment rental industry, we are committed to delivering exceptional experiences and value to our customers at every phase of their projects. Keeping our employees digitally equipped and productive across 1200 plus stores, is critical to meeting our goals,” said JP Saini, EVP, Chief Digital & Technology Officer at Sunbelt Rentals. “ZDX and its new AI-powered detection and analysis capabilities help us proactively respond to developing problems that can impact employees, and quickly resolve user issues resulting in greater productivity, and higher IT staff and end user morale.” The new enhancements are available to Zscaler Digital Experience users. For a deeper dive into the latest advancements to ZDX, please read this blog or download our eBook. Tue, 09 May 2023 12:00:00 +0000 press@zscaler.com https://www.zscaler.com/press/zscaler-expands-digital-experience-monitoring-new-ai-powered-insights-and-analysis-support https://www.zscaler.com/press/zscaler-threatlabz-research-shows-nearly-50-increase-phishing-attacks-education-finance-and Key Findings Phishing attacks around the world rose nearly 50% in 2022 compared to 2021 Education was the most targeted industry, with attacks increasing by 576%, followed by finance and government, while last year’s top target, retail and wholesale, dropped by 67% The top five most targeted countries were the United States, the United Kingdom, the Netherlands, Canada, and Russia Top targeted brands include Microsoft, Binance, Netflix, Facebook, and Adobe AI tools like ChatGPT & Phishing Kits have significantly contributed to the growth of phishing, reducing the technical barriers to entry for criminals and saving them time and resources SMS phishing (SMiShing) evolves to more voicemail-related phishing (Vishing), luring more victims into opening malicious attachments Cloud-native proxy-based Zero Trust architecture is critical for organizations to defend against evolving phishing attacks Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today released the findings of its 2023 ThreatLabz Phishing Report. The report views 12 months of global phishing data from the world’s largest in-line security cloud to identify the latest trends, emerging tactics, and which industries and regions are most impacted by phishing attacks. The report found that a majority of modern phishing attacks rely on stolen credentials and outlined the growing threat from Adversary-in-the-Middle (AitM) attacks, increased use of the InterPlanetary File System (IPFS), as well as reliance on phishing kits sourced from black markets and AI tools like ChatGPT. “Phishing remains one of the most prevalent threat vectors cybercriminals utilize to breach global organizations. Year-over-year, we continue to see an increase in the number of phishing attacks which are becoming more sophisticated in nature. Threat actors are leveraging phishing kits & AI tools to launch highly effective e-mail, SMiShing, and Vishing campaigns at scale",” said Deepen Desai, Global CISO and Head of Security, Zscaler. “AitM attacks supported by growth in Phishing-as-a-Service have allowed attackers to bypass traditional security models, including multi-factor authentication. To protect their environment, organizations should adopt a Zero Trust architecture to significantly minimize the attack surface, prevent compromise, and reduce the blast radius in case of a successful attack.” The Rise in New and Evolving Threats like ChatGPT The emergence of new AI technology and large language models like ChatGPT have made it easier for cybercriminals to generate malicious code, Business Email Compromise (BEC) attacks, and develop polymorphic malware that makes it harder for victims to identify phishing. Malicious actors are also increasingly hosting their phishing pages on the InterPlanetary File System (IPFS), a distributed peer-to-peer file system that allows users to store and share files on a decentralized network of computers. It is much more difficult to remove a phishing page hosted in IPFS because of its peer-to-peer network aspect. ThreatLabz recently discovered a large-scale phishing campaign that involves Adversary-in-The-Middle attacks. AiTM attacks use techniques capable of bypassing conventional multi-factor authentication methods. Vishing, or voicemail-themed phishing campaigns, have evolved from SMS or SMiShing attacks. Attackers are using real voice snippets of the executive team in these vishing attacks by leaving a voicemail of these pre-recorded messages. Then, recipients are pressured into taking action, like transferring money or providing credentials. Many US-based organizations have been targeted using Vishing attacks. Recruitment scams on LinkedIn and other job recruiting sites are also on the rise. Unfortunately, in 2022, many big businesses in Silicon Valley made the tough decision to downsize. As a result, cybercriminals leveraged fake job postings, sites, portals, and forms to attract job seekers. Victims would often undergo an entire interview process, with some even being asked to purchase supplies to be reimbursed later. Name Brands Used To Lure Victims Cybercriminals often find success when impersonating popular consumer and technology brands. Microsoft was once again the most imitated brand of the year, accounting for nearly 31% of attacks as the attackers phished for access to various Microsoft corporate applications of the victim organizations. Cryptocurrency exchange Binance accounted for 17% of imitated brand attacks, with phishers posing as fake customer representatives from banks or P2P companies. Big brands like Netflix, Facebook, and Adobe rounded out the top 20 most imitated and phished brands. North America Continues To Be A Top Target For Phishing Attacks The U.S., once again, keeps its top spot as the most targeted country for phishing attacks. Data indicated that more than 65% of all phishing attempts occurred in the U.S., an increase from last year’s 60%. While the U.S. continues to lead the way, the research revealed staggering year-over-year increases in phishing attempts targeting Canada (718%), the U.K. (269%), Russia (199%), and Japan (92%). Conversely, Hungary and Singapore both decreased by 90% and 48%. ThreatLabz believes the decrease in Singapore may be due to the government’s efforts toward investing in cybersecurity, including initiatives by the country’s Cyber Security Agency (CSA). Phishing Attacks on Education and Healthcare Industries Surge The education industry experienced the most significant surge in 2022 phishing attempts, jumping from the eighth spot to number one, with an increase of 576%. ThreatLabz believes the 2022 application process for student loan repayments and debt relief played a role in this surge. Rounding out the top five industries under attack are finance, insurance, government, and healthcare, which saw just under 31 million attempts in 2021 to over 114 million in 2022. Retail and wholesale industries, which topped the list as most targeted last year, saw a decrease of 67%. The service industry also saw a decline of 38% from attempts in 2021. Countering Phishing Attacks With the average organization receiving phishing emails daily, financial losses incurred from malware and ransomware attacks can quickly drive up year-over-year IT costs. Facing all the threats outlined in this report is a big job, and while the risk of phishing threats can not be eliminated entirely, IT and security teams can learn from observed incidents. Zscaler recommends the following best practices to manage phishing risk better: Understand the risks to better inform policy and strategy Leverage automated tools and threat intel to reduce phishing incidents Implement Zero Trust architectures to limit the blast radius of successful attacks Deliver timely training to build security awareness and promote user reporting Simulate phishing attacks to identify gaps in your program The Zscaler Zero Trust Exchange™ Protects Systems from Phishing Industry statistics reveal that the average organization receives a high volume of phishing emails daily, and user compromise is one of the most complex security challenges to defend against. The Zscaler Zero Trust Exchange platform is built on a holistic zero trust architecture to minimize the attack surface, prevent compromise, eliminate lateral movement, and stop data loss. Zscaler helps stop phishing in the following ways: Prevents compromise: Full SSL inspection at scale, browser isolation, and policy-driven access control to prevent access to suspicious websites. Eliminates lateral movement: By connecting users directly to apps, not the network, to limit the blast radius of a potential incident. Shuts down compromised users and insider threats: If an attacker gains access to your identity system, Zscaler can prevent private app exploit attempts with in-line inspection and detect the most sophisticated attackers with integrated deception. Stops data loss: Inspect data-in-motion and data-at-rest to prevent potential data theft from an active attacker. To view the full report, download the 2023 ThreatLabz Phishing Report. Global CISO and Head of Security Research, Deepen Desai, will present the report findings at RSAC 2023 on Thursday, April 27th, from 8:30 AM - 9:20 AM PT. Additional details can be found here. Methodology ​​ThreatLabz evaluated data from the Zscaler security cloud, which monitors over 280 billion transactions daily across the globe. ThreatLabz analyzed a year’s worth of global phishing data from the Zscaler cloud from January 2022 through December 2022 to identify key trends, industries and geographies at risk, and emerging tactics. Tue, 18 Apr 2023 12:00:00 +0000 press@zscaler.com https://www.zscaler.com/press/zscaler-threatlabz-research-shows-nearly-50-increase-phishing-attacks-education-finance-and https://www.zscaler.com/press/zscaler-positioned-leader-2023-gartner-magic-quadrant-security-service-edge-sse Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced that it has been recognized as a Leader in the 2023 Gartner Magic Quadrant for Security Service Edge (SSE) for the second year in a row. This is the second consecutive year Zscaler has been named a Leader in the Gartner Magic Quadrant for SSE. Zscaler's extensive global network with multiple Points of Presence (PoPs) and long list of accreditations, including FedRAMP High, C5, IRAP and UK Cyber Essentials, were key factors taken into consideration. In addition, Zscaler maintains a strong partner ecosystem with powerful API integrations, enabling customers to easily connect their systems across adjacent markets such as endpoint detection and response (EDR), security incident and event management (SIEM) and SD-WAN to build a comprehensive, automated security strategy to defend against escalating cyber attacks. “Zscaler pioneered the first cloud-native, multi-tenant, proxy-based architecture more than a decade ago, helping organizations secure their digital transformation with the Zscaler Zero Trust Exchange – a single platform for holistic SSE”, said Jay Chaudhry, CEO, Chairman, and Founder of Zscaler. “We’re pleased that Gartner has recognized Zscaler as a leader in the Magic Quadrant for SSE for the second consecutive year. That said, traditional SSE focuses on users and their devices – just a fraction of an organization’s attack surface – so Zscaler is also extending SSE beyond users to protect workloads, IoT/OT and business customers, delivering a comprehensive SSE platform to protect organizations’ entire attack surface.” In addition to being named a Leader in the 2023 Gartner Magic Quadrant for SSE, Zscaler in SSE market has also been recognized by customers. The company is proud to be named a 2022 Customers’ Choice for the SSE category in Gartner Peer Insights™ ‘Voice of the Customer’ for SSE Report, and was the only vendor to receive this recognition across all the eight segments. A complimentary copy of the 2023 Gartner Magic Quadrant for SSE report can be downloaded here. For additional insights from Zscaler CEO Jay Chaudhry, please read the blog. Gartner Disclaimer Gartner, Magic Quadrant for Security Service Edge, 10 April 2023, Charlie Winckless, et al. Gartner, Gartner Peer Insights ‘Voice of the Customer’: Security Service Edge, Peer Contributors, 3 August 2022. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. Gartner Peer Insights content consists of the opinions of individual end users based on their own experiences with the vendors listed on the platform, should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, MAGIC QUADRANT and PEER INSIGHTS are registered trademarks of Gartner, Inc. and/or its affiliates and are used herein with permission. All rights reserved. Thu, 13 Apr 2023 12:00:00 +0000 press@zscaler.com https://www.zscaler.com/press/zscaler-positioned-leader-2023-gartner-magic-quadrant-security-service-edge-sse https://www.zscaler.com/press/zscaler-extends-cnapp-capabilities-integrated-data-loss-prevention-and-threat-intelligence Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced enhancements to Zscaler Posture Control, strengthening its cloud native application protection platform (CNAPP) capabilities with data loss prevention (DLP) and ThreatLabz threat intelligence powered by the world’s largest security cloud. Integrating DLP and threat intelligence into Posture Control makes it the only CNAPP that delivers an accurate cloud risk view by correlating risk impact and likelihood using sensitive data discovery and security signals. Deep insights into how incidents will occur, and the resulting data exposure, give DevOps and security teams an unprecedented understanding of where to focus their limited resources. For example, an internet-facing container with a critical unpatched vulnerability represents a significant risk because attackers can exploit it to gain access to personally identifiable information (PII). With this new integration, organizations can reduce costs and resources while staying agile and proactive in securing sensitive data and secrets in the public cloud. Research shows that 78% of organizations use more than 50 cybersecurity products. Businesses were initially forced to either piece together point tools, like CSPM, CIEM and vulnerability scanning, or rely on loosely integrated solutions that required agent installation and did not correlate and prioritize findings. Recent solutions shifted to a streamlined, agentless deployment and introduced correlation, but the narrow focus on misconfigurations and unpatched vulnerabilities was only a small piece of the risk puzzle. Zscaler Posture Control, combined with its data protection and threat prevention capabilities, helps world-leading organizations more effectively correlate and prioritize risk across their entire cloud estate, reducing the time, effort and resources needed to piece together these risks. Zscaler Posture Control is a CNAPP solution that helps organizations build, deploy and run secure cloud applications. Launched in 2022, it presents a unified approach to understanding, prioritizing and remediating security risks in public cloud environments. With the seamless integration of Zscaler DLP, security, IT and DevOps teams can understand whether sensitive data such as PII, PHI and PCI is exposed as a result of cloud security weaknesses. These new innovations mean organizations can now realize even greater benefits from Zscaler Posture Control, including: Risk identification, correlation and prioritization: Integrated DLP and threat intelligence identify attack paths and detect ongoing attacks by automatically correlating misconfigurations or activities that seem low-risk when viewed individually but can be great risks when viewed holistically. Efficiency at scale: An integrated graph-based correlation and prioritization engine expedites remediation and reduces alert fatigue by focusing on the risks that matter most. Point product consolidation: A single, easy-to-deploy agentless platform eliminates point products by unifying CSPM, CIEM, CWPP and DLP, continuously securing every stage of the application life cycle. Native, end-to-end platform without silos: Posture Control reduces security and DevOps team silos with 360-degree, in-depth visibility of risks across the entire multicloud footprint – including virtual machines (VMs), containers and serverless workloads – from build to run. “CNAPP platforms have started to gain wide popularity in recent years, but they all suffer from the same weakness: they do not help organizations understand sensitive data exposure,” said Willie Tejada, Senior Vice President at Zscaler. “Zscaler Data Protection technologies offer a deep understanding of sensitive data that we’ve built and developed over many years. By integrating these technologies, Zscaler gives organizations a view of cloud risk that security teams have never seen before.” These enhancements will be made available by June 2023. For more information, please visit zscaler.com/products/posture-control. Learn more from our announcement blog. Wed, 15 Mar 2023 12:00:00 +0000 press@zscaler.com https://www.zscaler.com/press/zscaler-extends-cnapp-capabilities-integrated-data-loss-prevention-and-threat-intelligence https://www.zscaler.com/press/zscaler-appoints-global-sales-and-alliances-veteran-grow-worldwide-zero-trust-ecosystem-sales Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced that Karl Soderlund has been appointed as the company’s Senior Vice President, Worldwide Partners, and Alliances. In his role at Zscaler, Soderlund will be responsible for advancing and modernizing the Zscaler partner program by developing and executing a competitive go-to-market strategy, and leading a world-class channel team. “As the leader in cloud security, Zscaler continues to become a destination for top talent,” said Dali Rajic, Chief Operating Officer, Zscaler. “Karl’s deep partner expertise and proven track record with the execution of highly strategic partner programs at top networking and cybersecurity companies demonstrates that he is the right industry veteran to take our channel partner program to the next level. As we continue to make meaningful investments in our partner model, I am excited to welcome Karl to the company and am confident that his contributions will deliver results and support company growth.” The Zscaler partner program is comprised of leading system integrators, managed service providers, solution providers, and distributors, and continues to add new classes of partners that are expertly suited to help enterprises take advantage of the Zscaler Zero Trust Exchange platform. The partner program is responsible for delivering 95 percent of the company’s business. The Zscaler partner program goes beyond providing access to offering broad-based enablement across the lifecycle of Zscaler’s customers. “Zscaler is an innovator and leader in cloud security that has consistently delivered on the promise of zero trust while redefining network security with the world’s largest inline cloud security platform,” said Karl Soderlund, Senior Vice President of Worldwide Partners and Alliances at Zscaler. “With a total addressable market of $72B, it was a clear choice to join Zscaler. I look forward to bringing my experience to dramatically elevate Zscaler’s partner program.” Soderlund joins Zscaler from Palo Alto Networks where he served as a Senior Vice President. Soderlund’s time at Palo Alto Networks was marked by strong accomplishments, including attracting and retaining top talent, architecting award-winning channel programs, and securing new partners. Soderlund has been awarded channel chief eight times over his career and for the past three years, he's been recognized as one of the top 50 most influential leaders in the industry. Prior to Palo Alto Networks, Soderlund also held senior roles at Aruba Networks, Avaya, HP, Cisco Systems, and Fortinet. Soderlund received his Bachelor’s degree in Business Management from Anna Maria College. Forward-Looking Statements This press release contains forward-looking statements that are based on our management's beliefs and assumptions and on information currently available to our management. These forward-looking statements include the potential impact of the hiring to Zscaler's partner program, go-to-market strategy, and channel team. These forward-looking statements are subject to the safe harbor provisions created by the Private Securities Litigation Reform Act of 1995. A significant number of factors could cause actual results to differ materially from statements made in this press release, including those factors related to our ability to successfully integrate Canonic Security technology into our cloud platform and our ability to retain key employees of Canonic Security after the acquisition. Additional risks and uncertainties are set forth in our most recent Annual Report on Form 10-Q filed with the Securities and Exchange Commission (“SEC”) on March 8, 2023, which is available on our website at ir.zscaler.com and on the SEC's website at www.sec.gov. Any forward-looking statements in this release are based on the limited information currently available to Zscaler as of the date hereof, which is subject to change, and Zscaler will not necessarily update the information, even if new information becomes available in the future. Fri, 10 Mar 2023 12:00:00 +0000 press@zscaler.com https://www.zscaler.com/press/zscaler-appoints-global-sales-and-alliances-veteran-grow-worldwide-zero-trust-ecosystem-sales https://www.zscaler.com/press/zscaler-announces-industry-first-integrated-saas-supply-chain-security-capabilities Zscaler, Inc. . (NASDAQ: ZS), the leader in cloud security, today announced the intent to acquire Canonic Security, a SaaS application security platform innovator. Canonic’s platform is designed to prevent organizations' growing risks of SaaS supply chain attacks. With the massive migration to the cloud, as organizations are adopting hundreds of SaaS platforms, their users are connecting thousands of third-party applications and browser extensions to their critical SaaS platforms like Atlassian Suite, Microsoft 365, Salesforce, Google Workspace, and Slack without IT’s permission. Corporate IT believes its critical data assets are stored and protected in enterprise-ready SaaS platforms. In reality, these assets are held in third-party drives, email clients, and chatbots, bringing data exposure and cyber risk to their SaaS supply chain. Canonic’s solution allows cybersecurity and IT teams to quickly gain visibility to this ungoverned surface area and streamline SaaS application governance and enforcement. By integrating the new supply chain security capabilities into its data protection services, Zscaler strengthens its CASB (Cloud Access Security Broker) and SSPM (SaaS Security Posture Management) offerings enabling companies to consolidate point products reducing cost, and simplifying management. This new capability builds upon the company’s recently announced industry-first, zero configuration data protection solution, and Zscaler’s commitment to data protection wherever the data resides. “When I speak with the top global CIOs, they consistently express their challenges with efficiently securing supply chain logistics due to the massive blind spot in SaaS-to-SaaS communications. While protecting SaaS platforms is necessary with CASB and SSPM, enterprises must reduce the supply chain attack surface, detect SaaS-native threats and automate responses,” said Jay Chaudhry, CEO, chairman and founder, Zscaler. “The addition of Canonic augments our CASB and SSPM capabilities and further strengthens the growing set of services on the Zscaler Zero Trust Exchange, the world’s largest cloud security platform, and provides our customers with unprecedented visibility and security of their SaaS applications. I am pleased to welcome the Canonic team to the Zscaler family as we execute on our vision to advance SaaS security.” “While the SaaS ecosystem continues to grow, traditional CASB and SSPM solutions fall short to secure against the massive amount of supply chain attacks that are targeting organizations and their critical business applications,” said Boris Gorin, co-founder and CEO, Canonic Security. "The combination of Canonic with Zscaler’s existing inline and out-of-band CASB and SSPM offerings is an ideal technology fit that will accelerate how enterprises address SaaS-native threats and simplify operations by reducing the number of tools for SaaS security.” According to research firm Gartner®, “SaaS remains the largest public cloud services market segment, forecasted to reach $176.6 billion in end-user spending in 2022. Gartner expects steady velocity within this segment as enterprises take multiple routes to market with SaaS.” This large-scale move to the cloud has made it difficult for enterprise security operations teams to take control over their growing SaaS app estate and address exposure of their critical cloud data due to the SaaS supply chain – creating a greater attack surface for data breaches. These pain points are amplified due to the current IT skills gaps in the rapidly evolving cloud security space, resulting in an inability for IT to effectively manage the unwieldy set of settings and permissions for which they are responsible. The addition of Canonic’s advanced SaaS security to Zscaler’s existing data protection will enable customers to: Monitor SaaS Security Posture: Automate continuous monitoring of potentially fatal misconfigurations and compliance violations in SaaS platforms such as Atlassian Suite, Google Workspace, Microsoft 365, Salesforce and Slack. Discover and Assess Third-Party Apps and Extensions: Gain full visibility over first, second and third-party apps and API integrations across the enterprise business application estate. Uncover rogue and vulnerable apps, assess each integration posture, behavior and the risk involved with its API access and browser extensions. Reduce Attack Surface: Quarantine suspicious apps, reduce excessive and inappropriate privileges, revoke and block access if necessary. Enforce Access Governance: Enable app integrations by automating app-vetting and app access recertification processes. The transaction is expected to close following the completion of Zscaler’s fiscal second quarter subject to the satisfaction of customary closing conditions. Terms of the transaction were not disclosed. For more information, please see A New and Critical Layer to Protect Data: SaaS Supply Chain Security on the Zscaler blog. Forward-Looking Statements This press release contains forward-looking statements that are based on our management's beliefs and assumptions and on information currently available to our management. These forward-looking statements include the expected benefits of the acquisition to Zscaler’s product offerings and to our customers. These forward-looking statements are subject to the safe harbor provisions created by the Private Securities Litigation Reform Act of 1995. A significant number of factors could cause actual results to differ materially from statements made in this press release, including those factors related to our ability to successfully integrate Canonic Security technology into our cloud platform and our ability to retain key employees of Canonic Security after the acquisition. Additional risks and uncertainties are set forth in our most recent Annual Report on Form 10-Q filed with the Securities and Exchange Commission (“SEC”) on December 7, 2022, which is available on our website at ir.zscaler.com and on the SEC's website at www.sec.gov. Any forward-looking statements in this release are based on the limited information currently available to Zscaler as of the date hereof, which is subject to change, and Zscaler will not necessarily update the information, even if new information becomes available in the future. Tue, 14 Feb 2023 12:00:00 +0000 press@zscaler.com https://www.zscaler.com/press/zscaler-announces-industry-first-integrated-saas-supply-chain-security-capabilities https://www.zscaler.com/press/zscaler-introduces-industrys-first-cloud-resilience-capabilities-sse-ensure-nonstop-cloud Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced Zscaler ResilienceTM, incorporating a new set of capabilities that extend the resilience of Zscaler’s architecture and operations and maintain interconnections between users and devices to critical cloud-based applications. Building upon 15 years of SaaS security innovation and operating the world’s largest inline cloud security platform, these industry-first SSE capabilities enable customers to prepare for and quickly recover from black swan events that could otherwise disrupt or stop business operations. Catastrophic events caused by nation-state actors, acts of vandalism, and natural disasters are difficult or impossible to predict. While these debilitating occurrences are not commonplace, the stakes for cloud resilience continue to rise. Amplified by the fact that modern enterprises have highly mobile employees that rely on secure access to critical cloud-based applications, these events can cause massive disruptions, loss of sensitive data, and impact revenue and reputation. To help organizations prepare for black swan events, Zscaler Resilience leverages the integrated services in the Zscaler Zero Trust ExchangeTM cloud security platform to deliver unique business continuity capabilities that enable customers worldwide to continue their normal operations. Resilience to the Cloud: Preserving interconnections to public and private cloud applications Zscaler Resilience provides business continuity capabilities to protect organizations across blackouts, brownouts, and even rare black swan failure events with the ability to automatically find the optimal path from user and device to application. Zscaler Resilience now includes the following new capabilities: Disaster Recovery – During a catastrophic event affecting access to private applications behind the Zscaler cloud, these customer-controlled operations provide IT and SecOps teams the added flexibility to securely bypass the affected Zscaler cloud and connect to a Zscaler Private Service Edge residing in the customer’s local data center or in a public cloud where the most updated security policies are still applied without disrupting the business. Direct internet access can be restricted to only critical business apps with localized content filtering leveraging Zscaler Client Connector to ensure business continuity. Dynamic Performance-based Selection – This unique feature allows customers to quickly recover from brownout scenarios that can cause performance degradation between users and applications by continuously probing the gateways for HTTP latency and autonomously establishing tunnels that choose the optimal path for traffic. Customer-controlled Data Center Exclusion – This enables customers to set a temporary exclusion period for one of the data centers experiencing connectivity issues and automatically regain services once the issue is resolved. Complementing these new capabilities, Zscaler Resilience AuditTM is a new customized service that assists customers in preparing business continuity plans by identifying areas for improvement and closing gaps before unforeseen events can cause disruptions. As an early adopter of Zscaler Resilience, a multi-billion dollar Euro French global energy and services company needed to maintain ongoing critical infrastructure for its renewable energy and low carbon distributed energy infrastructures in order to help its clients achieve their decarbonization targets in more than 30 countries. To provide services to individual households, cities, and communities, as well as industries, uninterrupted uptime of their assets is essential. By leveraging the new Zscaler Resilience capabilities as an extension of their Zscaler Private AccessTM, the energy company can control access to applications whether the user is in the office or in any remote location, allowing for uninterrupted services to predefined applications, virtually eliminating downtime, and ensuring user productivity. The extended functionality of Zscaler Private Access allows the energy company’s call centers to provide subscriptions and support to customers around the clock even in the case of an unexpected event. For an uninterrupted sales process, staff need to access data stored in different locations without downtime. Zscaler Resilience leverages existing architectural components of the Zscaler Zero Trust Exchange platform such as the client connector, app connector, and private service edge—used for universal ZTNA—to make the switch to disaster recovery mode seamless in the case of an emergency. "As enterprise environments have become more distributed and cloud-centric, executives have begun to prioritize resilience to ensure business continuity,"said John Grady, Principal Analyst, Cybersecurity, Enterprise Strategy Group (ESG). "By integrating Zscaler Resilience directly into its Zero Trust Exchange platform, Zscaler is helping customers prepare for, and quickly recover from, blackouts, brownouts, and black swan events that could otherwise disrupt or stop business operations, in a straightforward and cost-effective way." Resilience of the Cloud: Built on a cloud native zero trust architecture By pioneering its cloud native zero trust architecture, the Zscaler Zero Trust Exchange has transformed the security model and earned a proven reputation for reliability as a mission-critical service for many of the world’s largest enterprises and government organizations. The platform is highly scalable and processes more than 280 billion inline transactions per day with a long history of near-perfect uptime and best-in-class service level agreements (SLAs). Business continuity for mission-critical services is a top priority for IT leaders and Zscaler Resilience positions Zscaler as leading the industry with additional safeguards for customers. “We understand how critical Zscaler is to our customers and make the reliability, availability, and serviceability of our products a top priority for the company,” said Dhawal Sharma, Vice President, General Manager, Zscaler. “Zscaler Resilience is a testament to our promise and commitment to supporting uninterrupted operations for our customers.” For a deeper dive into the new Zscaler Resilience capabilities, please visit. Wed, 01 Feb 2023 12:00:00 +0000 press@zscaler.com https://www.zscaler.com/press/zscaler-introduces-industrys-first-cloud-resilience-capabilities-sse-ensure-nonstop-cloud https://www.zscaler.com/press/zscaler-becomes-member-joint-cyber-defense-collaborative-enhance-cybersecurity-posture-us-and Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced its membership in the Joint Cyber Defense Collaborative (JCDC), underscoring the company’s commitment to improving the nation’s cyber resiliency. JCDC, established by the Cybersecurity and Infrastructure Security Agency (CISA) in 2021, leads the development and implementation of joint cyber defense plans and operations through critical partnerships with the private sector, Federal government and state, local, tribal and territorial governments. Zscaler will work with JCDC to enhance the collective cybersecurity posture of the United States and strategic international partners. As the operator of the world’s largest in-line security cloud, Zscaler and the Zscaler ThreatLabz research team will analyze unique threat telemetry from 270+ billion transactions and 250,000 cloud updates per day – securing users globally. Additionally, Zscaler will participate in future cyber strategy planning with JCDC and its members. “We founded Zscaler with the vision to create a modern cloud-native architecture for the seamless and secure exchange of information,” said Jay Chaudhry, CEO, chairman and founder of Zscaler. “Today, digital transformation has accelerated organizations’ move to cloud-based SaaS models and the internet is now the new corporate network -- rendering 30 years of networking and security principles ineffective. We are honored to be working with JCDC to leverage the threat intelligence in Zscaler’s zero trust platform to help stop large-scale cyberattacks, prevent data exfiltration, and block debilitating ransomware attempts.” JCDC members have diverse and unique expertise to help reduce risk to the cyber ecosystem and critical infrastructure. This diversity provides increased visibility and insights into the threat landscape enabling JCDC to develop plans and exercises against the most severe threats. “JCDC addresses the global imperative for a more inclusive and operationally aligned community of cyber defenders to execute countermeasures against bad actors,” said Stephen Kovac, Chief Compliance Officer at Zscaler. “We have supported CISA for several years at the Federal level, but now we can help support our mutual resilience and ability to address immediate and future cyber incidents at a global level.” Zscaler currently supports over 100 federal agencies and system integrators, keeping sensitive data secure and employees productive while working from anywhere. Additionally, Zscaler is the only cloud security provider with all core solutions comprising its portfolio of products – the Zscaler Zero Trust Exchange platform™ – now authorized through the U.S. Federal government’s FedRAMP program at High and Moderate levels. As a result, government agencies and their contractors can use Zscaler’s Zero Trust platform for systems that manage their most sensitive information and protect against cyber threats. Zscaler’s commitment to enabling security innovation across the public sector is underscored by related milestones, including: Zscaler Advances Enterprise Data Security with Industry-First Zero Configuration Data Protection Zscaler Private Access Achieves DoD Impact Level 5 (IL5) Zscaler First SaaS Cloud Security Provider to Achieve StateRAMP Ready Status Zscaler is chosen to run a pilot program in support of Executive Order 14028 by the National Institute of Standards and Technology (NIST) Zscaler is a Leader in the 2022 Gartner Magic Quadrant for Security Service Edge (SSE), following up 10 consecutive years as a Leader in the Gartner Magic Quadrant for Secure Web Gateway Zscaler is First Zero Trust Remote Access Cloud Service to Achieve FedRAMP-High JAB Authorization ZIA™ receives Authorization to Operate (ATO) at the Moderate Impact level Zscaler Becomes the First Cloud Services Provider to Receive FedRAMP Authorization for a Dedicated Zero Trust Remote Access Platform For additional details about Zscaler’s partnership with JCDC read “Zscaler Joins JCDC to Enhance Collective Cybersecurity Posture of U.S.” Forward-Looking Statements This press release contains forward-looking statements that involve risks and uncertainties, including statements regarding benefits from Zscaler joining JCDC. There are a significant number of factors, risks and uncertainties that could cause actual results to differ materially from statements made in this press release. You should not rely on these forward-looking statements, as actual outcomes and results may differ materially from those contemplated by these forward-looking statements as a result of such risks and uncertainties. All forward-looking statements in this press release are based on information available to us as of the date hereof, and we do not assume any obligation to update the forward-looking statements provided to reflect events that occur or circumstances that exist after the date on which they were made. Mon, 19 Dec 2022 12:00:00 +0000 press@zscaler.com https://www.zscaler.com/press/zscaler-becomes-member-joint-cyber-defense-collaborative-enhance-cybersecurity-posture-us-and https://www.zscaler.com/press/zscaler-study-finds-more-85-attacks-now-use-encrypted-channels-malware-topping-attacks-2022 More than 85% of attacks now use encrypted channels across various stages of the kill chain, up 20% from last year. Nearly 90% of all cyberthreats that affect users and organizations come from malware that downloads a malicious payload via a link shared in an email or infected websites. The U.S. and India are top targets for encrypted attacks. South Africa, the UK and Australia round out the top five. Encrypted threats targeting the manufacturing and education industry increased by 239% and 134%, respectively; conversely, retail saw a 63% and government a 40% decline Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced the release of its annual State of Encrypted Attacks Report, which details the analysis of more than 24 billion threats from October 2021 through September 2022 to track trends of HTTPS-based attacks. The research leveraged insights from more than 300 trillion daily signals and 270 billion daily transactions in the Zscaler Zero Trust Exchange™ — the world’s largest security cloud. The report uncovered that malware continues to pose the greatest threat to individuals and businesses across nine key industries, with manufacturing, education and healthcare being the most commonly targeted. Encrypted attacks remain a significant problem for countries around the globe, with the U.S., India and Japan seeing the biggest increases in attacks over the last 12 months. In addition, South Africa has seen a notable increase in TLS/SSL attacks compared to 2021. “As organizations mature their cyber defenses, adversaries are becoming more sophisticated, particularly in their use of evasive tactics,” said Deepen Desai, CISO and VP of Security Research and Operations at Zscaler. “Potential threats continue to hide in encrypted traffic, empowered by as-a-service models that dramatically reduce the technical barriers to doing so. It is critical for organizations to adopt a cloud-native zero trust architecture that allows consistent inspection of all internet bound traffic and effectively mitigate these attacks.” Malware is king among cybercriminals While cybercriminals hide a variety of attack tactics in encrypted traffic, malware continues to be the most prevalent. Malicious scripts and payloads used throughout the attack sequence make up nearly 90% of the encrypted attack tactics blocked in 2022. This category includes ransomware, which remains a top concern for CISOs as ransomware attacks have increased 80% year over year. As defenses become more complex, attackers have also continued to evolve their techniques, creating new malware variants that are harder to spot and able to bypass reputation-based technologies. The most prevalent malware families the Zscaler ThreatLabz team observed abusing encrypted channels include ChromeLoader, Gamaredon, AdLoad, SolarMarker, and Manuscrypt. Usual suspects make way for a newcomer The five countries most targeted by encrypted attacks include the U.S., India, South Africa, the UK and Australia. South Africa is a relative newcomer to the list, soaring to the top in 2022 after bumping France from its 2021 top-five ranking. Japan (613%), the U.S. (155%) and India (87%) also saw a significant uptick in targets year over year. Manufacturing and education continue to produce the biggest risk Not all industries are targeted by encrypted attacks at the same rate, with businesses deploying legacy security solutions often falling victim more often than others. This year, the manufacturing industry saw a 239% increase in these types of attacks, displacing technology as the most targeted type of business in 2022. Manufacturing remains an attractive target for cybercriminals because of significant transformation occurring across the industry in recent years, including the adoption of new safety measures to manage COVID-19, and infrastructure and applications to counteract supply chain issues. However, adopting new applications, products and services have increased the attack surface for manufacturing businesses, leaving many open to new vulnerabilities that must be addressed in the future. The next closest industry to see the largest jump in attacks was education, with a 132% increase year over year. Education remains a notable target for the second year in a row, with a 50% increase in attacks from 2020 to 2021. Industries like education and manufacturing benefit most from zero trust architecture, which enables inspection of all internet bound traffic to identify suspicious activity and mitigate the growing risk of encrypted attacks. On a positive note, in 2022, attacks against government organizations and retail decreased by 40% and 63%, respectively. Retail endured a major spike in encrypted attacks in 2021 as attackers took advantage of pandemic-driven e-commerce trends, but these have normalized in the past year. Law enforcement agencies across the world have actively pursued cybercriminals targeting these critical industries, making them less attractive targets for hacking groups looking for easy money. Zscaler secures organizations against encrypted attacks at scale Zscaler blocked 24 billion threats in 2022 — a 20% increase from the 20.7 billion blocked in 2021, which was a 314% increase from 2020. This shows that cybercriminals are continuing to evolve their tactics to avoid detection and slip past information security teams. Today, most attacks leverage SSL or TLS encryption, which is resource intensive to inspect at scale, and best done using a cloud native proxy architecture. While legacy firewalls support packet filtering and stateful inspection, their resource limitations make them poorly suited for this task. This creates a critical need for organizations to implement cloud native architectures that support full inspection of encrypted traffic in alignment with zero trust principles. Businesses looking to minimize the risk of encrypted attacks should consider these recommendations as part of their adoption strategy: Use a cloud native, proxy-based architecture to decrypt, detect and prevent threats in all encrypted traffic at scale. Leverage an AI-driven sandbox to quarantine unknown attacks and stop patient zero malware. Inspect all traffic, all the time, whether a user is at home, at headquarters or on the go, to ensure everyone is consistently protected against encrypted threats. Terminate every connection to allow an inline proxy architecture to inspect all traffic, including encrypted traffic, in real-time — before it reaches its destination — to prevent ransomware, malware and more. Protect data using granular context-based policies, verifying access requests and rights based on context. Eliminate the attack surface by connecting users directly to the apps and resources they need, never to networks. To download the full report, see the 2022 State of Encrypted Attacks Report. Methodology Analysis of 24 billion blocked threats from October 2021 to September 2022 in the Zscaler cloud shows that all blocked threats came via encrypted channels, SSL and TLS. Wed, 14 Dec 2022 12:00:00 +0000 press@zscaler.com https://www.zscaler.com/press/zscaler-study-finds-more-85-attacks-now-use-encrypted-channels-malware-topping-attacks-2022 https://www.zscaler.com/press/womens-tennis-association-selects-zscaler-accelerate-secure-digital-transformation Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced the Women’s Tennis Association (WTA) has selected the Zscaler Zero Trust Exchange™ to protect its users, data, and infrastructure as they move away from legacy castle-and-moat security built on firewalls and VPNs to a cloud-first Zero Trust architecture. As part of this transition, the world leader in women’s professional sports will be leveraging Zscaler’s platform powered by the world’s largest security cloud to secure its hybrid and work-from-anywhere business model. The WTA is one of the world’s most recognizable and high-profile sports organizations, consisting of more than 1600 players representing approximately 87 nations. Comprising more than 50 events and four Grand Slams, the Hologic WTA Tour spans six continents and nearly 30 countries and regions. To manage all of these events and meet the demands of players, the media, and its global audience of over 900 million, the organization requires a highly mobile workforce with secure access to the internet and a host of SaaS and internal applications residing in private and public clouds. “WTA made Zscaler a focal point of our Zero Trust strategy,” said Paul Sheth, Head of Information Security at the WTA. “With Zscaler, we can enable our entire staff to work securely from anywhere two to three times faster than with competitive solutions. The Zscaler Zero Trust Exchange is more mature than other security platforms in the market and allows us to move away from third-party VPN solutions, thus minimizing the attack surface and eliminating additional point product purchases while also reducing operational overhead.” Recognizing the need to transition from a traditional castle-and-moat security architecture to a more secure, scalable, and cost-effective infrastructure, the WTA pivoted to a Security Service Edge (SSE) architecture, of which Zero Trust principles form the foundation. To accelerate its secure digital transformation initiatives, the organization then selected Zscaler as its trusted cloud security partner of choice. The WTA plans to implement Zscaler for Users, comprised of Zscaler Internet Access™, Zscaler Private Access™and Zscaler Digital Experience™, fundamental services on the Zero Trust Exchange platform, as each provides the association with the following critical capabilities: Provide WTA staff and authorized parties worldwide with fast, secure SaaS access and comprehensive visibility into internet traffic, including Secure Sockets Layer (SSL) encrypted traffic, and advanced threat protection. Supply secure and fast access to the WTA’s private applications in the private or public clouds. Improve the digital experiences for the hybrid workforce and cloud with a unified view of application, CloudPath, and endpoint performance metrics. Zscaler for Users provides the WTA with multilayered cyber threat protection as well as Zero Trust connectivity, which uses identity and business policies to control and secure the organization’s IT environment. The association can automatically achieve user-to-application segmentation to shrink the WTA’s attack surface and prevent lateral movement, data compromise, and loss. Further, more than 150 Zscaler points of presence (POP) reduce latency and ensure an enhanced user experience for WTA staff. “By selecting Zscaler, the WTA has not only accelerated its secure digital transformation but established an extensible and scalable zero trust foundation for future phases in its transformation journey,” said Steve House, Senior Vice President, Product Management at Zscaler. “We look forward to partnering with the WTA for years to come as it continues to adapt to meet the demands of its players, the media, and its global audiences.” Mon, 12 Dec 2022 12:00:00 +0000 press@zscaler.com https://www.zscaler.com/press/womens-tennis-association-selects-zscaler-accelerate-secure-digital-transformation https://www.zscaler.com/press/zscaler-study-finds-90-percent-global-enterprises-are-adopting-zero-trust More than 90% of organizations migrating to the cloud have implemented, are implementing, or are in the process to implement a zero trust architecture Only 22% of global IT decision-makers claim to be ‘fully confident’ their organization is leveraging the potential of their cloud infrastructure, presenting an opportunity for zero trust 68% agree that secure cloud transformation is not possible with legacy network security infrastructures or that Zero Trust Network Access (ZTNA) has clear advantages over legacy firewalls and VPNs ZTNA is the top priority for zero trust investments over the next 12 months – indicating the importance of remote access for the hybrid workplace Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, found that more than 90% of IT leaders who have started their migration to the cloud have implemented, are implementing, or are planning to implement a zero trust security architecture. Supporting the mass migration to zero trust to secure users and the cloud, more than two thirds (68%) believe that secure cloud transformation is impossible with legacy network security infrastructures or that ZTNA has clear advantages over traditional firewalls and VPNs for remote access to applications. This is according to The State of Zero Trust Transformation 2023 report, which draws on a global study of over 1,900 senior IT decision makers at organizations globally, which have already started migrating applications and services to the cloud. Zscaler’s research shows that against a backdrop of rapid digital transformation, IT leaders believe zero trust – built on the principle that no user, device or application should be inherently trusted – is the ideal framework for securing enterprise users, workloads and IoT/OT environments in a highly distributed cloud and mobile-centric world. Approached from a holistic IT perspective, zero trust has the potential to unlock business opportunities across the overall digitization process, from driving increased innovation to supporting better employee engagement, or delivering tangible cost efficiencies. The Leading Cloud Concerns IT leaders identified security, access and complexity as top cloud concerns, creating a clear case for zero trust to overcome these hurdles. When asked about legacy network and security infrastructures, 54% indicated they believed VPNs or perimeter-based firewalls are both ineffective at protecting against cyberattacks or providing poor visibility into application traffic and attacks. This further validates the findings that 68% agree that secure cloud transformation is impossible with a legacy network security infrastructure or that ZTNA has clear advantages over traditional firewalls and VPNs for secure remote access to critical applications. The Cloud Context – A Lack of Confidence While progress on zero trust is strong, Zscaler found that globally only 22% of organizations are fully confident they are leveraging the full potential of their cloud infrastructure, so while organizations have made solid initial steps on their cloud journey, there is a massive opportunity to capitalize on the benefits of the cloud. Regionally, the results vary with 42% of organizations in the Americas feeling fully confident in the use of their cloud infrastructure, compared with 14% of organizations across EMEA and 24% in APAC. While India (55%) and Brazil (51%) are leading on a country level followed by the US (41%) and Mexico (36%), European and Asian countries are less confident: in Europe, Sweden (21%) and the UK (19%) are leading followed by Australia (17%), Japan (17%) and Singapore (16%). The remaining European countries are lagging behind: The Netherlands with 14%, Italy (12%), both France and Spain at 11% and Germany with 9%. This chasm between the most progressive country being more than six times the most laggering country shows varying confidence levels of the cloud by region and further presents an opportunity for education and closing the skills gap. While at first glance security appears to stand in the way of fully realizing the full potential of the cloud, the motivations behind cloud migration suggest a more fundamental barrier in how IT leaders view the cloud. IT leaders cited data privacy concerns, challenges to securing data in the cloud, and the challenges of scaling network security as among the top barriers to embracing the cloud’s full potential. However, when asked about the main factors driving digital transformation initiatives in their organizations, the top three factors were cost reduction, managing cyber risk, and facilitating emerging technologies like 5G and Edge computing, suggesting there may still be a distinct lack of understanding around how to fully capitalize on its broader business benefits. Meeting the Hybrid Mix with Zero Trust IT leaders surveyed in Zscaler’s research predicted that in the next 12 months, their organizations’ employee base will continue to be fully embracing the different work style options available to them, split between full-time office workers (38%), fully remote (35%) and hybrid (27%). However, it also found that organizations may still be unequipped to handle the ever-evolving mix of hybrid working requirements. Globally, only 19% indicated that a hybrid work specific zero trust-based infrastructure is already in place, suggesting that organizations are not fully ready to handle the security of this highly distributed working environment on a broad scale. Next to those who have already updated their infrastructure, a further 50% are in the process of implementing or are planning a zero trust-based hybrid strategy. Employee user experience was mentioned as the top reasons for implementing a zero trust-based hybrid work infrastructure. More than half (52%) agreed that implementation would help tackle inconsistent access experiences for on-premise and cloud-based applications and data, 46% that it would tackle productivity loss due to network access issues, and 39% that using zero trust would allow employees to access applications and data from personal devices. These views reflect the wider challenge beyond security that hybrid working presents around access, experience and performance, and the role zero trust plays in response. The Potential of Zero Trust as a Business Enabler In line with the motivations behind cloud migration, Zscaler found that a focus on wider strategic outcomes is missing from how organizations are planning emerging technology initiatives. Asked about the single most challenging aspect of implementing emerging technology projects, 30% cited adequate security, followed by budget requirements for further digitization (23%). However, only 19% cited dependency on strategic business decisions as a challenge. While budget concerns are natural, the focus on securing the network while ignoring strategic business alignment suggests organizations are focused on security without a full understanding of its business benefit, and that zero trust itself is not yet understood as a business enabler. “The state of zero trust transformation within organizations today is promising – implementation rates are strong,” said Nathan Howe, VP of Emerging Tech, 5G at Zscaler. “But organizations could be more ambitious. There’s an incredible opportunity for IT leaders to educate business decision-makers on zero trust as a high-value business driver, especially as they grapple with providing a new class of hybrid workplace or production environment and reliant on a range of emerging technologies, such as IoT and OT, 5G and even the metaverse. A zero trust platform has the power to redesign business and organizational infrastructure requirements: to become a true business driver that doesn’t just enable the hybrid working model employees are demanding, but enables organizations to become fully digitized, benefiting from agility, efficiency and future-proofed infrastructure.” Zscaler makes four key recommendations for organizations to capitalize on zero trust: Not all zero trust offerings are created equal: It’s important to implement a true zero trust architecture built on the principle that no user or application is inherently trusted. It starts with validating user identity combined with business policy enforcement based on contextual data to provide users, devices and workloads direct access to applications and resources – never the corporate network. This eliminates the attack surface so threats can’t gain access to the corporate network and move laterally thus improving the security posture. Zero trust as enabler of transformation and business outcomes: With its increased levels of security, visibility and control, leverage holistic a zero trust-based architecture to remove the complexity from IT operations to allow organizations to focus on gaining improved business outcomes as part of their digital transformation initiatives and remain competitive. Zero trust for the boardroom: To align with business strategies, CIOs and CISOs should leverage the findings to help dispel fear, uncertainty and doubt around what zero trust means and to promote its full business impact with key decision makers. Zero trust-enabled infrastructures as foundation for the future: Emerging technologies need to be looked at as a competitive business advantage and zero trust will support the secure and performant connectivity requirements of emerging trends. Additional Resources To access the full The State of Zero Trust Transformation 2023 report, visit The State of Zero Trust Transformation 2023 report. Methodology ATOMIK Research surveyed 1,908 senior decision makers (CIOs / CISOs / CDOs / Head of Network Architecture) in EMEA (UK, Germany, France, The Netherlands, Sweden, Italy, Spain), AMS (USA, Mexico, Brazil) and APAC (Japan, India, Australia, Singapore). The research was conducted between 31 May and 28 June 2022. The sample comprised 43% of organizations of up to 4,999 employees, 32% of 5,000 up to 9,999 employees and 25% of 10,000 or more employees. Tue, 06 Dec 2022 12:00:00 +0000 press@zscaler.com https://www.zscaler.com/press/zscaler-study-finds-90-percent-global-enterprises-are-adopting-zero-trust https://www.zscaler.com/press/zscaler-achieves-fedramp-authorization-entire-zero-trust-exchange-platform-portfolio Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced that Zscaler Private Access (ZPA)™ has achieved FedRAMP Moderate authorization, making Zscaler the only cloud security service provider to have all core solutions comprising its portfolio of products - the Zscaler Zero Trust Exchange platform™ - now authorized through the U.S. Federal government’s FedRAMP program at High and Moderate levels. Government agencies and their contractors will be able to use Zscaler’s Zero Trust platform for systems that manage their most sensitive information and protect against cyber threats. “Five years ago Zscaler committed to achieving FedRAMP Moderate and High authorization for our entire Zero Trust platform. The Zscaler Zero Trust Exchange includes Zscaler Secure Web Gateway, the first TIC 3.0 cloud solution to be authorized by the FedRAMP office. Zscaler’s FedRAMP goals are complete, and today hundreds of Federal agencies and Defense Industrial Base (DIB) customers are using these platforms to secure their missions,” says Stephen Kovac, Chief Compliance Officer, Zscaler. “Additionally, Zscaler has completed IL5 certification on its zero trust platforms, which aligns with the release of the Pentagon’s zero trust strategy. In the coming months, you will hear more from our team. We will share our process and lessons learned as we’ve grown to become the Federal government’s most trusted cloud security provider. Our hope is that other organizations will benefit and likewise strengthen Federal cyber defenses.” The Zscaler Zero Trust Exchange is powered by the world’s largest security cloud, with more than 10 years of operational excellence enabling the processing of more than 250 billion daily transactions and stopping over seven billion threats and policy violations per day for the largest, most demanding organizations around the globe. Zscaler’s commitment to enabling security innovation across the public sector is underscored by related milestones including: Zscaler Advances Enterprise Data Security with Industry-First Zero Configuration Data Protection Zscaler Private Access Achieves DoD Impact Level 5 (IL5) Zscaler First SaaS Cloud Security Provider to Achieve StateRAMP Ready Status Zscaler is chosen to run a pilot program in support of Executive Order 14028 by the National Institute of Standards and Technology (NIST) Zscaler is a Leader in the 2022 Gartner Magic Quadrant for Security Service Edge (SSE), following up 10 consecutive years as a Leader in the Gartner Magic Quadrant for Secure Web Gateway Zscaler is First Zero Trust Remote Access Cloud Service to Achieve FedRAMP-High JAB Authorization ZIA™ receives Authorization to Operate (ATO) at the Moderate Impact level Zscaler Becomes the First Cloud Services Provider to Receive FedRAMP Authorization for a Dedicated Zero Trust Remote Access Platform The Zero Trust Exchange is a cloud-native security platform that securely connects any user, device, and application, regardless of location. Following the principle of least-privileged access, the platform establishes trust through user identity and context – including location, device, application, and content – and then creates secure, direct connections based on policy enforcement. The platform supports IT federal mission transformation by reducing costs, eliminating the internet attack surface, and preventing lateral movement of threats while providing an excellent user experience. For more information read Zscaler’s blog on becoming FedRAMP authorized across its entire Zero Trust Exchange platform. Wed, 30 Nov 2022 12:00:00 +0000 press@zscaler.com https://www.zscaler.com/press/zscaler-achieves-fedramp-authorization-entire-zero-trust-exchange-platform-portfolio https://www.zscaler.com/press/zscaler-hosts-emea-partner-summit-under-the-motto-growing-together-secured-by-mastering-zero-trust Zscaler Inc., the leader in cloud security, launched its first EMEA-wide Partner Summit under the motto of strong collaboration and a joint growth strategy with the channel. From November 15-17, about 150 participants from service providers, system integrators, VARs, and distributors from across Europe and the Middle East gathered in Palma de Mallorca. The participants networked and undertook an extensive training programme around the Zscaler Zero Trust Exchange platform, enabling customers to securely transform to agile and resilient business operations. Partner enablement is at the heart of Zscaler's support for transformation projects to zero trust-based infrastructures at the customer's site. Training and certification on the cloud platform's portfolio in the areas of Zscaler for User, Zscaler for Workloads and Zscaler for IoT/OT were part of the supporting programme at the Partner Summit, providing updates on the service portfolio, packaging and sales best practices. "The Security Service Edge (SSE) approach to the identity-based zero trust model for granular, secure access to any asset requires Zscaler and its partners to show prospects the capabilities of the new security model for the holistic transformation of a digital business model," said Kadir Erol, EMEA Director Channel & Alliances Zscaler. "Our partners are an integral part of the success concept." The transformation from hardware-based security infrastructures to a flexible security service edge approach based on zero trust enables organizations of all sizes to securely transform to a future-proof cloud-based business operation where employees, workloads, and digital production can be secured from a single platform. Instead of managing complex architectures, there is a flexible approach that provides identity-based access to required applications, workloads, or devices for third parties. As part of the award night of the Partner Summit, the awards for the EMEA Partner of the Year 2022 in ten categories were also presented. These partners were awarded in the various categories based on jointly generated revenue, their commitment to collaboration in deals and their expertise as Zero Trust experts who have implemented holistic transformation projects involving application, network and security architectures: EMEA Partner of the Year: Telefonica EMEA Service Provider of the Year: Orange Business Services EMEA Systems Integrator of the Year: NTT EMEA Value Added Reseller of the Year: Softcat EMEA International Partner of the Year: Infosys EMEA Transformation Partner oft he Year: BT EMEA North Partner of the Year: HCL EMEA South Partner of the Year: Deutsche Telekom EMEA Growth Partner of the Year: Sirar by STC EMEA Technical Partner of the Year: Xalient EMEA Partner Enablement Innovation: Westcon A special prize was awarded for innovation in Partner Enablement to distribution partner Westcon-Comstor. They designed a virtual lab environment which helps partners and their customers make Zscaler's offering transparent with ecosystem partners such as Crowdstrike and Okta. “At Zscaler’s first ever EMEA Partner Summit, it was great to meet with so many partners and experience the passion of bringing our cloud-based solutions to the customer. On behalf of the EMEA ecosystem at Zscaler, I would like to thank all of our partners for the trust and integrity they put into our partnership,” added Todd Meister, Senior Vice President, Global Partners & Alliances, Zscaler. “Living up to our motto „growing together, secured“ we will stay committed to enable our partners to grow their revenue with us based on our innovations in Zero Trust to accelerate customers’ journeys towards a more secure experience.” To learn more on the benefits of our partner program, please visit the Zscaler Partner Program page. Thu, 24 Nov 2022 12:00:00 +0000 press@zscaler.com https://www.zscaler.com/press/zscaler-hosts-emea-partner-summit-under-the-motto-growing-together-secured-by-mastering-zero-trust https://www.zscaler.com/press/zscaler-expands-partnership-zoom-unveiling-new-integration-zooms-quality-service-subscription Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced new integrations with Zoom Video Communications, Inc. that connect the Zscaler Digital Experience™ (ZDX) monitoring service with Zoom’s Quality of Service Subscription (QSS) offering. The integrated solution gives enterprises’ IT and helpdesk teams near real-time quality performance metrics and analytics for all remote office employees. The details provided by higher-quality telemetry data help IT teams quickly troubleshoot issues within devices, networks, or services that impact employee collaboration to improve productivity and user experience. “The number of user-reported quality issues has increased as more hybrid workers rely on Zoom to stay connected and productive. This has put additional strain on Operations Teams including NetworkOps, ITOps, and Service Desk teams, who are expected to respond in real-time,” said Dhawal Sharma, Vice President and General Manager at Zscaler. “The new integrations with Zoom augment our existing integrations with Zoom APIs to provide IT and helpdesk teams with granular and real-time insights based on device, network, and application performance that quickly expose the root cause of user experience and reduces Mean Time to Resolution for user-reported issues.” Zscaler’s expanded integration with QSS provides access to detailed telemetry data that allows teams to make real-time decisions that ensure the best Zoom experience. Based on event notifications, QSS enables IT teams to gather insights from an unlimited number of hosts, users, and participants. The new capabilities that will be available through Zscaler ZDX also give IT operations and helpdesk teams access to additional benefits, including: Enterprise-wide quality monitoring and analytics: With the QSS integration, IT teams can now obtain detailed performance metrics and actionable insights for every user’s Zoom session within their organization - no matter its size. By leveraging ZDX’s integrated view which combines metrics from QSS with network, device, and application performance, IT can monitor the quality of all Zoom sessions, across the enterprise at all times. Real-time detection and troubleshooting: Zscaler’s integration with QSS provides users with near real-time and granular call quality metrics that offer a clearer understanding of Mean Opinion Scoring (MoS) data. By melding these insights with device and network performance metrics, IT teams can monitor Zoom quality, detect degradation, and fix root causes in real-time, even while the meeting, webinar, or phone call is in progress. Immediate time to value: The new integrations help improve efficiency by automating configurations and alert parameters. ZDX automatically baselines typical user experiences for each user, and can now alert IT teams when call quality deviates from learned baselines. This allows support teams to rapidly respond, isolate the root cause, and arm the right device, network, or application teams with the insights they need to resolve the issue. “As more organizations provide the necessary tools to support a growing and thriving remote workforce, it's incredibly valuable to have near real-time, precise metrics and understanding of Zoom quality performance,” said Velchamy Sankarlingam, President of Product, and Engineering at Zoom. “We’re excited about the ZDX and QSS integration and are looking forward to helping our customers ensure seamless collaboration through flawless Zoom experiences.” “The integration work Zscaler and Zoom have executed on over the last year helps ensure that device-to-application connectivity issues can be quickly and effortlessly identified and resolved before they cause work and communications disruptions,” said Christopher Rodriguez, Research Director at IDC. “Expanding Zscaler’s monitoring and troubleshooting capabilities with comprehensive, near real-time metrics and actionable insights can provide IT and helpdesk teams a holistic approach to unified communications services for hybrid working employees.” Zscaler will demonstrate the new integrations and ZDX capabilities at the 2022 Zoomtopia User Conference, taking place November 8-9 in Booth 6. Tue, 08 Nov 2022 12:00:00 +0000 press@zscaler.com https://www.zscaler.com/press/zscaler-expands-partnership-zoom-unveiling-new-integration-zooms-quality-service-subscription https://www.zscaler.com/press/zscalers-longest-standing-customer-arc-mid-hudson-advances-security-capabilities-mobile Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced that its first and long-standing customer of more than 15 years, The Arc Mid-Hudson, is leveraging the power of the Zscaler Zero Trust Exchange™ security platform to support its transition from a site-based human services provider to a remote and highly mobile service model. To support this significant shift, the Zscaler Zero Trust Exchange plays a critical role in securing The Arc Mid-Hudson’s employees, safeguarding customer information, and maintaining data protection compliance with stringent healthcare privacy regulations. A Zscaler customer since 2007, The Arc Mid-Hudson is a not-for-profit human services organization in New York State dedicated to supporting more than 1,300 individuals with intellectual and developmental disabilities. The Arc Mid-Hudson has over 50 remote sites and approximately 1,230 employees primarily involved in client care services. Employees who work onsite at residential facilities or engage with clients out in the community require secure, reliable access to resources from both company-owned and personal devices. “The Zscaler Zero Trust platform helps ensure that the systems used by our employees work as smoothly, efficiently, and securely as possible without getting in the way of providing the highest level of care for our clientele,” said Kenneth Dales, CIO at The Arc Mid-Hudson. “We've relied on Zscaler’s cloud-native platform to accelerate our secure digital transformation initiatives and implement new security capabilities rapidly. And, for the most part, I'd say we've been moving at a rapid pace in that regard.” Zscaler’s platform was implemented as part of a multi-agency collaborative; the merger of two of these organizations formed what is now known as The Arc Mid-Hudson. Today, the organization is using Zscaler Internet Access for fast and secure internet and SaaS access for its diverse, hybrid workforce. Zscaler provides scalable, high-performance, and consistent protection for employees, no matter where they are or what device they are using. The Arc Mid-Hudson is diligent about maintaining data integrity to comply with the Health Insurance Portability and Accountability Act (HIPAA) and the New York SHIELD Act, which has similar provisions. Healthcare compliance regulations require healthcare organizations to follow a strict set of rules for data-sharing and disclosure of protected health information (PHI). If security breaches do occur, penalties can be severe. While cloud technologies are helping healthcare providers like The Arc Mid-Hudson improve their standard of care and provide better information, client data now travels over internet connections, potentially exposing it to breaches and attacks. In an effort to keep up with compliance standards, The Arc Mid-Hudson deployed Zscaler’s proxy-based architecture with Secure Sockets Layer (SSL) inspection to monitor traffic to and from the organization for hidden malicious code, data exfiltration and other misuses of SSL encryption. The solution accomplishes this without performance degradation or increasing latency. The organization also added Zscaler’s Nanolog Streaming Service (NSS) capabilities to stream logs from users and locations into The Arc Mid-Hudson’s security information event management (SIEM) software for deeper analysis, compliance assurance in the area of log archiving, and comprehensive reporting. Implementation of SSL and NSS capabilities are part of a larger data protection and integrity initiative at The Arc Mid-Hudson. The Arc Mid-Hudson has seen many positive outcomes from its Zscaler deployment for both IT and customer service teams, including substantial savings by eliminating hardware and associated CapEx / OpEx costs, fewer risks from onsite equipment failure, and the ability to rapidly respond to security issues or necessary configuration changes. “When we first introduced Zscaler’s foundational secure web gateway technology, we recognized the increased growth in employee mobility and their desire to access work-related applications that were already starting to migrate to the cloud,” said Srikanth Devarajan, VP & GM, Zero Trust for Workloads - and founding engineer, Zscaler. “This new and rapidly emerging workstyle, hinged on mobility and the cloud, drove our vision to completely rearchitect security and disrupt the decades-old model of hub-and-spoke networks secured with ineffective firewalls and VPNs,” said Narinder Paul, VP & GM, Data Protection and founding engineer, Zscaler. “It is extremely rewarding to redefine network security by introducing the world’s largest in-line security cloud platform that uses policy enforcement to connect users directly to applications and resources – never the corporate network – has now become a reality and is currently protecting thousands of enterprises globally.” For more details about Zscaler solutions, visit: Zscaler Zero Trust Exchange Thu, 27 Oct 2022 12:00:00 +0000 press@zscaler.com https://www.zscaler.com/press/zscalers-longest-standing-customer-arc-mid-hudson-advances-security-capabilities-mobile https://www.zscaler.com/press/zscaler-advances-enterprise-data-security-industry-first-zero-configuration-data-protection Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced new data protection innovations that build upon a rich heritage of securing data across all cloud apps for data in motion, data at rest, and BYOD assets with unprecedented accuracy and scale. The new advancements accelerate data protection programs from months to hours with zero configuration for data loss prevention (DLP). This mitigates security risks by unifying data protection across all channels, simplifying operations by automating workflows. In today’s highly-mobile and cloud-centric world, data is created and distributed across hundreds of applications and workloads, escalating organizations’ risk of data loss. Enterprises’ inability to protect distributed data is reinforced in the findings of the new 2022 Data Loss Report by the Zscaler ThreatLabz research team. ThreatLabz found that 36% of cloud application data is accessible via the open internet. Analysis of nearly 6 billion data loss policy violations revealed that organizations experience an average of 10,000 potential data loss events daily resulting in losses greater than $4.35 million.¹ Traditional DLP solutions can't secure distributed data and require a massive amount of resources to configure, maintain and manage, which can be costly and result in months to implement, putting organizations at risk. Concurrently, the lack of automated workflows prevents security teams from managing critical risks leading to elongated mitigation timelines and unresolved incidents. To make matters worse, the reliance on separate point products for different channels causes increased risk, reduced visibility and inconsistent policies. Organizations that have not deployed a unified zero trust strategy suffer an additional $1 million loss on average¹, indicating that data protection can not be a standalone endeavor. “Building on eight years of data protection innovations, Zscaler has employed advanced auto-classification capabilities to accelerate setup and reduce security team overhead and costs,” said Moinul Khan, Vice President & General Manager, Data Protection, Zscaler. “Unlike other data protection solutions, this ensures that Zscaler Data Protection works for the IT administrator, rather than having the IT administrator work for it. In addition, the technology we acquired from the recently announced ShiftRight acquisition allows organizations to manage hundreds of potential risks and incidents in a simple yet very sophisticated way to reduce case resolution time significantly." The recently introduced security category, security service edge (SSE), reinforces the market’s need for unified data protection as part of a larger, purpose-built security platform. These advancements to the Zero Trust Exchange, aligned to SSE principles, further Zscaler’s position as a leader in data protection by empowering security teams with: Expedited Deployment Cycles with Zero Configuration DLP: Utilizing the scale of the world’s largest security cloud that processes 170 million files per day, the new zero configuration DLP capabilities auto classify all organizational data, thereby accelerating the deployment of data protection programs. Mitigated Security Risks by Unifying Data Protection Across all Channels: The addition of endpoint, and email data protection capabilities adds to the existing support of web, SaaS, IaaS, PaaS and private apps. This removes the need for point products, decreasing security risks and management complexity by unifying policies across channels. Simplified Operations through Automated Workflows: Advanced closed-loop incident management delivers actionable insights and automates workflows to respond to potential security risks in a timely and effective manner. “Securing data is always a challenge due to complex workflows and inconsistent protection strategies and coverage across users and devices," said Bashar Abouseido, CISO, Charles Schwab. "With Zscaler, that has all changed, as we now have one unified platform with full visibility and policy control while drastically streamlining our processes.” "Zscaler is one of the most seamless, straightforward deployments I've seen in a while,” said Thomas Likas, Head of Cyber & Digital Trust Enterprise Architecture, Takeda. “Their comprehensive and unified approach to protecting data across all channels helps us transform and evolve our data protection program, ensuring sensitive data remains secure from accidental loss or malicious exfiltration.” “The DLP market has long suffered from complexity and efficacy issues due to the need for time-intensive, manual configuration and management,” said John Grady, Senior Analyst, Enterprise Strategy Group (ESG). “Zscaler’s massive data set, garnered from the 250 billion transactions its security cloud processes every day, provides impressive scale and a key differentiation in the market. This scale enables greater visibility and accuracy, which translates into ease of use, better efficiencies, and lower costs for customers.” 1. Zscaler, 2022 ThreatLabz Data Loss Report, October 18, 2022 Additional Resources For a deeper dive into the new Data Protection features, please visit. The 2022 ThreatLabz Data Loss Report, in which the Zscaler ThreatLabz research team has analyzed nearly 6 billion data loss policy violations from November 2021 through July 2022, can be downloaded here. Tue, 18 Oct 2022 12:00:00 +0000 press@zscaler.com https://www.zscaler.com/press/zscaler-advances-enterprise-data-security-industry-first-zero-configuration-data-protection https://www.zscaler.com/press/zscaler-announces-resignation-amit-sinha-president-sinha-remain-board-directors Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced that Amit Sinha has accepted a CEO position at a privately-held technology company and will resign from Zscaler effective October 21, 2022. Dr. Sinha will continue his role as a member of the company's Board of Directors. Functions of R&D, Cloud Operations and Customer Support that reported to Dr. Sinha will now report directly to Jay Chaudhry, Chairman and CEO. “I'd like to thank Amit for his outstanding contributions to Zscaler over the past 12 years in multiple roles including most recently as President. His technical brilliance and people leadership has helped grow Zscaler into the market leader in cloud security,” said Chaudhry. “With strong and talented leaders in R&D, cloud operations and customer support, Zscaler will continue to drive our customer-centric growth strategy and innovate on our cloud platform and offerings.” Chaudhry continued, “I am pleased that Amit will remain on the Board of Directors of the company as a trusted advisor and strong supporter of Zscaler as we continue to scale our business to our $5 billion ARR target and beyond.” Dr. Sinha said, “It has been my great honor to serve as President of the company and to partner with Jay and the Zscaler team over the last twelve years to build the leading cloud security provider. The decision to leave this incredible team was difficult, as I pursue my career aspirations to become a CEO. I am confident in Zscaler's continued success and industry leadership in the coming years, and look forward to continuing my contributions as a board member.” Forward Looking Statements This press release contains forward-looking statements that are based on our management's beliefs and assumptions and on information currently available to our management. Additional risks and uncertainties are set forth in our most recent Annual Report on Form 10-K filed with the Securities and Exchange Commission (“SEC”) on September 15, 2022, which is available on our website at ir.zscaler.com and on the SEC's website at www.sec.gov. Any forward-looking statements in this release are based on the limited information currently available to Zscaler as of the date hereof, which is subject to change, and Zscaler will not necessarily update the information, even if new information becomes available in the future. Mon, 10 Oct 2022 12:00:00 +0000 press@zscaler.com https://www.zscaler.com/press/zscaler-announces-resignation-amit-sinha-president-sinha-remain-board-directors https://www.zscaler.com/press/zscaler-acquires-shiftright-integrate-security-workflow-automation-technology-zero-trust Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced it has completed its acquisition of ShiftRight, a leader in closed loop security workflow automation. ShiftRight’s workflow automation technology is currently being integrated into the Zscaler Zero Trust Exchange™ cloud security platform to automate security management for the growing influx of risks and incidents organizations are experiencing. This integration will provide a simple, sophisticated solution to reduce incident resolution time dramatically. “I am excited to welcome the ShiftRight team into the Zscaler family,” said Jay Chaudhry, CEO, chairman and founder of Zscaler. “The decision to acquire ShiftRight was the logical next step because we saw the immense benefits of their technology during our pre-existing technology partnership. We will now extend the value of Zscaler’s platform with ShiftRight by simplifying IT and security operations through security workflow automation. The integration of ShiftRight’s technology into Zscaler’s cloud platform will help customers establish clear lines of responsibility and provide real-time visibility for their security posture.” Security teams are held accountable, but are not directly responsible, for many security-related actions. This misalignment has become a source of contention for organizations as the security landscape becomes crowded, fragmented and complex. In practice, the responsibility for cybersecurity is distributed throughout multiple teams in an organization. Security teams are forced to work with multiple distinct groups to keep users and data properly secured. The current working model is an ineffective patchwork of error-prone spreadsheets interlaced with disparate systems where critical security issues fall through the cracks. “ShiftRight is a natural fit for the Zscaler Zero Trust Exchange by automating accountability and responsibility management for security teams,” said Sanjay Kalra, CEO of ShiftRight (now a part of Zscaler). “As an integrated capability into Zscaler’s platform, ShiftRight’s technology will strengthen Zscaler’s offerings and transform security into a collaborative solution for internal teams to tackle numerous security challenges, like remediation, deployment, compliance and upgrades.” The transaction closed in Zscaler’s fiscal fourth quarter ended July 31, 2022. Terms of the transaction were not disclosed. Forward-Looking Statements This press release contains forward-looking statements that are based on our management's beliefs and assumptions and on information currently available to our management. These forward-looking statements include the expected benefits of the acquisition to Zscaler’s product offerings and to our customers. These forward-looking statements are subject to the safe harbor provisions created by the Private Securities Litigation Reform Act of 1995. A significant number of factors could cause actual results to differ materially from statements made in this press release, including those factors related to our ability to successfully integrate ShiftRight technology into our cloud platform and our ability to retain key employees of ShiftRight after the acquisition. Additional risks and uncertainties are set forth in our most recent Annual Report on Form 10-K filed with the Securities and Exchange Commission (“SEC”) on September 15, 2022, which is available on our website at ir.zscaler.com and on the SEC's website at www.sec.gov. Any forward-looking statements in this release are based on the limited information currently available to Zscaler as of the date hereof, which is subject to change, and Zscaler will not necessarily update the information, even if new information becomes available in the future. Thu, 29 Sep 2022 12:00:00 +0000 press@zscaler.com https://www.zscaler.com/press/zscaler-acquires-shiftright-integrate-security-workflow-automation-technology-zero-trust https://www.zscaler.com/press/zscalers-2022-vpn-report-vpn-exploits-grow-80-percent-organizations-shift-towards-zero-trust Key Findings: 68% of executives surveyed say their focus on remote work accelerated the priority of Zero Trust Security projects, up from 59% in 2021 Nearly half of all IT professionals surveyed witnessed an increase in exploits targeting their VPNs since adopting remote work 65% of companies are considering adopting VPN alternatives; organizations should be warned of misleading legacy cloud-based VPN offerings masqueraded as Zero Trust security Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today released the findings of its annual VPN Risk Report, conducted by Cybersecurity Insiders, which shows a growing number of VPN-specific security threats and a need for Zero Trust security architecture in enterprise-level organizations. The 2022 report surveyed over 350 IT professionals in North America at organizations with global workforces. Despite high awareness of VPN risks, remote work forced many companies to rely more heavily on legacy access methods during the pandemic. At the same time, cybercriminals continue to take advantage of long-standing security vulnerabilities and increased attacks on VPNs. This year’s Zscaler VPN Risk Report includes analysis of the state of the remote access environment, the most prevalent VPN risks, and the growth in adoption of Zero Trust. “As evident in several high profile breaches and ransomware attacks, VPNs continue to be one of the weakest links in cybersecurity. Their architecture deficiencies provide an entry point to threat actors and offer them an opportunity to move laterally and steal data,” said Deepen Desai, Global CISO of Zscaler. “To safeguard against the evolving threat landscape, organizations must use a Zero Trust architecture that, unlike VPN, does not bring the users on the same network as business-critical information, prevents lateral movement with user-app segmentation, minimizes the attack surface, and delivers full TLS inspection to prevent compromise and data loss.” Zero Trust Secures Remote Access While more and more companies have employees returning to the office, 95 percent of surveyed workplaces still rely on VPNs to support a combination of hybrid and distributed work environments that often span multiple geographies. In addition to remote employees, large organizations often extend network access to other external stakeholders, including customers, partners, and contractors. In many cases these users are connecting from untrusted devices on insecure networks, are granted far more freedom than necessary, and result in additional security risks. Unlike cumbersome, insecure VPNs, Zero Trust architecture improves organizational security posture without sacrificing the user experience. In addition, Zero Trust allows IT teams to keep the location of their network and applications secret, reducing the attack surface and threat of internet-based attacks. Status Quo Falls Behind as VPN Risks Continue To Grow The increase in the number of remote workers across industries has resulted in a sharp spike in cyberattacks that are tailor-made to target VPN users. As VPNs grant a greater degree of trust to users when compared to Zero Trust architecture, cybercriminals are more active in seeking to gain unauthorized access to network resources through exposed attack surfaces. According to the report, 44 percent of cybersecurity professionals have witnessed an increase in exploits targeting their business VPNs in the last year, demonstrating the risks associated with this technology when deployed to support remote users. Legacy network security architectures are pervasive and deeply entrenched in corporate data centers, making it difficult to challenge the status quo and adopt new architectures. So it should come as no great surprise that nearly all of the organizations surveyed continue to use VPNs despite knowing they are being targeted by ransomware and malware. Meanwhile, incumbent network security vendors have a vested interest in maintaining the remote access status quo. Organizations should be wary of legacy network access approaches that rely on cloud-based VPN, and examine vendors’ architectures to understand whether they will bring significant benefits in risk reduction and user experience. VPN technology carries the same fundamental shortcomings and risks in cloud virtual machines as it does on appliances, and should be avoided in favor of more modern approaches. VPN Alternatives Gain Traction Ongoing risks from legacy VPNs have created a gradual shift towards Zero Trust Security, which provides greater control and flexibility for effective remote access management. 78 percent of organizations surveyed for the VPN Risk Report indicated that their future workforce will be hybrid, creating an ongoing need for this type of security infrastructure in the enterprise. Since the shift to remote and hybrid work environments, 68 percent of surveyed companies have indicated that they are accelerating their Zero Trust projects. Unlike VPNs, Zero Trust architecture treats all network communications as potentially hostile and requires tightening access using identity-based validation policies. This ensures IT and security teams can restrict users from off-limits applications and prevent malicious intruders from taking advantage of granted access to move laterally within the network. Zero Trust security architecture also reduces network risk by eliminating the attack surface, masking activity from internet-based threats and connecting them directly to the applications and resources they need. Click here to download and read the 2022 VPN Risk Report. For those considering adopting zero trust as a guiding principle for architecting a secure network, An Architect’s Guide to the Zscaler Zero Trust Exchange e-book can be found here. Methodology The 2022 Zscaler VPN report is based on the results of a comprehensive online survey of 351 IT and cybersecurity professionals. The survey was conducted in June 2022 to identify the latest enterprise adoption trends, challenges, gaps, and solution preferences related to VPN risk. The respondents range from technical executives to IT security practitioners, representing a balanced cross-section of organizations of varying sizes across North America with global workforces. Mon, 26 Sep 2022 12:00:00 +0000 press@zscaler.com https://www.zscaler.com/press/zscalers-2022-vpn-report-vpn-exploits-grow-80-percent-organizations-shift-towards-zero-trust https://www.zscaler.com/press/zscaler-announces-deeper-integrations-crowdstrike-enable-superior-threat-detection-zero-trust Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced new security detection capabilities available through its Zero Trust ExchangeTM cloud security platform and the CrowdStrike XDR platform as part of its expanded partnership with industry-leading CrowdStrike. Joint ZscalerTM and CrowdStrike customers now have unparalleled endpoint and network visibility across their entire enterprise to more effectively correlate diverse sets of data sources to identify new indicators-of-compromise (IoCs) while turning suspicious signals into concrete threat detections. The expanded integration builds on CrowdStrike’s recent announcement to name Zscaler as its Ecosystem Go-to-Market Partner of the Year for 2022 and is expected to help organizations of all sizes better identify ransomware and other threats when adopting a Zero Trust architecture. “Cross-platform automated workflows will drastically improve accuracy allowing us to stay ahead of the most sophisticated cyber threats,” said Gary Eppinger, Vice President Of Technology and CISO at CSX. “Having leveraged both the Zscaler and CrowdStrike Falcon platforms and their zero trust integrations to reduce the attack surface, we're excited to see them expand their co-innovations to help us detect and respond to threats faster and easier.” Today, businesses suffer from trying to manage too many siloed security solutions that limit visibility into systems for the purposes of threat detection and decrease security teams’ abilities to find and react to increasing volume of sophisticated attacks. This is particularly difficult in workplaces where a large portion of the employees work from anywhere. By synchronizing their Zscaler policy engine with the CrowdStrike Falcon Fusion (SOAR) workflows, IT administrators can now have access to the following new capabilities: Integrated closed-loop response: Based on newly detected threat or suspicious activity found within CrowdStrike Falcon Insight XDR, customers can trigger direct response actions from detections or leverage CrowdStrike Falcon Fusion workflows to change user group membership and apply adaptive access control policies to limit or prevent access to critical information through the Zscaler Zero Trust Exchange. Integrating these workflows helps apply more comprehensive zero trust policies to protect systems without compromising on flexibility users need to stay productive, reacting with more granularity based on the severity and confidence of the threat detection from CrowdStrike. Rich, unified context for investigations: Incorporating network telemetry from Zscaler in Falcon Insight XDR provides greater context for security analysts, speeding the ability to detect, investigate and respond to the most advanced attacks from CrowdStrike’s unified command console. Closed-loop Full-cycle Incident Response: Building on Zscaler’s existing partnership with CrowdStrike, customers can now enable closed-loop threat analytics, detection and response workflows from endpoint, to network and applications anywhere. “Zscaler has been among the first of our partners in integrating into the CrowdXDR Alliance,” said Michael Rogers, Vice President of Global Alliances at CrowdStrike. “With this new integration, our joint customers will gain the ability of unparalleled visibility across enterprise infrastructure across devices, users, and applications, turning signals to insight, and automating response actions with one unified, threat-centric command platform.” In addition, Zscaler has been awarded the Ecosystem Go-to-Market Partner of the Year during CrowdStrike Fal.Con 2022. This award recognizes technology partners in the CrowdStrike partner ecosystem that exceed revenue expectations, outpace the investment in CrowdStrike training and enablement, have been nominated by the CrowdStrike team and create successful customer relationships through the delivery of CrowdStrike-based solutions. “Our focus has always been on fostering a customer-first mindset and incorporating their feedback into expanding and improving our integrations. A large number of our customers have deployed our joint solution in mission-critical environments and their feedback has helped our company greatly,” said Punit Minocha, Executive VP, Business and Corporate Development at Zscaler. “Another notable achievement is that Zscaler has recognized CrowdStrike as our Go-to-Market Partner of the Year earlier this summer. It’s no surprise that our mutually supportive efforts have helped to advance and strengthen our alliance tremendously.” Zscaler and CrowdStrike will showcase the new joint capabilities in a breakout session at Fal.Con 2022 on September 19 - 21, 2022. For more information on this breakout session, please see the event agenda. Tue, 20 Sep 2022 12:00:00 +0000 press@zscaler.com https://www.zscaler.com/press/zscaler-announces-deeper-integrations-crowdstrike-enable-superior-threat-detection-zero-trust https://www.zscaler.com/press/zscaler-achieves-carbon-neutral-status-and-establishes-new-goal-reach-net-zero-2025 Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced that it has achieved carbon neutral status for 2022 and has set a new goal to reach net zero emissions by 2025. These significant milestones build on Zscaler’s recent success of reaching 100% renewable energy across its global offices and 150 distributed data centers that operate the Zscaler Zero Trust Exchange™ security cloud, the largest inline security cloud in the world. The new net zero goal and continued support for renewable energy demonstrate Zscaler’s commitment to mitigating global climate change and support the transition to a low-carbon economy. “As we continue focusing on supporting our customers, it is important that we make a positive impact on our planet,” said Jay Chaudhry, CEO, Chairman, and Founder of Zscaler. “Zscaler partners with IT Leaders to modernize their operations through a Zero Trust security approach that eliminates the need for on-premises security appliances, resulting in decreased IT waste and reduced energy usage – all while working towards our common carbon reduction objectives.” Zscaler achieved its carbon neutral status for calendar year 2022 through a combination of renewable energy credits (RECs) and carbon offset purchases, matching its projected electricity consumption and carbon emissions, respectively. Efforts included working with an external third-party on a verified carbon inventory methodology and quantifying total emissions. Zscaler addressed scope 2 emissions by updating its data center selection process to incorporate renewable energy usage criteria. Zscaler then purchased RECs that support local wind and solar projects. Scope 1 and broader scope 3 emissions from offices, business travel, and procurement along with customer and public cloud usage, were offset through permanent and additional carbon credits from third-party verified projects. Zscaler recognizes the urgent need to mitigate its climate impact today through the use of high-quality offsets and believes that further reductions are necessary. Looking forward, the company will aim to develop pathways towards net zero emissions that are aligned with climate science by critically evaluating its operations and working with suppliers to further environmental impact reductions. Customers leveraging the Zscaler Zero Trust Exchange™ can have the confidence that they are working with a partner that supports building business resilience, enabling work from anywhere, and unlocking innovation. By partnering with Zscaler, businesses of all sizes also benefit from reducing their impact on the planet – retiring costly legacy security appliances and moving security services to an inherently more efficient Zero Trust architecture. In committing to a net zero goal, Zscaler continues to align closely with their customers’ values – working towards creating a better, more secure future together. Customer Quotes: “With Zscaler, we are able to protect our global workforce from potential cyberattacks while also reducing our carbon footprint by moving applications that we use to the cloud,” said Stuart Parry, Regional Vice President, Net Zero Cloud, Salesforce. “Salesforce is also happy to count Zscaler as a customer of Net Zero Cloud, Salesforce’s complete sustainability data management solution, as we work together to reach net zero global emissions.” “By deploying the Zscaler solution, we are able to accelerate our transition to cloud-based services. Reducing our dependence on energy-intensive on-premises security systems helps with our goal to become carbon neutral by 2030,” said Mayuresh Purandare, Head of IT Infrastructure and Security, Marico. “It is important that we align ourselves with technology partners that also have carbon reduction goals.” For more information, please see our ESG website: https://www.zscaler.com/corporate-responsibility Thu, 08 Sep 2022 12:00:00 +0000 press@zscaler.com https://www.zscaler.com/press/zscaler-achieves-carbon-neutral-status-and-establishes-new-goal-reach-net-zero-2025 https://www.zscaler.com/press/zscaler-zero-trust-exchange-security-platform-meets-c5-requirements-bsi München, 23. August 2022 - Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, has received confirmation of its compliance with the requirements of the German Federal Office for Information Security (BSI) C5 catalogue for cloud infrastructure across its 150 global data centers, as approved by an independent auditor. The BSI's current C5 standard covers 125 requirements in 17 areas and builds on ISO 27001 and 27017 certifications to provide authorities and companies with detailed information on the operation, availability and organization of the information security and physical security of tested cloud providers. The report demonstrates Zscaler‘sTM ongoing commitment to maintaining the security controls required to operate its Zero Trust ExchangeTM cloud infrastructure, building on federal agency standards. The Cloud Computing Compliance Criteria Catalogue (C5) specifies the minimum information security requirements of a cloud service provider. Organizations thus receive transparency when it comes to the security controls of a prospective cloud service, which can be used for the selection of the provider as well as for their own risk management and assessment. In order to support the insight of customers, the C5 report lists information about the general operating conditions, availability and incidence handling, as well as the location of the provider‘s data centers and subcontracting partners. Through the compliance audit, Zscaler's global security cloud has demonstrated that it meets the requirements for cloud providers that German authorities and public institutions must take into account when selecting a provider. “We have added the BSI C5 attestation to our wide range of globally recognised independently audited certifications for the Zscaler Zero Trust Exchange,” comments Marc Lueck, CISO EMEA. “This new external report adds further evidence to the fact that the Zscaler cloud is already leading, both from a provision of security standpoint as well as for the security of our platform itself and gives customers the confidence they are seeking in their selection process.” "Zscaler as the leading cloud security company continues to build out our global compliance portfolio, C5 was viewed as a critical certification to in order support the German government and companies. We believe the C5 criteria catalogue provides authorities and companies with guidance for the selection of a provider," says Kumar Severaj, Senior Director of Compliance at Zscaler Inc. "Our available processes, policies and measures with regard to the required security of the cloud offering have been examined on the basis of the C5 catalogue of requirements, so that authorities and increasingly more privately organised institutions can use them for their own risk assessment." The Zscaler cloud platform delivers a validated solution to public and private organizations to securely access cloud, internet, and Software-as-a-Service (SaaS) applications from any device or location while meeting or exceeding government requirements and the latest addition of an attestation builds on recent Zscaler certifications including: ZIA™ achieved FedRAMP-High Authorization ZPA™ achieved FedRAMP-High JAB Authorization ZIA™ received Authorization to Operate (ATO) at the Moderate Impact level Further information about Zscaler’s certification can be found on the compliance website. Zscaler™ and the other trademarks listed at https://www.zscaler.com/legal/trademarks are either (i) registered trademarks or service marks or (ii) trademarks or service marks of Zscaler, Inc. in the United States and/or other countries. Any other trademarks are the properties of their respective owners. Tue, 23 Aug 2022 12:00:00 +0000 press@zscaler.com https://www.zscaler.com/press/zscaler-zero-trust-exchange-security-platform-meets-c5-requirements-bsi https://www.zscaler.com/press/zscaler-achieves-zero-trust-security-service-fedramp-high-authorization Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced that Zscaler Internet Access™ (ZIA™) achieved Federal Risk and Authorization Management Program (FedRAMP) High Authority to Operate from the FedRAMP Joint Authorization Board (JAB). This federal government certification enables ZIA to meet civilian agencies’ high security requirements, as well as those of the Department of Defense (DoD) and other intelligence organizations. ZIA is currently the only Secure Access Service Edge (SASE) Trusted Internet Connections (TIC) 3.0 solution that has achieved FedRAMP’s highest authorization. FedRAMP High authorization indicates to federal decision-makers that ZIA and ZPA have undergone rigorous audits of critical security controls to protect the government’s most sensitive unclassified data in remote cloud computing environments. The company’s Zscaler Private Access™ (ZPA™), the other key component of the Zscaler Zero Trust Exchange platform, is also JAB High authorized, and along with ZIA, comprise the JAB High authorized Zscaler Zero Trust Exchange™ for federal customers. The certification confirms that ZIA can securely connect government users to external applications, including SaaS applications and internet destinations, regardless of device, location, or network, providing superior cyber and data protection for mission-critical government information. With both ZIA and ZPA now JAB-High authorized, agencies can resolve ongoing user experience and cost challenges associated with securing the explosive use of cloud-based applications. These challenges include continued poor user experience through VPNs, security risks from users who bypass VPNs leading to a lack of visibility and protection, and increased network usage costs associated with backhauling the growing volume of internet traffic flowing through the government's TIC. Since achieving FedRAMP Moderate certification in 2018, Zscaler, a Leader in the 2022 Gartner® Magic Quadrant™ for Security Service Edge (SSE) – a security-specific component in the SASE framework – has completed SSE deployments for more than 100 US federal government and federal systems integrator customers at the Moderate impact level. Many of these deployments supported the requirements of the Executive Order 14028, including zero trust, as well as met TIC 3.0 use cases. "This FedRAMP High authorization elevates Zscaler and our support of the US government as currently the only cloud security company with two FedRAMP High JAB authorizations in the market," said Drew Schnabel, Vice President of Federal at Zscaler. Federal agencies, DoD commands, and federal contractors can now take full advantage of the Zero Trust Exchange at the JAB High or Moderate level. Customers can align their security posture with their workload requirements and meet Executive Order 14028 zero trust goals at all levels available under the FedRAMP program. “Delivering zero trust and SASE through FedRAMP authorized platforms at the highest impact levels is crucial for the security of our nation's future,” said Stephen Kovac, Chief Compliance Officer at Zscaler. “Zscaler committed to our customers that we would deliver a comprehensive zero trust and SASE platform at the High and Moderate baseline levels. Today, we are proud to announce we have met that commitment. The Zscaler team continues to follow the guidance of Executive Order 14028, CISA’s TIC 3.0 and zero trust use cases, DOD/DISA’s National Defense Authorization Act, and our customers and partners. We are delivering FedRAMP High authorized cloud platforms, while helping agencies modernize and transform their legacy cybersecurity environments to cloud-based SASE and zero trust solutions.” “FedRAMP High is a must-have for many federal agency deployments,” said Zeus Kerravala, Founder and Principal Analyst at ZK Research. “We see more and more CISOs and CIOs across state and local government, education, and the private sector recognizing the value of a third-party validated security assessment.” The Zero Trust Exchange is a cloud-native security platform that securely connects any user, device, and application, regardless of location. Following the principle of least-privileged access, the platform establishes trust through user identity and context – including location, device, application, and content – and then creates secure, direct connections based on policy enforcement. The platform supports IT federal mission transformation by reducing costs, eliminating the internet attack surface, and preventing lateral movement of threats while providing an excellent user experience. The Zscaler Zero Trust Exchange is powered by the world’s largest security cloud, with more than 10 years of operational excellence enabling the processing of more than 240 billion daily transactions and stopping over seven billion threats and policy violations per day for the largest, most demanding organizations around the globe. Today’s news builds on recent announcements including: Zscaler Private Access Achieves DoD Impact Level 5 (IL5) Zscaler is chosen to run a pilot program in support of Executive Order 14028 by the National Institute of Standards and Technology (NIST) Zscaler is First Zero Trust Remote Access Cloud Service to Achieve FedRAMP-High JAB Authorization ZIA™ receives Authorization to Operate (ATO) at the Moderate Impact level Zscaler is a Leader in the 2022 Gartner Magic Quadrant for Security Service Edge (SSE), following up 10 consecutive years as a Leader in the Gartner Magic Quadrant for Secure Web Gateway To learn more about Zscaler, visit zscaler.com/solutions/government. For more information about today’s announcement please see Zscaler’s blog post here. Mon, 01 Aug 2022 12:00:00 +0000 press@zscaler.com https://www.zscaler.com/press/zscaler-achieves-zero-trust-security-service-fedramp-high-authorization https://www.zscaler.com/press/coats-power-it-and-ot-security-zscaler-zero-trust-exchange-industry-50-transformation Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, announced today that Coats Group PLC, the world’s largest industrial thread manufacturer for over 250 years, is adopting the Zscaler Zero Trust Exchange™ cloud platform to secure its Industry 5.0 transformation. With its deployment, UK-headquartered Coats will implement Zscaler™ for Users and Zscaler for IoT/OT as the company builds its security service edge (SSE) ecosystem. This SSE ecosystem will provide 18,000 employees secure access to Information Technology (IT) and Operational Technology (OT) systems, including its manufacturing locations and R&D facilities across six continents. “Data and data integrity are critical to running a competitive modern manufacturing enterprise,” said Benjamin Corll, Vice President of Cybersecurity at Coats. “With the accelerating adoption of IIoT [Industrial IoT], AI-powered robotics, and other connected industrial systems in collaboration with human experts, Zscaler will help us provide secure access for OT applications and workloads, as well as users and devices, based on a zero trust approach.” For its deployment, Coats is implementing multiple fully-integrated Zero Trust Exchange user protection and digital experience monitoring (DEM) services. This includes flagship Zscaler Internet Access™ (ZIA™), for supplying employees and contractors with streamlined, secure connectivity to the internet and SaaS applications such as Microsoft 365. Coats is also adopting Zscaler Private Access™ (ZPA™), for high-performance, virtual private network (VPN)-free secure access to private applications residing in its data centers and hosted in public clouds. “By giving us granular control, Zscaler enables us to provide context-based anywhere access to our employees, suppliers, and other third parties,” Corll said. “For example, with our OT systems, Zscaler will ensure that repair and maintenance technicians are only permitted to access the systems they require— thus greatly improving our security posture.” To keep application performance and user experiences high, Coats is also investing in Zscaler Digital Experience™ (ZDX™), for proactively detecting access issues before they affect remote or in-office users, applications, or workloads, and for rapidly troubleshooting complaints. “ZDX provides us with detailed information for analyzing and resolving issues at their source, rather than subjective measures like ‘slow,’” Corll said. “Addressing root causes makes users happier and more productive.” Coats also expects to increase efficiency and reduce overhead costs by improving help desk efficiency. “Using ZDX, we anticipate saving at least 150 help desk hours monthly across our enterprise, which is nearly an entire full-time position,” Corll said. “Simultaneously, ZDX will assist with reducing incidents by providing us with the analytics for tuning our deployment to optimize performance across all users, devices, applications, and workloads where Zscaler is deployed.” “Whether it’s your shirt, jacket, protective gear, or even your car seats, whenever you're wearing clothing it's likely you're wearing a Coats product,” said Dhawal Sharma, VP of Product Management at Zscaler. “At Zscaler, we’re deeply committed to partnering with Coats on their IT transformation journey. This includes providing Coats with the end-to-end monitoring capabilities of ZDX for ensuring secure and optimal digital experiences. We look forward to our continued partnership to help them achieve their goals today and in the future.” For a global operation like Coats, another advantage of the Zscaler platform is streamlining and simplifying regulatory compliance worldwide. “With Zscaler, all of the compliance requirements and reporting—whether it’s PCI in the U.S., GDPR in the EU, or mandates in other regions—are elegantly engineered into the solution and managed for us, providing us with one seamless, integrated, comprehensive platform that’s easy to use,” Corll said. Thu, 21 Jul 2022 12:00:00 +0000 press@zscaler.com https://www.zscaler.com/press/coats-power-it-and-ot-security-zscaler-zero-trust-exchange-industry-50-transformation https://www.zscaler.com/press/zscaler-advances-cybersecurity-and-user-experience-new-aiml-capabilities-zscaler-zero-trust Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced newly advanced AI/ML innovations powered by the largest security cloud in the world for unparalleled user protection and digital experience monitoring. The new capabilities further enhance Zscaler’s Zero Trust Exchange™ security platform to enable organizations to implement a Security Service Edge (SSE) that protects against the most advanced cyberattacks, while delivering an exceptional digital experience to users, and simplifying adoption of a zero trust architecture. Organizations are facing a 314 percent increase in cyberattacks on encrypted internet traffic and an 80 percent increase in ransomware with nearly a 120 percent increase in double extortion attacks. Phishing is also on the rise with industries like financial services, government and retail seeing annual increases in attacks of over 100 percent in 2021. To combat advancing threats, organizations need to adapt their defenses to real-time changes in risk. However, lean-running IT and security teams are experiencing security alert fatigue with increasing exposure to real-time threats and often don’t have the resources or skills to effectively investigate and respond to the mounting volume of threats. Zscaler is addressing these challenges by providing one-click root cause analysis to instantly identify the issues behind poor digital experience, freeing up IT and security teams from troubleshooting to focus on preventing attacks. AI-powered security helps IT professionals by automating threat detection to deliver better and faster protection. Zscaler operates the largest in-line security cloud, which inspects over 240 billion data transactions daily and blocks 150 million daily attacks across the globe to dramatically expedite investigation, response and resolution times, and pinpoint potential malware to stop breaches and data loss. Zscaler is uniquely equipped to train its AI/ML models for superior accuracy in automating threat responses and making policy recommendations to security teams. From faster threat detection to freeing up resources, Zscaler’s Zero Trust platform enables IT and security teams to reduce the constant fire drill of manually chasing alerts and trying to identify new threats. “Cybercriminals are using AI, automation, and advanced techniques to train machines to hack or socially engineer victims faster than ever before,” said Amit Sinha, President, Zscaler. “To help our customers combat these escalating techniques, we’ve dramatically advanced AI and machine learning in our cloud to take advantage of our massive data pool, giving our customers granular real-time risk visibility and a solution to combat attackers that no other security vendor can provide.” Utilizing Zscaler’s AI-powered Zero Trust platform, organizations can now strengthen their network defense with the following intelligent security innovations: AI-powered phishing prevention: Detect and stop credential theft and browser exploitation from phishing pages with real-time analytics on threat intelligence from 300 trillion daily signals, expert ThreatLabz research, and dynamic browser isolation. AI-powered segmentation: Simplify user-to-app segmentation to minimize the attack surface and stop lateral movement with AI-based policy recommendations trained by millions of cross-customer signals across private app telemetry, user context, behavior, and location. Autonomous risk-based policy engine: Dynamically adapt security and access policies in real-time across the Zscaler™ Zero Trust Exchange to maintain network integrity against rapidly-evolving cyber threats. The new capabilities also allow security teams to customize policies based on risk scoring for users, devices, apps, and content. AI-powered root cause analysis: Accelerate mean time to resolution putting impacted end users back to work in a matter of seconds by identifying root causes of poor user experiences 180 times faster, freeing IT from time-consuming troubleshooting and analysis. “Delivering seamless digital experiences, from employee devices to the applications they need, goes hand in hand with securing our sensitive business applications and data, no matter where it resides,” said Darren Beattie, Modern Workplace and Security Operations Manager at Auckland New Zealand-headquartered Tower Limited. “Zscaler’s integrated cloud platform helped us effortlessly adopt a zero trust architecture, reduce risk, accelerate our digital transformation, and achieve business goals.” “With Zscaler’s AI-powered Zero Trust platform based on a SSE framework, we are able to augment and expand the reach of our IT and security team to stop the growing frequency of advanced cyberattacks,” said Stephen Bailey, Vice President of Information Technology at Cache Creek Casino Resort. “The threat landscape is constantly evolving, and these new AI capabilities will effectively enable us to see real-time changes in risk, automate our response process, and stay ahead of the attackers.” For more details about Zscaler’s AI-powered Security Service Edge (SSE) platform, please see here. Wed, 22 Jun 2022 12:00:00 +0000 press@zscaler.com https://www.zscaler.com/press/zscaler-advances-cybersecurity-and-user-experience-new-aiml-capabilities-zscaler-zero-trust https://www.zscaler.com/press/zscaler-and-aws-expand-relationship-enabling-customers-accelerate-onramp-cloud-zero-trust Zscaler, Inc. (NASDAQ: ZS) today announced an extension to its relationship with Amazon Web Services (AWS), a preferred cloud provider. In addition, Zscaler announced innovations built on Zscaler’s Zero Trust architecture and AWS to help enterprises securely accelerate their transition to the cloud. Working together, the companies will deliver customers a unified solution to consolidate and simplify cloud security operations while helping organizations advance their security architecture from ineffective legacy models to a modern Zero Trust approach designed for the cloud. Today, enterprises are often left to purchase, implement, and manage dozens of disparate point products, which has resulted in operational complexity and higher overhead costs. As the cloud continues to mature, enterprises are looking for a holistic cloud-based platform with integrated services, including, Cloud Security Posture Management (CSPM), Cloud Infrastructure Entitlements Management (CIEM), Cloud Workload Protection Platforms (CWPP), Data Loss Protection (DLP), Configuration Management Database (CMDB), and Infrastructure as a Code (IaC) scanning, to protect their globally distributed workloads. To help enterprises advance their deployment of Zero Trust to secure their cloud applications and improve the security of their 5G connections, Zscaler and AWS have extended their relationship to deliver simple, yet powerful, solutions built on AWS. These solutions are designed to help identify, prioritize, mitigate, and remediate cloud workload risks for the applications and the cloud infrastructure, while also extending Zero Trust to Private 5G connections. In cooperation with AWS, Zscaler's three innovations designed to advance cloud security and cloud connections include: Delivering Cloud-Native Application Protection Platform (CNAPP), Built on AWS: Built and operated on AWS, Zscaler’s new Posture Control™ solution helps DevOps and security teams accelerate cloud adoption by efficiently implementing their portion of the AWS Shared Responsibility Model. The platform reduces operational complexity and overhead by replacing multiple point security products–CSPM, CIEM, CWPP, IaC scanning, DLP, CMDB – with a single, unified platform that analyzes millions of attributes to prioritize the critical issues that the security team should focus on first. AWS was chosen for its breadth of services, scale, reliability, and prevalence as a primary cloud provider in a large portion of Zscaler’s customer base. Extending Zero Trust Security to Workloads on AWS: In cooperation with AWS, Zscaler is extending the Zscaler Zero Trust Exchange™cloud security platform to protect cloud workloads against malware and data breaches as enterprises continue to migrate and refactor their applications and workloads on AWS. Zscaler delivers customers the benefits of inline inspection for internet traffic from cloud workloads at a carrier-grade scale using deep integration with AWS native technologies, such as Gateway Load Balancer, AWS Secrets Manager, AWS CloudFormation, and AWS Auto Scaling. It also extends the app-to-app segmentation capabilities of the platform, significantly reducing the enterprise attack surface and risk associated with lateral threat movement. Enabling Zero Trust for Private 5G with AWS Wavelength - The Zscaler Zero Trust Exchange protects workloads running on AWS Wavelength by providing user-granular, Zero Trust access directly to the devices connected to the mobile network. The service is delivered using Zscaler Private Access™ (ZPA)–a Zero Trust architecture built on AWS that supports both cloud and hybrid infrastructure control and deployment. “Zscaler, in collaboration with AWS, provides an innovative and highly-scalable solution for securing cloud workloads,” said Rui Cabeço, IT Service Group Manager & Global Outbound Connectivity Lead at Siemens. “We look forward to leveraging the powerful capabilities of Zscaler and the AWS Marketplace to drive business agility as we continue our cloud transformation.” “Many organizations struggle with the notion of Zero Trust for cloud security,” said Punit Minocha, Executive Vice President, Business and Corporate Development at Zscaler. “Zscaler’s latest innovations– our Posture Control solution and new cloud workload protection services–built on AWS as a preferred cloud provider, offer our joint customers simplified and efficient solutions to effectively remediate cloud workload risk, delivered via the Zscaler Zero Trust Exchange cloud security platform.” “Zscaler and AWS share a common vision to deliver the highest quality security solutions to our joint customers and help them navigate the latest cloud security requirements,” said Chris Grusz, Director, ISV Partner and AWS Marketplace Business Development. “This expanded relationship will offer organizations across the world simple yet powerful solutions built on and tightly integrated with AWS security, observability and data protection services.” Wed, 22 Jun 2022 12:00:00 +0000 press@zscaler.com https://www.zscaler.com/press/zscaler-and-aws-expand-relationship-enabling-customers-accelerate-onramp-cloud-zero-trust https://www.zscaler.com/press/zscaler-launches-posture-control-solution-remediate-hidden-security-risks-across-cloud-native Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced its new Posture Control™ solution, designed to give organizations unified Cloud-Native Application Protection Platform (CNAPP) functionality tailor-made to secure cloud workloads. Integrated into the Zscaler Zero Trust Exchange™, the Posture Control solution enables DevOps and security teams to efficiently prioritize and remediate risks in cloud-native applications earlier in the development lifecycle. The completely agentless solution correlates and prioritizes risks, such as unpatched vulnerabilities in containers and VMs, excessive entitlements and permissions, and cloud service misconfigurations. “The cybersecurity landscape continues to evolve as more applications reside across multi-cloud footprints, making it more difficult than ever for security, IT, and DevOps teams to keep up with new types of attacks and efficiently prioritize and then remediate cloud risks,” said Amit Sinha, President, Zscaler. “Unlike point cloud security tools, which lack context and overburden operators with alerts while missing the full picture, Zscaler’s new Posture Control solution correlates signals across several cloud security disciplines to identify and prioritize real risk drivers and high priority security incidents. Also, by extending security directly into developer workflows, infosec teams can collaborate more effectively with DevOps teams to proactively secure applications earlier in the development lifecycle.” Today, most enterprises are forced to implement and manage dozens of point security tools to achieve complete security coverage. These tools operate in silos and are not integrated, leading to visibility challenges, security gaps, and friction among cross-functional teams. However, due to the dynamic nature of the cloud, security risks are made up of a combination of several complex issues that are interconnected across multiple layers. To address them, security teams need a consolidated platform that prioritizes risk across all their cloud environments. To meet the scale and speed required for cloud-native application development, organizations need a unified approach that envelops the entire Continuous Integration and Continuous Delivery (CI/CD) lifecycle, integrating seamlessly with developer and DevOps workflows. They also need a simplified architecture that correlates issues across multi-cloud environments to better identify high priority security risks and deliver remediation via each stakeholder’s preferred workflows earlier in the development process. “As organizations increasingly move their applications to the cloud, security teams struggle to keep up with cloud-native development because multiple siloed tools create too many alerts that are difficult to manage and prioritize,” said Melinda Marks, Senior Analyst, Enterprise Strategy Group (ESG). “With its integrated approach, Zscaler’s Posture Control solution can help security and DevOps teams better identify, prioritize, and remediate risks. With solutions like this, organizations can focus on the top issues to greatly reduce their overall risk.” Zscaler’s new Posture Control solution builds on the security capabilities of Zscaler’s proven Workload Communications solution, which is designed to secure cloud applications at runtime. Integrated with the Zscaler for Workloads service, the Posture Control solution and Workload Communications are combined to unify development and runtime security of cloud-native and VM-based applications running on any service in any cloud. The Posture Control solution delivers comprehensive coverage of all cloud environments in a singular view and a unified data model to enable security, IT, and DevOps teams to secure cloud apps without disrupting the development processes. Following are key features of the Posture Control solution: Advanced Threat and Risk Correlation: Identify and assess the combination of multiple security issues that may appear to be low-risk individually, but have the potential to create larger, more malicious risks across cloud environments when combined. These correlated risks are unified in a singular view, giving security teams the context they need to properly explore and prioritize risks in the cloud. Agentless Workload Scanning: Avoid developer friction and eliminate blind spots due to incomplete coverage of security tools with a 100% agentless, API-based approach. VMs and containers are scanned in both registries and in production environments, correlating vulnerabilities with other cloud weaknesses to prioritize actions based on risk rather than on CVSS score alone. Full Lifecycle Cloud Security: Detect and resolve security issues early in the development phase before they become production incidents with “shift left” security. Zscaler monitors automated deployment processes and sends alerts when critical security issues are found. Risk and Compliance Visualizations Across the Entire Cloud: Gain 360-degree visibility into risks across the entire multi-cloud footprint, including VMs, containers, and serverless workloads. Zscaler integrates with development platforms like VS Code, DevOps tools such as GitHub and Jenkins, and all major cloud providers to enable visibility and control “from build to run.” Simplified, Fast Deployment and Operations - Zscaler and HashiCorp, a leader in multi-cloud infrastructure automation, have extended their integrations to secure cloud-native workloads in multi-cloud environments. The Posture Control solution can now easily scan infrastructure-as-a-code templates written in Terraform in the development environment. This shift-left approach provides the ability to build security in the CI/CD process, thereby reducing friction between development and security teams, and providing rapid application deployment and better security posture of cloud workloads. For more details about Zscaler’s Posture Control solution, please see here. Wed, 22 Jun 2022 12:00:00 +0000 press@zscaler.com https://www.zscaler.com/press/zscaler-launches-posture-control-solution-remediate-hidden-security-risks-across-cloud-native https://www.zscaler.com/press/zscaler-threatlabz-2022-ransomware-report-reveals-record-number-attacks-and-nearly-120-growth Key Findings: Ransomware attacks have increased by 80% year-over-year with ransomware-as-a-service being used by eight of the top 11 ransomware families. Nearly one in five ransomware attacks target manufacturing businesses, making this industry the most targeted for the second year in a row. Healthcare (650% increase) and Restaurant and Food Service (450%) industries saw the biggest growth of ransomware attacks when compared to 2021. Ransomware families are rebranding to evade law enforcement and continue to infect businesses. Supply chain ransomware attacks are multiplying damages and allowing attackers to bypass traditional security controls. The Russia-Ukraine war is threatening an increase in ransomware combined with other attack techniques, such as the pairing of PartyTicket ransomware and HermeticWiper malware. SAN JOSE, Calif. – June 2, 2022 – Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today released the findings of its annual ThreatLabz Ransomware Report, which revealed an 80 percent increase in ransomware attacks year-over-year. In 2022, the most prevalent ransomware trends include double-extortion, supply chain attacks, ransomware-as-a-service, ransomware rebranding, and geo-political incited ransomware attacks. The report analyzes over a year’s worth of data from the largest security cloud in the world, which processes more than 200 billion daily transactions and 150 million daily blocked attacks across the Zscaler Zero Trust Exchange™. The report details which industries are being targeted the most by cybercriminals, explains the damage caused by double-extortion and supply chain attacks, and catalogs the most active ransomware groups operating today. “Modern ransomware attacks require a single successful asset compromise to gain initial entry, move laterally, and breach the entire environment, making legacy VPN and flat networks extremely vulnerable,” said Deepen Desai, CISO of Zscaler. “Attackers are finding success exploiting weaknesses across businesses’ supply chains as well as critical vulnerabilities like Log4Shell, PrintNightmare, and others. And with ransomware-as-a-service available on the darkweb, more and more criminals are turning to ransomware, realizing that the odds of receiving a big payday are high.” The tactics and scope of ransomware attacks have been steadily evolving, but the end goal continues to be a disruption of the target organization and theft of sensitive information for the purposes of ransom. The size of the ransom often depends on the number of systems infected and the value of the data stolen: the higher the stakes, the higher the payment. In 2019, many ransomware groups updated their tactics to include data exfiltration, commonly referred to as a ‘double extortion’ ransomware. A year later, select groups added another attack layer with distributed denial of service (DDoS) tactics that bombard the victim’s website or network, creating more business disruption, thus pressuring the victim to negotiate. This year, the most dangerous ransomware trend involves supply chain attacks that target a supplier's business and use established connections and shared files, networks, or solutions for second-stage attacks on that supplier’s customers. ThreatLabz also noted nearly a 120 percent increase in double-extortion ransomware victims based on data published on threat actors’ data leak sites. For the second year in a row, manufacturing companies were the most targeted with nearly one in five ransomware attacks directed at manufacturers. However, attacks on other sectors are rapidly growing. The growth rate of attacks on healthcare companies was particularly striking, with double-extortion attacks growing by nearly 650 percent when compared to 2021. This was followed by the restaurants and food services industry, which saw over a 450 percent spike in ransomware. As governments across the world have started to take ransomware seriously, many threat groups have disbanded and reformed under new names. For example, DarkSide rebranded as BlackMatter, DoppelPaymer rebranded as Grief, and Rook rebranded as Pandora. However, their threat has not diminished even as their tactics have changed. Instead, many are now offering their tools for sale on the dark web, increasing their scale through a ransomware-as-a-service business model. Earlier this year, the United States issued a statement warning of the potential for malicious cyber conduct against the United States as a response to economic sanctions against Russia. The statement urged immediate action to harden cyber defenses among both public and private sector organizations. Additional nations that are standing with Ukraine delivered similar warnings. To date, ThreatLabz has identified multiple attacks, such as the use of PartyTicket ransomware and the HermeticWiper malware against Ukraine, and attacks from the Conti threat group against multiple government entities. ThreatLabz is continuing to monitor for geopolitical attacks. Desai added, “to minimize the chances of being breached and the damage that a successful ransomware attack can cause, organizations must use defense-in-depth strategies that include reducing the attack surface, adopting zero trust architecture that can enforce least-privilege access control, and continuously monitoring and inspecting data across all environments.” How the Zscaler Zero Trust Exchange Can Prevent Ransomware Attacks The Zscaler Zero Trust Exchange incorporates ransomware protection controls into a holistic zero trust architecture that disrupts every stage of attacks and minimizes damages. The following best practices and advanced capabilities can significantly reduce the risk of a ransomware attack. Preventing compromise with consistent security policies: With full SSL inspection at scale, browser isolation, inline sandboxing, and policy-driven access control to prevent access to malicious websites. Eliminating lateral movement by removing applications from the internet and implementing a zero trust network access (ZTNA) architecture: By connecting users directly to apps, not the network, to limit the blast radius of an attack. Shutting down compromised users and insider threats: By combining inline application inspection and integrated deception capabilities to detect and trick, and stop would-be attackers. Stopping data loss: By keeping software and training up-to-date, as well as deploying inline data loss prevention and inspecting data both in motion and at rest will prevent theft by threat actors. For more details on how to protect against ransomware and threats, and how to develop a ransomware response plan, read the 2022 ThreatLabz State of Ransomware Report. Methodology The ThreatLabz team evaluated data from the Zscaler Zero Trust Exchange, which secures over 200 billion transactions and blocks 150 million threats daily across the globe. ThreatLabz analyzed a year’s worth of global ransomware data from the Zscaler cloud, along with intelligence from external sources, from February 2021 through March 2022 to identify key trends, industries, and geographies at risk, and emerging tactics. Thu, 02 Jun 2022 12:00:00 +0000 press@zscaler.com https://www.zscaler.com/press/zscaler-threatlabz-2022-ransomware-report-reveals-record-number-attacks-and-nearly-120-growth https://www.zscaler.com/press/zscaler-and-siemens-partnership-delivers-all-one-solution-accelerate-secure-digitalization-ot Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, and Siemens, an innovation leader in automation and digitalization, deliver a proven solution, that combines the Zscaler Zero Trust Exchange™ cloud security platform and Siemens’ devices to help customers with Operational Technology (OT) infrastructures accelerate their secure digital transformation initiatives. Offered direct from Siemens, customers worldwide will be able to obtain the Zscaler Remote Access for OT alongside Siemens’ flexible local processing platform SCALANCE LPE. The new solution enables customers to securely manage, control quality assurance, and analyze production OT infrastructures and its applications from any workplace in any location. In today’s hybrid working environment and economy, the need for factory automation, higher production output, and an agile staff for OT environments is greater than ever. Concurrently, factories are faced with more debilitating cyberattacks that can cause financial and human loss. Zscaler and Siemens have recognized that for factory modernization and digitalization to occur, new security approaches, like Zero Trust access, will be added to traditional defense-in-depth strategies. Factories layering in Zero Trust access capabilities can now reduce their risk while using remote staff, or connecting to the internet and to the cloud, enabling them to take greater advantage of technology innovation that speeds factory output. With the extension of Zscaler Private Access™ for OT, factory staff, contractors and third-party workers can remotely access factory systems securely to perform maintenance, monitoring and other tasks. “The Zero Trust principles are incredibly relevant to smart factory initiatives,” said Herbert Wegmann, General Manager “Digital Connectivity and Power” at Siemens Digital Industries. “Operators are embracing digitalization to bring more automation and intelligence to their production. But it also brings a new dimension of connectivity between shopfloors and the internet.” “I am thrilled that Siemens’ and Zscaler’s joint customers now have an integrated, highly secure approach to obtain and deploy Zscaler Private Access for OT environments directly from Siemens,” said Jay Chaudhry, CEO, Chairman, and founder at Zscaler. “Customers will be able to digitalize their factories faster by adding a Zero Trust access layer to their OT infrastructure. Our product and go-to-market collaboration will help ensure that industrial customers can improve factory uptime through reduced risk to remote worker access, while at the same time protecting themselves from the influx in cyberthreats facing them today.” Key advantages of the Zscaler and Siemens secure OT remote access solution include: Secure remote access to plants and machines - CISA recently pointed out that VPNs can contain risks when not updated. Now, customers can layer zero trust onto traditional defense-in-depth strategies to provide a more secure remote access solution to the factory floor. Privileged remote access for internal and third-party users — Browser-based access allows authorized admins to execute commands from remote endpoints to OT systems over secure and fully isolated connections, without the need to install an agent on the OT systems or any software on the user’s endpoints. Seamless integration into existing OT networks — Docker-based app connectors make it easy to deploy secure remote access on industrial control systems (ICS) and industrial network components. OT-IT Convergence. Users can safely converge their OT/IT worlds using Zscaler Private Access for IT-OT access. SaaS Service via a distributed, multi-tenant security exchange - the first SaaS based OT remote access solution is powered by Zscaler’s security cloud which has 150+ data centers worldwide. This results in a highly scalable and stable service. On average, they provide 200,000 unique security updates per day, stop 7Bn threats on average, and ensure the fastest connections between users and assets, supporting factory production no matter where the users are located. Availability Customers can learn about the solution live at the Hannover Messe Fair at Hannover, Germany 30 May – 2 June at Siemens’ virtual and in-person booth. Additional Resources Zscaler Private Access for OT 3 Essential Zero Trust Principles for Reducing Security Risk in OT Environments Zscaler Private Access for IIoT/OT now sold by Siemens for Industrial Security OT-IT Convergence Brought to Reality by Siemens and Zscaler Thu, 26 May 2022 12:00:00 +0000 press@zscaler.com https://www.zscaler.com/press/zscaler-and-siemens-partnership-delivers-all-one-solution-accelerate-secure-digitalization-ot https://www.zscaler.com/press/zscaler-appoints-brendan-castle-chief-people-officer Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced that Brendan Castle has been appointed Chief People Officer. Castle will lead the company's global People and Culture organization, including talent acquisition, learning and development, internal business partners, diversity, equity and inclusion, and our workplace experience. With 30 years of senior management and employee operations experience at large-scale organizations, Castle brings expertise to all aspects of the ZscalerTM People and Culture function, including building highly motivated, productive teams, and implementing modern employee programs. “I would first like to express extreme gratitude to Greg Pappas for dedicating nearly nine years building and leading the People and Culture team at Zscaler, and I wish him the best in his retirement,” said Jay Chaudhry, CEO, Chairman, and founder at Zscaler. “As the leader in cloud security, Zscaler continues to grow at a rapid pace and has become a destination for top talent. I am excited to welcome Brendan Castle as we continue our hyper-growth and speed of innovation to help us efficiently scale and attract top talent globally.” “I admire Zscaler’s commitment to culture by creating an environment where a diverse workforce can innovate freely and contribute their best work to help customers succeed,” said Castle. “Being the best starts by creating a culture where the most talented people share common values and seek the opportunity to make a difference through teamwork, open communication, innovation, and a passion for customers. I am delighted to be part of the next phase of Zscaler’s growth and look forward to being an integral part of its evolution.” Castle most recently led Google’s 3,000-person global recruiting organization covering all hiring from new graduates to industry and executives for all products, services, sales, and engineering. Prior to joining Google in 2014, Castle served as Managing Director and Global Head of Human Resources Shared Services at Citigroup. He was responsible for 1,400 employees across 45 countries in onboarding, off-boarding, employee operations, payroll, equity, and mobility for Citi’s 300,000 worldwide workforce. Zscaler is hiring. To see open positions and apply, please visit https://www.zscaler.com/careers. Mon, 02 May 2022 12:00:00 +0000 press@zscaler.com https://www.zscaler.com/press/zscaler-appoints-brendan-castle-chief-people-officer https://www.zscaler.com/press/new-zscaler-research-shows-over-400-increase-phishing-attacks-retail-and-wholesale-industries Key Findings Phishing attacks rose 29% globally to a new record of 873.9M attacks observed in the ZscalerTM cloud last year Retail and wholesale were the most targeted industries, experiencing over a 400% increase in phishing attacks over the last 12 months The United States, Singapore, Germany, Netherlands, and the United Kingdom were the most frequently targeted by phishing scams Emerging phishing vectors, such as SMS phishing, are increasing faster than other methods as end users become more wary of suspicious emails Rising phishing activity is directly linked to “phishing- as-a-service” options, which provide a marketplace of pre-built attack tools that reduce technical barriers to entry for criminals SAN JOSE, Calif. – April 20, 2022 – Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today released the findings of its 2022 ThreatLabz Phishing Report that reviews 12 months of global phishing data from the Zscaler security cloud to identify key trends, industries and geographies at risk, and emerging tactics. According to the FBI Internet Crime Complaint Center (IC3), phishing attempts are the most frequently-reported cyberattack. Zscaler’s ThreatLabz research team analyzed data from more than 200 billion daily transactions, and 150 million daily blocked attacks in order to identify emerging threats and track malicious actors from across the globe. This year’s report showed dramatic 29% growth in overall phishing attacks compared to previous years, with retail and wholesale companies bearing the brunt of the increase. The report also showed an emerging reliance on phishing-as-a-service methods, as well as new attack vectors, such as SMS phishing, becoming one of the more prevalent methods of intrusion. “Phishing attacks are impacting businesses and consumers with alarming frequency, complexity, and scope - with the rise in phishing-as-a-service making it easier than ever for non-sophisticated actors to launch successful attacks. Our annual report highlights how cybercriminals continue to escalate their usage of phishing as a starting point to breach organizations to deliver ransomware or steal sensitive data,” said Deepen Desai, CISO and VP of Security Research and Operations at Zscaler. “To defend against advanced phishing attacks, organizations must leverage a multi-pronged defensive strategy anchored on a cloud native zero trust platform that unifies full SSL inspection with AI/ML-powered detection to stop the most sophisticated phishing attempts and phishing kits, lateral movement prevention and integrated deception to limit the blast radius of a compromised user, proactive controls to block high risk destinations such as newly registered domains that are often abused by threat actors, and in-line DLP to safeguard against data theft.” Phishing has always been one of the most pervasive cyberthreats, with various methods used to steal private information. One of the reasons this type of attack grows in prevalence every year is its low barrier to entry. Cybercriminals use current events, such as the COVID-19 pandemic or cryptocurrency, to convince unwitting victims to hand over confidential data, such as passwords, credit card information, and login credentials. The 2022 ThreatLabz Phishing Report found that phishing attacks lure victims by posing as top brands or promoting topical events. The top phishing themes in 2021 included categories such as productivity tools, illegal streaming sites, shopping sites, social media platforms, financial institutions, and logistical services. A Global Problem In 2021, the U.S. was the most-targeted country globally, accounting for over 60% of all phishing attacks blocked by the Zscaler security cloud. The next most frequently attacked countries include Singapore, Germany, the Netherlands, and the United Kingdom. Not all countries experienced the same attention from phishing attacks. For example, the Netherlands experienced a decrease of 38 %, which may have resulted from recently-passed legislation that increased the penalties for online fraud. Phishing attacks were also not evenly distributed across different industries. Retail and wholesale businesses experienced an increase of over 400% in phishing attempts - the most out of all tracked industries. These businesses were followed by financial and government sectors, with organizations in these industries seeing over 100% increases in attacks on average. However, some industries experienced partial relief from phishing attacks last year. Healthcare saw a notable drop of 59 %, while the services industry saw a decline of 33 %. Phishing-as-a-Service - The Growing Threat While phishing has long been one of the most common tactics used in cyberattacks by sophisticated threat actors, it's becoming more accessible to non-technical cybercriminals due to a maturing underground marketplace for attack frameworks and services. By selling their pre-built phishing tools and services on the dark web, cybercriminals are making it easier to deploy phishing scams at scale, creating a greater chance for more phishing activity in 2022. Countering Phishing Attacks According to the Zscaler ThreatLabz research team, an average-sized organization receives dozens of phishing emails every day. This means that employees at all levels must be aware of the most common phishing tactics and empowered to spot phishing attempts that can result in financial losses and damage to the business’ brand. Facing the threats outlined in the 2022 ThreatLabz Phishing Report can be daunting, and while it's impossible to eliminate phishing risk, effective management can prevent business-critical information from falling into the hands of cybercriminals. Among other recommendations, Zscaler suggests the following tactics for countering phishing growth: Learning and understanding the risks posed by phishing to better inform policy and technology decisions Leveraging automated tools and actionable intelligence to empower employees with the tools needed to reduce phishing incidents Delivering timely employee training to build security awareness and promote user reporting Simulating phishing attacks to identify gaps in security policies and procedures Evaluating security infrastructure to ensure access to the latest research and system capabilities How the Zscaler Zero Trust ExchangeTM Can Mitigate Phishing Attacks User compromise is one of the most difficult security challenges to defend against. The Zscaler Zero Trust Exchange incorporates phishing prevention controls into a holistic zero trust architecture that disrupts every stage of attacks and minimizes damages. Capabilities include: Preventing compromise with full SSL inspection at scale, threat analysis using natively integrated threat intel and IPS signature detection, AI/ML phishing detection, and policy-defined high-risk URL categories commonly used for phishing such as newly observed and newly registered domains. Eliminating lateral movement by connecting users directly to apps, not the network, to limit the blast radius of a potential incident. Shutting down compromised users and insider threats with in-line application inspection and integrated deception capabilities to trick and detect attackers. Stopping data loss by inspecting data both in motion and at rest to prevent theft by an active attacker. To download the full report, see the ThreatLabz 2022 Phishing Report. Methodology The ThreatLabz team evaluated data from the Zscaler security cloud, which monitors over 200 billion transactions daily across the globe. ThreatLabz analyzed a year’s worth of global phishing data from the Zscaler cloud from January 2021 through December 2021 to identify key trends, industries and geographies at risk, and emerging tactics. Wed, 20 Apr 2022 12:00:00 +0000 press@zscaler.com https://www.zscaler.com/press/new-zscaler-research-shows-over-400-increase-phishing-attacks-retail-and-wholesale-industries https://www.zscaler.com/press/zscaler-unveils-industry-first-security-service-edge-innovations-protect-enterprises-most Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today advanced its security service edge (SSE) framework with three industry-first Zero Trust Network Access (ZTNA) innovations for IT and security teams to confidently replace legacy firewalls and VPNs. Delivered as part of the Zscaler Zero Trust Exchange, these innovations establish a new standard for ZTNA to minimize the attack surface and prevent lateral movement, while stopping compromised users and insider threats with private app protection, integrated deception, and privileged remote access capabilities for business and OT systems. Today, employees are highly mobile and critical applications have moved to the cloud – no longer residing inside the corporate network protected by a secure perimeter. This fundamental shift to cloud and mobility has caused organizations to abandon the legacy network-centric VPN approach in favor of a modern user- and app-centric security model that delivers zero trust secure access to private apps by establishing a direct connection from user-to-application on a dynamic identity- and context-aware basis. “The volume of cyberattacks and data breaches has been rising across all industries with an escalating threat landscape rife with nation-state actors and sophisticated adversaries,” said Tony Paterra, Senior Vice President of Emerging Products at Zscaler. “As enterprise applications continue to move to the cloud and hybrid workplaces become the norm, a zero trust architecture is needed to support distributed users, devices, apps, and workloads. Our next-gen ZTNA approach is the simplest, most comprehensive approach to securely access private applications and transform legacy network security to minimize the attack surface and shutdown the most advanced attacks. With secure access to private apps using ZTNA as a key pillar of SSE, Zscaler’s innovations strengthen its cloud security platform and help solve modern business and security requirements using a holistic zero trust architecture to replace legacy VPNs and provide employees with advanced remote access solutions for unmatched security and superior user performance. Zscaler's three innovations that advance and deliver on the promise of a next-gen ZTNA offering include the following: Private app protection: Leveraging over 10 years of inline inspection expertise in securing internet traffic and SaaS apps, Zscaler’s platform provides new preventive and proactive security controls to stop compromised users and adversaries from exploiting vulnerable private applications and services. These innovations include in-line inspection of private app traffic to stop the most prevalent attacks, including the OWASP Top 10, with continuously evolving defenses from Zscaler’s ThreatLabz research team and custom signature support. Integrated Deception: An industry-first, native deception evolves lateral movement detection for advanced attacks with built-in private app decoys. With this addition, Zscaler’s platform reduces alert fatigue with high-confidence alerts generated by decoys that instantly identify and contain compromised user and insider threats through integration with the Zscaler Zero Trust Exchange and security operations platforms. Privileged Remote Access for Industrial IoT and OT systems: Building on our existing browser-based access capabilities, Zscaler’s platform has been enhanced with Remote Desktop Protocol (RDP) and Secure Shell Protocol (SSH) support from unmanaged devices, for both IIoT/OT devices and private apps. These capabilities enable secure, direct remote access for third-party users, allowing organizations to bring zero trust connectivity to IoT, as well as retire slow, costly VDI solutions for private apps. Zscaler’s new capabilities expand user expectations of SSE and provide a new standard for managing Secure Access Service Edge (SASE) architecture. The new capabilities are available now for customers as part of Zscaler Private Access (ZPA), or as a standalone purchase, depending on the ZPA Edition they are licensed for. “Zero trust has become integral to our M&A integration strategy and execution at Sanmina. By partnering with Zscaler, we’ve been able to ensure productivity for our acquired employees on day one to unlock immediate value,” said Matt Ramberg, Vice President of Information Security, Sanmina. “The beauty of Zscaler’s next-gen zero trust network access platform is that our users get fast, hassle-free access to the apps they need, while IT reduces our cyber risk to virtually zero - including protecting us from zero-day attacks that could take down our private apps. It has become an indispensable tool for our users and transformed how we do M&A.” “Zscaler Private Access has greatly accelerated our move to zero trust by replacing our legacy VPNs with true user-to-app segmentation that minimizes our external attack surface and eliminates lateral movement,” said John Pratezina, Senior Network Operations Administrator, Commonwealth Superannuation Corporation (CSC). “The introduction of integrated deception to ZPA helps surface compromised users and insider threats, giving us another line of defense against sophisticated adversaries, and more insights about their tactics. By having these new capabilities integrated into our incident response process we now have the highest fidelity alerts and strongest security defenses.” “Demand for ZTNA is growing rapidly, though enterprises are now looking for solutions that can scale, support all use cases, and prevent threats in ways that legacy VPN tools never could,” according to Christopher Rodriguez, Research Director, Security & Trust at IDC. “The new Zscaler ZPA capabilities address key requirements for enterprises that are taking the important step to modernize their security architecture.” On March 22, Zscaler showcased the innovative capabilities now available for the Zero Trust Exchange at its virtual Zero Trust Live event, or learn more about the future of zero trust on our resources page. Tue, 22 Mar 2022 12:00:00 +0000 press@zscaler.com https://www.zscaler.com/press/zscaler-unveils-industry-first-security-service-edge-innovations-protect-enterprises-most https://www.zscaler.com/press/zscaler-positioned-leader-2022-gartner-magic-quadrant-security-service-edge-sse Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced Zscaler is recognized as a Leader in the inaugural Gartner 2022 Magic Quadrant for Security Service Edge. This is the 11th consecutive year Zscaler has been named a Leader initially in the Gartner Magic Quadrant for Secure Web Gateway and now in the Gartner Magic Quadrant for SSE. Gartner evaluates vendors’ ‘Ability to Execute’ by a combination of factors including products/services, customer experience, market responsiveness, track record, marketing execution, sales execution/pricing, operations, and overall viability. Zscaler is positioned as the vendor with the highest ability to execute among the 11 vendors qualified to be evaluated in the report. "Zscaler pioneered cloud-based security with our Zero Trust Exchange platform, and we are proud to be recognized by Gartner as a Leader in the inaugural Magic Quadrant for Security Service Edge,” said Jay Chaudhry, Chairman, and CEO, Zscaler. “The continued adoption of SaaS applications and public cloud along with the move toward using the Internet as the corporate network has made legacy firewalls and VPNs irrelevant, exposing businesses to widespread ransomware infections and zero-day attacks like the recent Log4j vulnerability. Zscaler’s cloud-native Zero Trust Exchange platform accelerates secure digital transformation and helps safeguard thousands of global organizations by virtually eliminating the attack surface and lateral movement while improving business operations and efficiency.” "With 75% of our employees working remotely, SSE needs to be part of our strategic roadmap," said Jack McCarthy, CIO, New Jersey Judiciary. "Thanks to Zscaler, we were able to complete six months of work in six days, securing our organization during the pandemic. Zscaler continues to be part of this strategic journey today, and in the future, giving our employees secure access to applications and systems anywhere, anytime, and on any device." Zscaler believes this recognition further acknowledges the Zscaler Zero Trust Exchange as the foundation for secure digital transformation. Zscaler’s disruptive cloud-native architecture enables leading enterprises to break free from legacy approaches to networking and security with true any-to-any zero trust connectivity. Unlike disjointed, on-premises security products designed for yesterday’s network, Zscaler’s proxy-based architecture is built on an industry-leading SSE framework to deliver superior security, data protection with full SSL inspection, a great user experience, and eliminate the attack surface by directly connecting users to applications, never networks. The Zero Trust Exchange is powered by the world’s largest security cloud, with 10+ years of operational excellence enabling us to process 200B+ daily transactions and stop 150M+ threats per day for the largest, most demanding organizations around the globe. Visit the Zscaler website for a complimentary copy of the 2022 Gartner Magic Quadrant for Security Service Edge (SSE). Gartner Disclaimer Gartner, Magic Quadrant for Security Service Edge, 15 February 2022, John Watts et. Al. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. Gartner and Magic Quadrant are registered trademarks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Fri, 18 Feb 2022 12:00:00 +0000 press@zscaler.com https://www.zscaler.com/press/zscaler-positioned-leader-2022-gartner-magic-quadrant-security-service-edge-sse https://www.zscaler.com/press/zscaler-added-nasdaq-100-index Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced its inclusion in the Nasdaq-100 Index®, one of the world’s preeminent large-cap growth index comprised of 100 of the largest domestic and international non-financial companies listed on Nasdaq based on market capitalization. Announced by Nasdaq on Friday, December 10, 2021, shares of Zscaler will be included in the Nasdaq-100 Index effective prior to market open on Monday, December 20, 2021. “Zscaler’s addition to the Nasdaq-100 is a landmark moment as a result of superb execution to accelerate secure digital transformation,” said Jay Chaudhry, CEO, chairman, and founder, Zscaler. “Our growth has been fueled by enterprises that are phasing out the legacy networking and security architecture built around firewalls and VPNs, and are embracing the Zscaler Zero Trust Exchange. This milestone could not have been reached without the ingenuity of the Zscaler team and continued support from our customers and partners.” The Nasdaq-100 Index® is an elite group of the world’s most iconic and innovative companies. Follow the link for a complete list of companies on the Nasdaq-100 Index https://www.nasdaq.com/market-activity/quotes/nasdaq-ndx-index. Tue, 14 Dec 2021 12:00:00 +0000 press@zscaler.com https://www.zscaler.com/press/zscaler-added-nasdaq-100-index https://www.zscaler.com/press/zscaler-extends-its-proven-zero-trust-exchange-platform-deliver-zero-trust-workloads SAN JOSE, December 8, 2021 -- Zscaler, Inc. (NASDAQ: ZS), a leader in cloud security, announced the general availability of its new Workload Communications solution, part of the Zscaler Zero Trust Exchange™, which extends Zero Trust security to workloads and applications hosted in public clouds. Zscaler’s cloud-native platform eliminates attack surfaces, prevents lateral threat movement, inhibits compromise of workloads, and stops data loss. It also helps IT teams simplify multi-cloud workload connectivity by moving away from traditional IP-based routing and VPNs between cloud environments to expedite enterprises' cloud transformation initiatives. With the deployment of enterprise workloads in multiple regions and cloud providers, legacy mesh networks are becoming costly, hard to implement, scale, and manage. Attempts by legacy vendors to adapt antiquated, castle-and-moat VPN and firewall architectures to the public cloud have allowed an unprecedented number of cybersecurity attacks, in addition to networking and application performance challenges for enterprises. As a result, organizations must rethink their approach to securing and connecting cloud-based applications and consider adopting new architecture able to simplify multi-cloud connectivity, elevate application performance, and provide comprehensive protection. Recent findings from the Zscaler ThreatLabZ research team underscore these challenges and outline the growing threat from unsecured workloads in the cloud and the need for inspection of all content including encrypted traffic. To meet these needs, Zscaler has extended its Zero Trust Exchange to deliver the industry’s first Zero Trust for cloud workloads solution that secures cloud-to-internet, cloud-to-cloud, cloud-to-data center, and intra-cloud communications. Acting as an intelligent switchboard, traffic is routed to the Zscaler platform where connections are brokered using business policies based on identity and context to connect workloads directly to other workloads, without accessing the corporate network. Zscaler’s approach eliminates the attack surface by making workloads invisible to the internet, simplifies application connectivity by removing networking bottlenecks, and delivers superior application performance by reducing app-to-app latency. Collaborating with major cloud providers, such as Amazon Web Service (AWS), Zscaler delivers a network-agnostic Zero Trust fabric to secure cloud workloads and accelerate migration to the cloud. Today’s general availability of Workload Communications extends the proven capabilities of the Zscaler Internet Access™ (ZIA™) and Zscaler Private Access™ (ZPA™) services to cloud workloads, allowing enterprises to secure all workload communications over any network, including internet, direct connect, express route and others. With these innovations, Zscaler enables customers to implement the following use cases: Application-to-Internet Communications – Cloud Applications require access to the internet for a variety of reasons, from communicating with third-party Application Programming Interface (API) services to receiving software updates. Using the Zero Trust Exchange, internet access is secured with ZIA policies that now include DLP and threat prevention while making workloads completely invisible to potential cyberthreats. Multi-Cloud Application-to-Application Communications - Multi-cloud networking allows organizations to secure connectivity across heterogeneous cloud environments. ZPA policies secure workload communications across cloud providers, regions, and virtual private clouds (VPCs) in the same public cloud for seamless and secure application communication without the complexities and performance bottlenecks that legacy technologies create. Intra-Cloud Application-to-Application Communications – To enable secure workload-to-workload communications inside a cloud, VPC/VNet, or data center, Zscaler uses a combination of macro and micro-segmentation to verify software identity. This includes microsegmentation of business-critical environments to prevent unauthorized communication between applications. “To properly secure cloud workloads, three critical areas – security, connectivity, and performance – need to be addressed, which legacy approaches have not been able to solve,” said Amit Sinha, President, CTO, Zscaler. “Zscaler has solved all three challenges with a new architecture that extends our Zero Trust Exchange, already trusted by thousands of enterprises to secure millions of users, to cloud workloads for stronger security, simpler connectivity, and better performance. Zscaler's new architecture eliminates the need for organizations to extend their corporate network to the cloud, which results in a bigger attack surface, operational complexity and performance bottlenecks.” Customer and Partner Quotes: "As we move more applications to the public cloud, we must ensure a high level of compliance with internal and external requirements, avoid security risks from inconsistently applied controls, and reduce legacy infrastructure costs," said Rui Cabeço, IT Service Group Manager & Global Outbound Connectivity Lead at Siemens. "With Zscaler's Workload Communications, we can easily standardize security policies for both users and applications regardless of where they are located. We gain visibility into the public cloud, achieve compliance, and lower costs by not backhauling traffic, and simultaneously reduce data center resource consumption.” “While we share the responsibility of cloud security with our enterprise customers, we are customer obsessed in helping our customers accelerate secure workload migration to AWS to achieve scalability and agility,” said Mona Chadha, Director of Category Management, AWS. “Zscaler provides customers with a Zero Trust security model that simplifies cloud networking and security while eliminating the need for virtual firewalls and mesh or site-to-site networks. Having Zscaler solutions available in AWS Marketplace allows customers to easily subscribe, accelerate time to market while meeting compliance and security requirements.” Wed, 08 Dec 2021 12:00:00 +0000 press@zscaler.com https://www.zscaler.com/press/zscaler-extends-its-proven-zero-trust-exchange-platform-deliver-zero-trust-workloads https://www.zscaler.com/press/zscaler-powers-its-global-data-centers-and-offices-100-renewable-energy Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced that it achieved 100% renewable energy through a combination of directly purchased renewable energy and renewable energy credits (RECs) for its offices and 150+ data centers that run the Zscaler Zero Trust Exchange. Zscaler’s unique and inherently efficient cloud-based architecture enables customers to improve their security posture and user experience while reducing the need to purchase, maintain, and power on-premises security hardware, thus enabling customers to reduce their IT equipment overhead and consequently their energy usage. Taking a methodical approach to addressing its environmental impact, Zscaler has built its cloud security platform in more than 150 data centers across the world – strategically placed where customers are located – with many already operating on 100% renewable energy. While 78% of the energy used to process over 190 billion security transactions per day was from renewable sources as of October 2021, there was still room to improve. Zscaler took the next step to achieve 100% renewable energy by purchasing high-quality RECs from projects such as wind and solar farms. These RECs match the projected non-renewable energy used by Zscaler’s offices and data centers globally for calendar year 2021. Zscaler intends to annually procure 100% renewable energy for its global offices and data centers for the benefit of its customers. Acknowledging that this is a journey, Zscaler’s ESG program is quantifying its broader carbon footprint, including other Scope 3 emissions, and developing a path to net zero greenhouse gas emissions. “Having technology partners with compatible cultures and values is always beneficial,” said Mark Ferguson, CISO at Bombardier, the Montreal, Quebec-based global leader in business aviation. “Zscaler’s commitment to using 100% renewable energy in its operations aligns with our ESG goals and priorities of improving our cybersecurity and driving positive environmental impact by reducing our security appliances. We are taking large steps to meet our long term environmental goals, including dedicating over 50% of our R&D investments towards designing and producing greener aircraft.” “We are passionate about creating meaningful change for our customers and our planet,” said Amit Sinha, president and CTO and member of the board, Zscaler, Inc. “Zscaler has a long track record of driving technology innovation via the cloud which now uses 100% renewable energy. With the steps that we took today, Zscaler supports our customers’ goals of adopting Zero Trust security and eliminating the carbon emissions associated with the energy used for their security program. We will continue to enhance the efficiency of our architecture and infrastructure to do our part in addressing climate change.” Additional Resources Zscaler Sustainability and Environmental, Social and Governance Program https://www.zscaler.com/corporate-responsibility CXO REvolutionaries “Putting ESG “Front and Center”: How Enterprises are Reducing Carbon Footprint via Cloud Transformation” https://revolutionaries.zscaler.com/insights/putting-esg-front-and-center-how-enterprises-are-reducing-carbon-footprint-cloud Thu, 18 Nov 2021 12:00:00 +0000 press@zscaler.com https://www.zscaler.com/press/zscaler-powers-its-global-data-centers-and-offices-100-renewable-energy https://www.zscaler.com/press/zscaler-extends-fast-seamless-digital-experience-monitoring-unified-collaboration Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today enhanced Zscaler Digital Experience (ZDX™) with new Unified Communications as a Service (UCaaS) application monitoring and digital workflow service integrations to automatically pinpoint and quickly remediate performance issues for improved employee collaboration and productivity. Delivered as an integrated service on Zscaler’s cloud-native Zero Trust Exchange, ZDX provides unified visibility into user, connection and cloud app telemetry data to isolate and resolve user experience issues. The new integrations now enable security, networking, and help desk teams to work together to efficiently triage Microsoft Teams and Zoom quality issues, decrease resolution times, and optimize employee productivity. “IT teams cannot provide a great user experience and proactively resolve UCaaS performance issues if they are unable to see or measure telemetry between employees and critical applications, such as Microsoft Teams or Zoom,” said Dhawal Sharma, VP Products, Zscaler. “Zscaler Digital Experience addresses the three biggest challenges that prevent seamless collaboration for the hybrid workforce: siloed user data, limited legacy monitoring tools, and a lack of analytics and workflows that can optimize and improve the productivity and digital experience for employees no matter where they reside.” Today's highly mobile and cloud-first workforce rely on fast, secure connectivity and seamless collaboration experiences to maintain high productivity. According to research from Gartner®, “By 2023, the number of remote workers will have doubled to over two-thirds of digital workers, shifting buyer requirements to demand work-anywhere capabilities.” As a result, it is critical for IT teams to be able to quickly pinpoint performance issues on unified communications services, such as Microsoft Teams and Zoom, and SaaS platforms, such as Microsoft 365. Enterprises that lack proper UCaaS monitoring capabilities will need to adopt new tools specifically designed to manage workforce communications without sacrificing performance. The new ZDX enhancements deliver enterprise-grade monitoring capabilities by leveraging insights gathered through the Zscaler Zero Trust Exchange, a cloud-native platform of integrated services that acts as an intelligent switchboard to securely connect users, apps and devices over any network, at any location. Operating as a unified service on the Zscaler platform, ZDX enables IT and security teams to proactively troubleshoot network and call quality problems by combining API-based monitoring of application-specific metrics with continuous and active monitoring of user device, network, and application availability insights for business-critical SaaS apps, such as Microsoft Teams and Zoom. New Visibility and Management of UCaaS Performance: Zscaler integrates with Microsoft Teams and Zoom through secure APIs to access granular user and application telemetry data all in one place. By offering an integrated view of all system data from meetings and user interactions, ZDX helps IT teams better detect and resolve sources of latency and packet loss that may impact employee experience and business efficiency. Expanded Troubleshooting Tools: ZDX enables security, networking, help desk teams to proactively triage unified communications issues, troubleshoot connection problems, decrease resolution times, and optimize user productivity. Because ZDX continually monitors performance, many connectivity problems can now be resolved proactively before they result in a trouble ticket. Enhanced Microsoft 365 Support: IT teams can use ZDX to analyze trends, performance metrics, and digital experience scores to identify underlying problems and opportunities to improve user experiences with Microsoft 365. Full Visibility into Zero Trust Secured Private Apps: ZDX provides extensive network insights into user connectivity for secured private applications protected by Zscaler Private Access. IT and security teams benefit from a centralized dashboard with all relevant telemetry data to troubleshoot and resolve user experiences issues with private applications. Automated IT Incident Management with ServiceNow: ZDX integrates with ServiceNow® ITSM platform through event-driven APIs for sharing real-time incident notifications. IT teams can automate IT ticket creation based on ZDX alerts, which streamlines remediation workflows for better IT incident management. Customer Quotes “When employees reported an issue, the source could be any combination of factors from the app, path to the app, hosting platform, a corporate device, or an employee’s home network, but we lacked the telemetry data to pinpoint the cause,” said Jeff Negrete, Vice President of Infrastructure and Operations, Verisk. “As a service that’s tightly integrated with our other Zscaler solutions, ZDX provided us with granular, real-time insights to help us solve troubleshooting gaps for our DevOps and help desk teams as we continue moving our business applications to the cloud and SaaS while simultaneously supporting our newly distributed workforce.” “We have employees distributed across more than 20 locations around Auckland and currently working from home, making it challenging to ensure employee productivity and experience with critical applications, like Microsoft Teams,” said Adam Gower, Head of Digital Operations, Watercare Services. “Zscaler Digital Experience was extremely easy to deploy and gave us access to granular telemetry data for fast diagnosing and resolution of user experiences issues before employee productivity is interrupted.” Technology Alliance Partner Quote “Understanding end-user network performance, including packet loss, is a key part of providing the level of consistent service and call quality consumers and business users expect,” said Velchamy Sankarlingam, President of Product and Engineering at Zoom. “The joint collaboration and deep integration efforts between Zoom services and Zscaler Digital Experience, provide our shared customers inline monitoring of user and application telemetry data to easily track Zoom application performance and call quality.” To learn more about ZDX and its new integrations, please visit our blog. Tue, 09 Nov 2021 12:00:00 +0000 press@zscaler.com https://www.zscaler.com/press/zscaler-extends-fast-seamless-digital-experience-monitoring-unified-collaboration https://www.zscaler.com/press/zscaler-private-access-achieves-dod-impact-level-5-il5 Zscaler, Inc., (NASDAQ: ZS), the leader in cloud security, today announced that the Department of Defense (DoD) has granted Zscaler Private Access™ (ZPA™) a Provisional Authorization To Operate (P-ATO) at Impact Level 5 (IL5), as published in the Department of Defense Cloud Computing Security Requirements Guide (DoD CC SRG). Government agencies and their contractors will be able to use Zscaler’s Zero Trust platform for systems that manage their most sensitive Controlled Unclassified Information (CUI) as well as unclassified National Security Systems (NSSs). ZPA is a zero trust network access service that connects trusted users directly to trusted cloud applications. Organizations can dramatically reduce cyber risk and adopt modern cloud solutions. "Secure, fast, reliable access to applications and data is critical as agencies continue deploying cloud services,” said Lieutenant General (Ret.) Mark S. Bowman. “Reducing cyber risk and defending against adversaries is a top priority for the DoD and all of the Federal government – especially for those managing sensitive and Controlled Unclassified Information (CUI) and unclassified National Security Systems (NSSs) data. Zero Trust Network Access solutions help everyone in the Federal government as they navigate this journey.” The IL5 authorization underscore’s Zscaler’s deep commitment to Federal cybersecurity, and to supporting DoD organizations as they implement Defense Information Systems Agency’s (DISA) new Zero Trust cybersecurity reference architecture. It also highlights Zscaler’s support of Federal agencies in their journey to meet TIC 3.0 guidelines and build zero trust plans required in the new Executive Order for Improving the Nation’s Cybersecurity, and the draft Federal Zero Trust Strategy. "Zscaler is excited to achieve IL5 authorization to support our DoD customers and their respective missions," said Drew Schnabel, Vice President of Federal at Zscaler. "This achievement demonstrates our commitment to secure service members and contractors at the highest data classification levels with zero trust security. This is a critical milestone in our journey to protect data and defend against our adversaries." “We applaud Zscaler for achieving DISA IL5 Provisional Authorization, which will allow them to help accelerate the Defense Departments’ move to zero trust security,” said Sandy Carter, Vice President of Partners and Programs, AWS. “We’re excited to continue to collaborate with Zscaler to help DoD customers securely transfer highly sensitive workloads to AWS GovCloud, where they can take advantage of the cloud’s agility and cost savings.” This authorization builds on recent announcements demonstrating Zscaler’s commitment to supporting the Federal government in their mission to secure digital transformation, including: The DoD’s Defense Innovation Unit (DIU) selected Zscaler to prototype ZPA and ZIA as secure access technologies. The project has the potential to scale to other DoD organizations through a production Other Transaction (OT) agreement. Zscaler successfully completed a Secure Cloud Management (SCM) prototype using Defense Information Systems Agency (DISA)-developed criteria and was issued a success memo by DIU. While the RFP noted vendors must be open to pursuing DOD IL4 certification as part of their roadmap, Zscaler exceeded the requirement by achieving IL5. Zscaler is among a select group of companies chosen by NIST, a national standards body, to run a pilot program in support of the Cybersecurity Executive Order. ZPA achieved FedRAMP-High JAB Authorization. ZIA™ received Authorization to Operate (ATO) at the Moderate Impact level. ZIA™ achieved FedRAMP “In Process” status at the High Impact level, sponsored by a U.S. Department of Defense (DoD) Command. ZIA prioritized for FedRAMP-High JAB Authorization. Zscaler was recognized as the only Leader in the Gartner December 2020 Magic Quadrant for Secure Web Gateways. This is the 10th consecutive year Zscaler has been named a Leader in the Gartner Magic Quadrant for Secure Web Gateways. Zscaler currently supports over 100 federal agencies and federal system integrators, keeping sensitive data secure and employees productive while working from anywhere. Thu, 28 Oct 2021 12:00:00 +0000 press@zscaler.com https://www.zscaler.com/press/zscaler-private-access-achieves-dod-impact-level-5-il5 https://www.zscaler.com/press/zscalers-2021-encrypted-attacks-report-reveals-314-percent-spike-https-threats Key findings Threats over HTTPS have increased more than 314 percent year-over-year, exceeding 250% growth for the second straight year. Attacks on tech companies increased by 2,300 percent year-over-year; attacks on retail and wholesale companies increased by 800 percent. Healthcare and government attacks saw a decrease in attacks year-over-year. The UK, U.S., India, Australia, and France are the top five targets of encrypted attacks. Malware is up 212 percent, and phishing is up 90 percent, whereas cryptomining attacks are down 20 percent. SAN JOSE, October 28, 2021 -- Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced the release of its annual State of Encrypted Attacks Report, which tracked and analyzed over 20 billion threats blocked over HTTPS, a protocol originally designed for secure communication over networks. This year’s study found an increase of more than 314 percent year-over-year across geographical areas that include APAC, Europe, and North America, underscoring the need for a zero trust security model and greater traffic inspection than most companies can achieve with legacy firewall-based security models. Zscaler’s Zero Trust Exchange analyzes more than 190 billion daily transactions, extracting over 300 trillion signals which provides unmatched visibility to enterprise data at scale. ThreatlabZ research team leveraged these large data sets to provide unique insights into security risks posed by encrypted channels across key industries. Seven of the industries in the study experienced higher attack rates from threats in SSL and TLS traffic, while last year’s most-targeted industry, healthcare, saw a decrease of 27 percent since January 2021. Conversely, the technology industry was plagued by threats at a rate much higher than other types of businesses, accounting for 50 percent of attacks. In today’s enterprise, more than 80 percent of internet-bound traffic is encrypted, which means that enterprises face the unique challenge of enforcing consistent security for all of their remote users. Cybercriminals are increasingly sophisticated in their tactics, and they’re using encrypted channels at various stages of malware and ransomware attacks. “Most enterprise IT and security teams recognize this reality but often struggle to implement SSL/TLS inspection policies due to a lack of compute resources and/or privacy concerns,” said Deepen Desai, CISO and VP Security Research and Operations at Zscaler. “As a result, encrypted channels create a significant blind spot in their security postures. Zscaler’s new report on the state of encrypted attacks demonstrates that the most effective way to prevent encrypted attacks is with a scalable, cloud-based proxy architecture to inspect all encrypted traffic, which is essential to a holistic zero trust security strategy.” Cybercrime at an all-time high Between January 2021 and September 2021, Zscaler blocked more than 20 billion threats over HTTPS, increasing more than 314 percent from the previous year. Cybercriminals are getting increasingly savvy with their attacks and have benefited from affiliated networks and malware-as-a-service tools available on the dark web. While cybercriminals can use various attack types to hide in encrypted traffic, malicious content represented a staggering 91 percent of attacks, a 212 percent increase over last year. In contrast, cryptomining malware is down 20 percent, reflecting a broader shift in the attack trends, with ransomware becoming a more lucrative option. Tech industry under siege The report found that attacks on tech, retail, and wholesale companies saw a significant increase in threats. Attacks on technology companies increased by a staggering 2,300 percent, and retail and wholesale saw attacks increase by over 800 percent. As more retailers offer digital shopping options during the 2021 holiday shopping season, cybercriminals are expected to be targeting more ecommerce solutions and digital payment platforms with malware and ransomware attacks. This has been exacerbated by the sudden need to support remote workers with remote connectivity to teleconferencing, SaaS-based apps, and public cloud workloads. Tech companies are also an attractive target due to their role in the supply chain. A successful supply-chain attack like Kaseya and SolarWinds can give attackers access to a trove of user information. Additionally, as the world begins its return to normal, and as businesses and public events are opening up around the globe, many employees are still working in relatively insecure environments. Getting access to critical point-of-sale systems is extremely attractive to cybercriminals as it opens the door to huge profits. Critical services see a decline After being a top target in 2020, attacks on healthcare organizations decreased by 27 percent in 2021. Similarly, attacks on government organizations decreased by 10 percent. Ransomware attacks that targeted critical services, including the Colonial Pipeline attack and the ransomware attack on the Health Services Executive of Ireland, have caught the attention of the highest levels of law enforcement, including the White House, which recently signed an Executive Order to improve the nation's cybersecurity. “After being the two most frequently targeted sectors in 2020, healthcare and government organizations had an immense sense of urgency to revamp their security postures with modern architectures, which are largely based on zero trust. There was also increased government scrutiny and a law enforcement crackdown on cybercriminal groups in response to high-profile attacks against critical services such as Colonial Pipeline,” said Desai. “As a result of these two factors, we have seen a decrease in attacks on healthcare and government organizations this year.” More countries targeted Zscaler ThreatLabz observed attacks in over 200 countries and territories worldwide, including small countries that are not common targets such as islands across the Caribbean. In addition, an increase in work-from-anywhere has led to employees branching out from the usual giant tech hubs like, the San Francisco Bay Area, New York, London, Paris, Sydney. The five most-targeted countries of encrypted attacks include the U.K. (5,446,549,767), U.S. (2,674,879,625), India (2,169,135,553), Australia (1,806,003,182), and France (519,251,819). As a whole, Europe led the way with 7,234,747,361 attacks, with APAC (4,924,732,36) and North America (2,778,360,051) rounding out the top three. Protect your business As organizations shift to support new, digitally enabled working models, it’s increasingly important to ensure that their assets and traffic to those assets are secure. To lower the threat from encrypted attacks, Zscaler ThreatLabz recommends a zero trust security strategy that allows organizations to: Prevent Compromise: Provide consistent security for all users and all locations to ensure everyone has the same level of security all the time, whether they are at home, at headquarters, or abroad. Use a cloud-native, proxy-based architecture to inspect all traffic for every user and decrypt, detect, and prevent threats that may be hiding in HTTPS traffic. Prevent Lateral Movement: Use zero trust architecture with deception to reduce your attack surface and prevent lateral movement by cybercriminals. This type of architecture makes applications invisible to attackers while allowing authorized users to directly access needed resources and not the entire network. Prevent Data Loss: Quarantine unknown attacks or compromised apps in an AI-driven sandbox to stop patient-zero malware and ransomware. Unlike with firewall-based passthrough approaches, this design holds all suspicious content for analysis, ensuring that breach attempts are stopped before they are able to access sensitive systems and steal business-critical information. To download the full report, see the 2021 State of Encrypted Attacks. Methodology The ThreatLabz team evaluated data from the Zscaler security cloud, which monitors over 190 billion transactions daily across the globe. Zscaler blocked over 20.7 billion threats transmitted via encrypted channels over a nine-month window from January 2021 through September 2021. Thu, 28 Oct 2021 12:00:00 +0000 press@zscaler.com https://www.zscaler.com/press/zscalers-2021-encrypted-attacks-report-reveals-314-percent-spike-https-threats https://www.zscaler.com/press/zscaler-joins-crowdstrike-crowdxdr-alliance-announces-new-integrations-extend-zero-trust Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced expanded integrations with CrowdStrike, (NASDAQ: CRWD), a leader in cloud-delivered endpoint and workload protection. The first of the integrations allows Zscaler ZIA™ to leverage CrowdStrike Falcon ZTA (Zero Trust Assessment) device scores for access policy configuration. Together with Zscaler Zscaler ZPA™, joint Zscaler and CrowdStrike customers can now extend zero trust protection to both internal and external applications. Additionally, Humio, a CrowdStrike company, is now able to ingest Zscaler logs, providing customers with the visibility to correlate with EDR telemetry to identify threats, and swiftly take action to mitigate sophisticated attacks. Zscaler will also be participating in the CrowdXDR Alliance to enhance end-to-end visibility and control across domains, with in-depth data analytics and AI-assisted investigation and remediation capabilities. “Our expanded partnership with CrowdStrike is a step forward for businesses that look for enhanced user micro-segmentation and greater control over application or data access,” said Steve House, Senior Vice President of Product Management at Zscaler. “We’re proud to say that collaborating with CrowdStrike has allowed us to integrate our ZPA and ZIA solutions with the CrowdStrike ZTA score, which can be used to deliver new zero trust security features that have greater impact in the work-from-anywhere era.” Cybercriminals are constantly looking for new ways to breach personal and corporate networks. The growing popularity of remote workforces has created a fertile environment for identity theft and double-extortion ransomware attacks. With traditional login and passwords becoming insufficient for application security, more factors such as device posture are becoming essential aspects of defining and protecting the identity of individual users. The new Zscaler integrations allow ZIA customers to use CrowdStrike’s ZTA score as an access control feature to help create a defense-in-depth approach to cross-platform workflows and remotely accessible applications. In addition to the new integrations, Zscaler will join the CrowdStrike CrowdXDR Alliance to help connect siloed security systems that may lack interoperability features needed to protect their hybrid environments against lateral threats. By sharing relevant telemetry across Zscaler and CrowdStrike, customers will be able to further bolster their defenses with advanced detection and response capabilities, maximizing their investment return. Additional new benefits for joint customers include: Greater network visibility: As more organizations continue to deploy work-from-anywhere policies, IT teams require greater visibility into user and application access to maintain cybersecurity. Better app access control: Leveraging the CrowdStrike ZTA device posture, the new integrations use ZIA access control to link application access with a device vector. This provides better policy management of both internal and external applications, reducing risk of exposure. Effective telemetry sharing: CrowdStrike will be able to consume Zscaler telemetry to gain additional visibility across the cloud and network, opening up new capabilities for detection and remediation of threats across domains, such as ransomware and identity theft. “Our expanding integrations with Zscaler continue our commitment to deliver frictionless zero trust to customers from the endpoint to the application. Additionally, we’re excited to welcome Zscaler to the CrowdStrike CrowdXDR ecosystem and are looking forward to working closely together to provide stronger end-to-end visibility for our customers,” said Amol Kulkarni, Chief Product and Engineering Officer, CrowdStrike. “The increase in global ransomware attacks has shown that CrowdStrike’s industry-leading detection, protection and remediation capabilities are required across multiple domains and tools to keep our customers safe and effectively stop breaches anywhere." Zscaler will be discussing its new integrations in a breakout session at this year’s CrowdStrike Fal.Con virtual event, Oct. 12 - 15, 2021. Join Sean Mason, Managing Director of Cyber Defense at United Airlines, in a deep dive into their zero trust cyber defense strategy and their experience with Zscaler and CrowdStrike. More details are available here: United Airlines: Defending Against Ransomware With Zero Trust Security and XDR With Zscaler and CrowdStrike. “As part of United's digital security transformation, we decided to pursue a cloud-first strategy for reducing the attack surface and securing endpoints, with a focus on inspection and control to be able to effectively and quickly respond to threats,” said Sean Mason, Managing Director of Cyber Defense at United. “The CrowdStrike-Zscaler integration has really allowed us to defend United in ways we weren't able to before.” Read more about Zscaler’s expanded integrations with CrowdStrike here. Forward-Looking Statements This press release contains forward-looking statements that involve numerous assumptions, risks and uncertainties, including statements regarding the benefits of Zscaler’s participation in the CrowdXDR Alliance. You should not rely on these forward-looking statements, as actual outcomes and results may differ materially from those anticipated or implied by these forward-looking statements as a result of such assumptions, risks and uncertainties. All forward-looking statements in this press release are based on information available to us as of the date hereof, and we do not assume any obligation to update the forward-looking statements provided to reflect events that occur or circumstances that exist after the date on which they were made. Information on new products, features, and functionality, including our expectations with respect to the development, release and timing thereof, is for informational purposes only and should not be relied upon. Tue, 12 Oct 2021 12:00:00 +0000 press@zscaler.com https://www.zscaler.com/press/zscaler-joins-crowdstrike-crowdxdr-alliance-announces-new-integrations-extend-zero-trust https://www.zscaler.com/press/siemens-and-zscaler-partner-integrated-zero-trust-security-solutions-otit Enables secure, on-demand remote access to OT applications and systems Delivers Zero Trust OT/IT security approach for office and production networks Improves plant uptime and efficiency with secure remote access SAN JOSE, September 22, 2021 -- Siemens and Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, are partnering to enable customers to securely access Operational Technology (OT) systems and applications in the production network from the workplace – whether in the office or working remote. These new capabilities enable users to remotely manage and control quality assurance or diagnoses issues. To ensure that the OT network is not exposed to any increased threat potential, Siemens and Zscaler have expanded the "Defense-in-Depth" OT concept secured by a Zero Trust Architecture. Based on the principle of "least-privilege access", Zero Trust only authorizes application-specific access based on verified user identity and context. In combination with the existing OT security mechanisms, such as cell protection firewalls, this allows implementation of a granular access concept. In addition, production requirements for availability and real-time capabilities continue to be met. This is operationalized by installing the app connector for the cloud-based remote access service Zscaler Private AccessTM (ZPATM) on a Docker container in the Siemens Scalance LPE local processing platform, thus creating an access solution for industrial environments. Centralized management in the Zscaler Zero Trust ExchangeTM cloud platform and the use of outbound connections facilitate more restrictive configuration of existing firewall rules, and the reduction of operating costs for administration and monitoring. Existing legacy systems can also be easily retrofitted with the Zero Trust Exchange solution. This offering is now available to customers worldwide through Zscaler and Siemens. Hanna Hennig, Information Technology CIO at Siemens, explains: "Operators of larger corporate networks are faced with the challenge of carrying out production work remotely with uniform security guidelines for OT and IT. By combining our communication technology with Zscaler technology, we can bring IT's Zero Trust approach directly into the OT environment. We have already successfully tested this approach in some of our own plants." "Today, the protection of companies can no longer be limited to just IT settings. In times of converging IT and OT infrastructures, organizations must also take the security and access requirements of their production surroundings into account," says Deepak Patel, OT Security, Office of CEO at Zscaler. "Together, Siemens and Zscaler are now bringing the benefits of Zero Trust to OT environments, thereby increasing control and protection mechanisms for all technology assets, including in production environments." Context Industrial networks mainly use a protection concept in which the system is subdivided into separate production cells. Each of these cells is individually protected by appropriate measures, such as a cell protection firewall. In office networks, the Zero Trust concept is steadily gaining traction, with all participants, users and devices first having to prove their identity and integrity before communication with a target resource can take place. To learn more about this announcement see https://www.zscaler.com/solutions/secure-remote-access-for-ot-systems. Wed, 22 Sep 2021 12:00:00 +0000 press@zscaler.com https://www.zscaler.com/press/siemens-and-zscaler-partner-integrated-zero-trust-security-solutions-otit https://www.zscaler.com/press/zscaler-appoints-industry-veteran-eileen-naughton-its-board-directors Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced the appointment of Eileen Naughton to its board of directors, increasing the board size to eight. “Eileen’s expertise in fostering company culture for large-scale technology and media organizations will be a valuable asset in helping advance Zscaler’s long-term vision and growth strategy,” said Jay Chaudhry, CEO, chairman and founder, Zscaler. “We are committed to attracting and appointing leaders to Zscaler’s board of directors from varying experiences and diverse backgrounds. Eileen’s unique qualifications will bring in new perspectives and help us achieve our goal to accelerate our customers’ secure digital transformation journey.” Most recently, Ms. Naughton served as the Chief People Officer and Vice President of People Operations at Google, Inc. from 2016 to 2021. Prior to 2016, she served in a variety of senior leadership roles at Google dating back to 2006, including as Vice President and Managing Director for Google UK & Ireland, and Vice President of Global Sales where she established and led Google's first global sales team responsible for a portfolio of the world's largest ad agencies and corporations. Ms. Naughton has also held several executive positions at Time Warner, including president of TIME Magazine. Ms. Naughton is currently a board member of Olive AI and The Center for Discovery, and earlier served on the boards of directors of L’Oreal and The XOGroup. Ms. Naughton holds a Bachelor of Arts in International Relations from the University of Pennsylvania, a Master of Arts from the Lauder Institute, and a Master of Business Administration from the University of Pennsylvania's Wharton School. Tue, 07 Sep 2021 12:00:00 +0000 press@zscaler.com https://www.zscaler.com/press/zscaler-appoints-industry-veteran-eileen-naughton-its-board-directors https://www.zscaler.com/press/schmitz-cargobull-selects-zscaler-secure-its-cloud-only-strategy Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced Schmitz Cargobull AG has selected the Zscaler™ Zero Trust Exchange™ platform to protect users, applications, and workloads for 5,800 employees at 50 locations worldwide. The leading global manufacturer of semi-trailers, trailers, and motor vehicle bodies for temperature-controlled freight will combine Zscaler Internet Access™ (ZIA™) and Zscaler Private Access™ (ZPA™) to create a holistic, high-performance zero trust security environment to power a cloud-only, work-from-anywhere (WFA) business model. Schmitz Cargobull is deploying Zscaler as the foundation of its overall digitalization and transformation initiative to modernize the company’s IT security infrastructure by migrating it to the cloud. ZIA is providing secure access to the internet for all staff while ZPA will be supplying VPN-free secure access to internal apps for the company’s mobile employees who work remotely. With Zscaler, Schmitz Cargobull gains a multilayered security approach and encrypted traffic inspection to protect against fast-moving threats. The deployment also furnishes a least privileged access model, which uses policies and identities to control and secure the company’s IT environment. This ensures users can only access the applications they need, while automatically achieving network microsegmentation for shrinking Schmitz Cargobull’s attack surface. Further, Zscaler’s more than 150 globally distributed data centers put the company’s workers in proximity to Zscaler points of presence (POP) for reduced latency and enhanced performance. “It’s critical to provide our employees with a secure and highly available working environment by guaranteeing them secure access to applications in the cloud and the internet at all times, while reducing our exposure,” said Michael Schöller, Head of Infrastructure at Schmitz Cargobull AG. “This includes always-on access to our business-critical ERP system, which previously was jeopardized by access failures. To do all of this, we rely on a multilayered approach, which increases security.” In addition, adopting the Zero Trust Exchange platform enables Schmitz Cargobull to replace its existing decentralized, manually-administered security systems with a highly integrated zero trust solution that automatically applies up to 200,000 security updates daily, saving on resources and costs. “As we wanted to reduce the use of maintenance-intensive appliances in the course of our digitalization, only a cloud-native solution was right for us,” Schöller said. By using ZPA instead of hardware-based VPNs, Schmitz Cargobull ensures its private applications are never exposed to the internet, making them completely invisible to unauthorized users. This not only improves the company’s security posture but also enables it to extend access to external users for greater business agility and a more secure supply chain. “Reducing VPN appliances, which have recently made headlines for vulnerabilities, will allow us to increase the availability of our supply chain and access for our consultants,” Schöller said. “Zscaler will keep our infrastructure hidden from attackers while making us more secure than we were before.” Mon, 16 Aug 2021 12:00:00 +0000 press@zscaler.com https://www.zscaler.com/press/schmitz-cargobull-selects-zscaler-secure-its-cloud-only-strategy https://www.zscaler.com/press/zscaler-study-confirms-iot-devices-major-source-security-compromise-reinforces-need-zero Key Findings Technology, manufacturing, retail, and healthcare industries accounted for 98 percent of IoT malware attack victims Entertainment and home automation devices, including virtual assistants, pose the most risk Most IoT attacks originated in China, the United States, and India The top three nations victimized by IoT attacks were Ireland, the US, and China Gafgyt and Mirai malware families accounted for 97 percent of the IoT malware SAN JOSE, Calif. – July 15, 2021 – Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today released a new study examining the state of IoT devices left on corporate networks during a time when businesses were forced to move to a remote working environment. The new report, “IoT in the Enterprise: Empty Office Edition,” analyzed over 575 million device transactions and 300,000 IoT-specific malware attacks blocked by Zscaler over the course of two weeks in December 2020 – a 700% increase when compared to pre-pandemic findings. These attacks targeted 553 different device types, including printers, digital signage and smart TVs, all connected to and communicating with corporate IT networks while many employees were working remotely during the COVID-19 pandemic. The ZscalerTM ThreatLabz research team identified the most vulnerable IoT devices, most common attack origins and destinations, and the malware families responsible for the majority of malicious traffic to better help enterprises protect their valuable data. “For more than a year, most corporate offices have stood mostly abandoned as employees continued to work remotely during the COVID-19 pandemic. However, our service teams noted that despite a lack of employees, enterprise networks were still buzzing with IoT activity,” said Deepen Desai, CISO of Zscaler. “The volume and variety of IoT devices connected to corporate networks is vast and includes everything from musical lamps to IP cameras. Our team saw 76 percent of these devices still communicating on unencrypted plain text channels, meaning that a majority of IoT transactions pose great risk to the business.” What Devices are Most at Risk? Out of over half a billion IoT device transactions, Zscaler identified 553 different devices from 212 manufacturers, 65 percent of which fell into three categories: set-top boxes (29 percent), smart TVs (20 percent), and smartwatches (15 percent). The home entertainment & automation category had the greatest variety of unique devices but they accounted for the least number of transactions when compared to manufacturing, enterprise, and healthcare devices. Most traffic instead came from devices in manufacturing and retail industries – 59 percent of all transactions were from devices in this sector and included 3D printers, geolocation trackers, automotive multimedia systems, data collection terminals like barcode readers, and payment terminals. Enterprise devices were the second most common, accounting for 28 percent of transactions, and healthcare devices followed at nearly 8 percent of traffic. ThreatLabz also discovered a number of unexpected devices connecting to the cloud, including smart refrigerators and musical lamps that were still sending traffic through corporate networks. Who’s Responsible? The ThreatLabz team also looked closely at activities specific to IoT malware tracked in the Zscaler cloud. Volume-wise, a total of 18,000 unique hosts and roughly 900 unique payload deliveries were observed in a 15-day timeframe. Malware families Gafgyt and Mirai were the two most common families encountered by ThreatLabz, accounting for 97 percent of the 900 unique payloads. These two families are known for hijacking devices to create botnets - large networks of private computers that can be controlled as a group to spread malware, overload infrastructure, or send spam. Who is Being Targeted? The top three nations targeted by IoT attacks were Ireland (48 percent), the United States (32 percent), and China (14 percent). The majority of compromised IoT devices, nearly 90 percent, were observed sending data back to servers in one of three countries: China (56 percent), the United States (19 percent), or India (14 percent). How can Organizations Protect Themselves? As the list of “smart” devices out in the world grows on a daily basis, it’s almost impossible to keep them from entering your organization. Rather than trying to eliminate shadow IT, IT teams should enact access policies that keep these devices from serving as open doors to the most sensitive business data and applications. These policies and strategies can be employed whether or not IT teams (or other employees) are on-premises. ThreatLabz recommends the following tips to mitigate the threat of IoT malware, both on managed and BYOD devices: Gain visibility into all your network devices. Deploy solutions able to review and analyze network logs to understand all devices communicating across your network and what they do. Change all default passwords. Password control may not always be possible, but a basic first step for deploying corporate-owned IoT devices should be to update passwords and deploy two-factor authentication. Update and patch regularly. Many industries—particularly manufacturing and healthcare—rely on IoT devices for their day-to-day workflows. Make sure you stay apprised of any new vulnerabilities that are discovered, and that you keep device security up-to-date with the latest patches. Implement a zero trust security architecture. Enforce strict policies for your corporate assets so that users and devices can access only what they need, and only after authentication. Restrict communication to relevant IPs, ASNs, and ports needed for external access. Unsanctioned IoT devices that require internet access should go through traffic inspection and be blocked from all corporate data, ideally through a proxy. The only way to stop shadow IoT devices from posing a threat to corporate networks is to eliminate implicit-trust policies and tightly control access to sensitive data using dynamic identity-based authentication - also known as zero trust. About Zscaler ThreatLabz The Zscaler ThreatLabz research team consists of security experts, researchers, and network engineers responsible for analyzing and eliminating threats across the Zscaler security cloud and investigating the global threat landscape. The team shares its research and cloud data with the industry at large to help promote a safer internet. All data presented in this report is sourced directly from the Zscaler platform, which facilitates over 160 billion transactions daily. The data for this report was collected between December 15th and December 31, 2020, and only represents devices and attacks on corporate networks in physical office locations. ThreatLabz observed approximately 300,000 blocked transactions related to IoT malware, exploits, and command-and-control communications, including a total of 18,000 unique hosts and roughly 900 unique payload deliveries in this 15-day timeframe. For more information, including access to the full report, please see “IoT in the Enterprise: Empty Office Edition.” Thu, 15 Jul 2021 12:00:00 +0000 press@zscaler.com https://www.zscaler.com/press/zscaler-study-confirms-iot-devices-major-source-security-compromise-reinforces-need-zero https://www.zscaler.com/press/zscaler-2021-exposed-report-reveals-corporate-and-cloud-infrastructures-more-risk-ever Key Findings The report analyzed the attack surface of 1,500 companies, uncovering more than 202,000 Common Vulnerabilities and Exposures (CVEs), 49% of those being classified as “Critical” or “High” severity The report found nearly 400,000 servers exposed and discoverable over the internet for these 1,500 companies, with 47% of supported protocols being outdated and vulnerable Public clouds posed a particular risk of exposure, with over 60,500 exposed instances across Amazon Web Services (AWS), Microsoft Azure Cloud, and Google Cloud Platform (GCP) ZENITH LIVE – Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced the release of “Exposed”, the industry’s first global report on the state of corporate attack surfaces. Based on data sourced between February 2020 and April 2021, the report provides a first-ever look at the impact of attack surface exposure during the COVID-19 pandemic. In the report, Zscaler notes that as businesses began offering more remote work options, their attack surfaces grew concurrently with their dispersed workforce. Coupled with increased reliance on public cloud services and vulnerable enterprise VPNs, large organizations not using zero trust security became more vulnerable to network intrusion attacks. “Exposed” identifies the most common attack surface trends by geography and company size while spotlighting the industries most vulnerable to public cloud exposure, malware, ransomware, and data breaches. “The sheer amount of information that is being shared today is concerning because it is all essentially an attack surface,” said Nathan Howe, Vice President, Emerging Technology at Zscaler. “Anything that can be accessed can be exploited by unauthorized or malicious users, creating new risks for businesses that don’t have complete awareness and control of their network exposure. Our goal with this report is to provide a view of what the internet sees of a company’s information landscape and offer useful tips on how to mitigate risk. By understanding their individual attack surfaces and deploying appropriate security measures, including zero trust architecture, companies can better protect their application infrastructure from recurring vulnerabilities that allow attackers to steal data, sabotage systems, or hold networks hostage for ransom.” While attack surface vulnerabilities impact organizations of all sizes, major international companies with more than 20,000 employees are more vulnerable due to their distributed workforce, infrastructure, and greater number of applications that need to be managed. To better understand the scale of the problem, Zscaler analyzed organizations in all geographies, partitioning the findings from 53 countries into three regions for ease of understanding - the Americas, EMEA, and APAC. EMEA at Risk The report found that while 59 percent of surveyed organizations were based in the Americas, the EMEA region led the world in overall exposure and potential risk, with 164 CVE vulnerabilities. EMEA-based businesses had the most exposed servers, with an average of 283 exposed servers and 52 exposed public cloud instances each. They were also more likely to support outdated SSL/TLS protocols and had greater risk of CVE vulnerabilities on average. The EMEA region was followed by the Americas, with 132 CVE’s (20 percent lower than EMEA), and APAC, with an average of 80 CVE possible vulnerabilities (51 percent lower than EMEA). While the report demonstrated that EMEA businesses had the most online exposure, all regions showed vulnerabilities, making it critical for IT teams to adopt best practices, including zero trust security, to minimize the attack surface and eliminate exposure no matter where they are based. Top Exposed Industries In addition to presenting geographic data, the report tracked corporate attack surfaces by industry, pinpointing the types of organizations most likely to be targeted by cybercriminals. The report analyzed a diverse group of companies, spanning 23 different industries, and found that telecommunications organizations were the most vulnerable and had the highest average number of outdated protocols in their servers. Telecom companies had the third highest average of exposed servers to the internet, increasing the risk of being targeted by cybercriminals for DDoS and double extortion ransomware attacks. The report also showed that the hospitality industry - including restaurants, bars, and food service vendors - had the highest average of exposed servers and public cloud instances; with AWS instances exposed 2.9 times more often than any other cloud providers. With the COVID-19 pandemic pushing many restaurants to offer online ordering, the rapid adoption of digital payment systems has increased risks for both businesses and customers. Three Steps to Reduce an Attack Surface With the number of cyberattacks increasing daily, business IT teams must minimize their attack surface as part of an overall organizational security policy. Without comprehensive security measures, such as a zero-trust model, digital transformation initiatives and cloud migration efforts can also create new vectors of attack and threaten business continuity, professional reputation, and employee safety. Although no approach will be completely effective, Zscaler recommends the following tips for minimizing corporate network risks: Get visibility into your risk of exposure: Knowing your visible attack surface is key to effective risk mitigation. As more and more applications move to the cloud, it becomes mission-critical to be aware of entry points that are exposed to the internet. Remember, you can’t attack what you can’t see. Recognize the failings of VPNs and firewalls: In the age of cloud and mobility, these perimeter-based technologies significantly increase your attack surface. Stay current with the latest updates to the CVE database. Be sure to remove support for older TLS versions from servers to reduce risk. Make apps invisible to threats with Zero Trust: Applications protected behind the Zscaler Zero Trust Exchange™ are not visible or discoverable, thus removing an attack surface. The Zero Trust Exchange helps IT security teams ensure that no entity (user or application) is inherently trusted, while helping improve user productivity, mitigate risk, increase business agility and reduce cost and complexity. To discover your attack surface before threat actors do, try the free Zscaler attack surface analysis tool here. For more information, including access to the full report, please see “Exposed”: The world’s first report to reveal how exposed corporate networks really are. Lisa Lorenzin, Senior Director of Transformation Strategy at Zscaler, will be discussing the “Exposed” research results and the tool used to complete the attack surface analysis in an upcoming Zenith Live 2021 session: Secure Access to Private Apps: The Cornerstone to your Zero Trust Journey; scheduled for June 15, 2021, at 11:30am PT. Tue, 15 Jun 2021 12:00:00 +0000 press@zscaler.com https://www.zscaler.com/press/zscaler-2021-exposed-report-reveals-corporate-and-cloud-infrastructures-more-risk-ever https://www.zscaler.com/press/zscaler-and-servicenow-integrate-offer-enterprise-cloud-data-control-and-fast-threat Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced new integrations with ServiceNow, the leading digital workflow company, enabling advanced visibility, access control, and data security for optimized cloud data protection and security incident response. These enhancements allow customers to further benefit from their zero trust architectures by gaining complete control of sensitive cloud-based data and fast threat detection and response as they accelerate their secure digital transformation journey. The new offering provides native ingestion of Zscaler™’s leading cloud security threat intelligence in order to accelerate threat investigation and response workflows for cloud-first organizations. This integration simplifies operations for security teams with the ability to easily view actionable data using a single console, reducing the need to pivot across disjointed management tools for point products. With Zscaler Data Protection integrations, customers’ can improve data protection and compliance on the ServiceNow Now Platform. By allowing Zscaler to control authentication, remote and unmanaged devices can be easily restricted from accessing ServiceNow’s platform and data. Devices can only access ServiceNow through Zscaler, whereby security policies and access control to sensitive data can be enforced. “The migration of applications and data to the cloud is driving network transformation,” said Amit Sinha, president, CTO, board member at Zscaler. “Simultaneously, organizations are shifting to a hybrid workforce where work from anywhere is quickly becoming the norm, requiring a completely new approach to security, built on zero trust. Zscaler ensures that only authenticated users and secure devices can access ServiceNow, based on business policies and without putting them on the same network. By sharing threat intelligence and leveraging context based access controls, Zscaler and ServiceNow can reduce business risk, simplify compliance and improve work from anywhere user experience.” By combining the power of Zscaler and ServiceNow, joint customers can improve data protection and compliance, while streamlining incident response: Restore Data Protection & Compliance: Businesses can improve data visibility and help prevent exfiltration by scanning designated ServiceNow instances for sensitive data and violations in order to be able to quickly understand how data is being used and who is accessing it. Securely enable Work From Anywhere: Risky unmanaged and BYOD devices are prevented from accessing the Now Platform and the sensitive data that resides in it, enabling a secure work-from-anywhere experience across secure managed devices only. Streamline Incident Response: The addition of Zscaler Threat intelligence to incident response workflows within the ServiceNow Security Incident Response Security Orchestration, Automation, and Response (SOAR) solution allows IT leaders to respond more quickly to emerging threats and gain better fidelity across emerging incidents. Additionally, ServiceNow can automate the addition of new malicious domains and URLs into Zscaler Internet Access to immediately contain a threat. “As modern companies race to digitize, rapid technology and data growth have made data privacy and security a board-level concern,” said Pablo Stern, SVP of IT Workflow Products at ServiceNow. “ServiceNow’s workflows create an enterprise-wide fabric that help ensure the resilience and agility of a company’s digital landscape. The Zscaler collaboration extends our workflows to help customers investigate and mitigate security issues that can disrupt business and tarnish brands.” All Zscaler integrations with ServiceNow are generally available today. For more information visit zscaler.com/servicenow. To hear more from Zscaler and ServiceNow, register for Zenith Live 2021, Zscaler’s virtual event happening June 15th. Forward-Looking Statements This press release contains forward-looking statements that involve risks and uncertainties, including statements regarding benefits customers may receive from Zscaler’s and ServiceNow’s integrations. A significant number of factors could cause actual results to differ materially from statements made in this press release. Risks and uncertainties are set forth in our filings made with the Securities and Exchange Commission (“SEC”), which are available on our website at ir.zscaler.com and on the SEC's website at www.sec.gov. All forward-looking statements in this press release are based on information available to us as of the date hereof, and we do not assume any obligation to update the forward-looking statements provided to reflect events that occur or circumstances that exist after the date on which they were made. Thu, 10 Jun 2021 12:00:00 +0000 press@zscaler.com https://www.zscaler.com/press/zscaler-and-servicenow-integrate-offer-enterprise-cloud-data-control-and-fast-threat https://www.zscaler.com/press/zscaler-acquire-smokescreen-enhance-zscaler-zero-trust-exchange-advanced-active-defense Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced that it has entered into a definitive agreement to acquire Smokescreen Technologies, a leader in active defense and deception technology. Smokescreen's cutting edge capabilities will be integrated into the Zscaler Zero Trust Exchange™, further building upon Zscaler’s ability to precisely detect the most sophisticated, highly targeted attacks, ransomware, and lateral movement attempts. Additionally, Smokescreen will help provide rich threat intelligence and telemetry for the Zscaler team to proactively hunt for emerging adversary tactics and techniques. The transaction is subject to standard closing conditions and is expected to close during Zscaler’s fiscal fourth quarter ending July 31, 2021. In contrast to traditional reactive security measures, active defense uses proactive tactics to thwart the most advanced attackers with high-confidence detections across the lifecycle of an attack. It allows businesses to rebalance the defensive equation in their favor; identifying intrusions before attackers compromise vital company data and resources. Smokescreen is fully aligned with MITRE Shield, a framework for organizations to apply active defense effectively in their security operations workflows. “Today’s most sophisticated cyberthreats, like the recent Colonial Pipeline ransomware attack, require immediate, high-confidence detections to drive effective response,” said Jay Chaudhry, CEO, chairman and founder, Zscaler, Inc. “Zscaler is proud to be the industry’s first security vendor to extend a zero trust architecture with integrated active defense and deception capabilities. With the addition of Smokescreen to our Zero Trust Exchange, our customers will be able to change the economics of cyberattacks by making them far more costly, complex and difficult for the adversary both before and during their attempted intrusions. I am pleased to welcome the Smokescreen team to the Zscaler family, and I look forward to our continued innovations in cybersecurity.” “Alert volume has never been higher. Security teams can’t separate the signal from the noise to take a proactive stance against the most stealthy attackers,” said Sahir Hidayatullah, CEO at Smokescreen. “As analysts lose time chasing ghosts, the role of active defense has never been more critical. By taking the fight to the attacker, leading them down false paths with decoys deployed across networks, endpoints, and applications, and gathering the highest-fidelity security telemetry, we can dramatically speed up threat hunting and containment. We are thrilled to join Zscaler and look forward to integrating our technology into the world’s leading zero trust platform.” Forward-Looking Statements This press release contains forward-looking statements that are based on our management's beliefs and assumptions and on information currently available to our management. These forward-looking statements include our intention to acquire Smokescreen Technologies, the timing of when the acquisition will be completed and the expected benefits of the acquisition to Zscaler’s product offerings and to our customers. These forward-looking statements are subject to the safe harbor provisions created by the Private Securities Litigation Reform Act of 1995. A significant number of factors could cause actual results to differ materially from statements made in this press release, including those factors related to our ability to successfully integrate Smokescreen technology into our cloud platform and our ability to retain key employees of Trustdome after the acquisition. Additional risks and uncertainties are set forth our most recent Quarterly Report on Form 10-Q filed with the Securities and Exchange Commission (“SEC”) on March 4, 2021, which is available on our website at ir.zscaler.com and on the SEC's website at www.sec.gov. Any forward-looking statements in this release are based on the limited information currently available to Zscaler as of the date hereof, which is subject to change, and Zscaler will not necessarily update the information, even if new information becomes available in the future. Tue, 25 May 2021 12:00:00 +0000 press@zscaler.com https://www.zscaler.com/press/zscaler-acquire-smokescreen-enhance-zscaler-zero-trust-exchange-advanced-active-defense https://www.zscaler.com/press/zscaler-goes-full-cloud-ahead-zenith-live-2021 SAN JOSE, Calif., May 24, 2021 -- Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced that virtual Zenith Live 2021 is happening June 15-16 in the Americas, June 16-17 in Europe, and June 22-23 in Asia Pacific. The event includes leading IT executives and security experts from Fortune 500 enterprises and large multinational organizations who have led secure digital transformation efforts using a zero trust model. Additionally, Zenith Live’s immersive “Full Cloud Ahead” experience will provide attendees one-of-a-kind illuminating keynotes, breakout sessions and workshops to help organizations implement zero trust architectures, accelerate digital transformation, and advance their cybersecurity prowess. “The cloud and mobility have accelerated digital transformation, which is driving tremendous speed and efficiency gains in the way businesses exchange information, collaborate and innovate, but it also exposes digital businesses to new cyber threats,” said Chris Kozup, Chief Marketing Officer at Zscaler. “At Zenith Live, attendees will have the opportunity to choose from more than 50 cybersecurity training sessions, learn about new security innovations from Zscaler, and hear how the world’s largest organizations are enabling zero trust to achieve their business transformation goals. I look forward to welcoming existing and future customers to Zenith Live 2021.” Headlining the event are IT executives from the world's leading brands: Alain Delava, CISO, ENGIE Andrew Baker, CTO, Absa Group Bruce Lee, CTO & SVP, Centene Claude Pierre, Deputy CIO, ENGIE Craig Williams, SVP & CIO, Ciena Eduardo GRILO, Director of Technology, International & Operations, Richemont International Frank Nazzaro, CIO, Freddie Mac Gülay Stelzmüllner, Global Head of AGN International Project Management, Allianz Technologies Hanna Hennig, CIO, Siemens Karl Hoods, Chief Digital Information Officer, Department for Business, Energy & Industrial Strategy Kuldip Mohanty, CIO, Hub International Nicole Darden Ford, VP and CISO, Carrier Petek Ergul, Global Head of Telecommunications Services, HSBC Rasik Vekaria, VP of Security Architecture, BP Rex Thexton, Senior Managing Director, Accenture Sebastian Kemi, CTO, Sandvik Thomas Vavra, Manager Communication Networks, Mondi Group Programming will also feature inspirational and motivational speakers who will share their unique personal stories: Arnav Kapur, Researcher, MIT Media Lab Ben Mezrich, New York Times Best-Selling Author J.B. Wood, President and CEO, TSIA J.R. Martinez, Actor, Best-Selling Author, Wounded U.S. Army Veteran Shivvy Jervis, Four-time award-winning Forecaster, Broadcaster, and Top 10 Asian Founders 2020 At Zenith Live, attendees will learn about innovating trends during keynotes, panel discussions, and fireside chats with industry leaders. The Zenith Live 2021 program also includes: Over 50 breakout sessions Architecture Workshops Women in IT Exchange Live Q&A/Demos Partner Summit The annual customer event comes on the heels of Zscaler being recognized at Microsoft’s 20/20 Partner Awards ceremony as the Zero Trust Champion of the Year. This award validates Zscaler’s forward-looking vision and the significant innovation behind its zero trust architecture. In a joint session, ‘Zscaler + Microsoft: Strategies & Technologies for Practical Zero Trust’ at Zenith Live, Zscaler and Microsoft experts will discuss actionable cloud-based zero trust solutions and crucial strategies to stay ahead of today’s most advanced threats. Zscaler will be supporting three charities at this year's Zenith Live 2021 including, The Global Food Banking Network, Rise Up Together, and Tech for All. To register for the free event and secure a spot, see https://www.zscaler.com/zenithlive. Mon, 24 May 2021 12:00:00 +0000 press@zscaler.com https://www.zscaler.com/press/zscaler-goes-full-cloud-ahead-zenith-live-2021 https://www.zscaler.com/press/zscaler-ransomware-report-reveals-sophisticated-double-extortion-attacks-are-targeting SAN JOSE, Calif. – May 13, 2021 – Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced its new Ransomware Report featuring analysis of key ransomware trends and details about the most prolific ransomware actors, their attack tactics and the most vulnerable industries being targeted. The Zscaler™ ThreatLabz embedded research team analyzed over 150 billion platform transactions and 36.5 billion blocked attacks between November 2019 and January 2021 to identify emerging ransomware variants, their origins, and how to stop them. The report also outlines a growing risk from “double-extortion” attacks, which are being increasingly used by cybercriminals to disrupt businesses and hold data hostage for ransom. “Over the last few years, the ransomware threat has become increasingly dangerous, with new methods like double extortion and DDoS attacks making it easy for cybercriminals to sabotage organizations and do long-term damage to their reputation,” said Deepen Desai, CISO and VP of Security Research at Zscaler. “Our team expects ransomware attacks to become increasingly targeted in nature where the cybercriminals hit organizations with a higher likelihood of ransom payout. We analyzed recent ransomware attacks where cybercriminals had the knowledge of things like the victim's cyber insurance coverage as well as critical supply-chain vendors bringing them in the crosshairs of these attacks. As such, it is critical for businesses to better understand the risk ransomware represents and take proper precautions to avoid an attack. Always patch vulnerabilities, educate employees on spotting suspicious emails, back up data regularly, implement data loss prevention strategy, and use zero trust architecture to minimize the attack surface and prevent lateral movement.” According to the World Economic Forum 2020 Global Risk Report, ransomware was the third most common, and second most damaging type of malware attack recorded in 2020. With payouts averaging $1.45M per incident, it's not difficult to see why cybercriminals are increasingly flocking to this new style of high-tech extortion. As the rewards that result from this type of crime increase, risks to government entities, company bottom lines, reputation, data integrity, customer confidence, and business continuity also grow. Zscaler’s research supports the narrative recently established by the U.S. federal government, which classifies ransomware a national security threat; underscoring the need to prioritize mitigation and contingency measures when protecting against these ongoing threats. Double-Extortion - the New Preferred Method In late 2019, ThreatLabz noticed a growing preference for “double-extortion” attacks in some of the more active and impactful ransomware families. These attacks are defined by a combination of unwanted encryption of sensitive data by malicious actors and exfiltration of the most consequential files to hold for ransom. Affected organizations, even if they are able to recover the data from backups, are then threatened with public exposure of their stolen data by criminal groups demanding ransom. In late 2020, the team noticed that this tactic was further augmented with synchronized DDoS attacks, overloading victim’s websites and putting additional pressure on organizations to cooperate. According to Zscaler ThreatLabZ, many different industries have been targeted over the past two years by double-extortion ransomware attacks. The most targeted industries include the following: Manufacturing (12.7%) Services (8.9%) Transportation (8.8%) Retail & wholesale (8.3%) Technology (8%) Percentage of ransomware attacks involving double extortion observed between November 2019 and January 2021 Most Active in Ransomware Over the last year, ThreatLabz has identified seven “families” of ransomware that were encountered more often than others. The report discusses the origins and tactics of the following top five highly active groups: Maze/Egregor: Originally encountered in May 2019, Maze was the ransomware most commonly used for double-extortion attacks (accounting for 273 incidents) until it seemingly ceased operations in November 2020. Attackers used spam email campaigns, exploit kits such as Fallout and Spelevo, and hacked RDP services to gain access to systems and successfully collected large ransoms after encrypting and stealing files from IT and technology companies. The top three industries Maze targeted were high-tech (11.9%) manufacturing (10.7%), and services (9.6%). Mase notably pledged to not target healthcare companies during the COVID-19 pandemic. Conti: First spotted in February 2020 and the second most common attack family accounting for 190 attacks, Conti shares code with the Ryuk ransomware and appears to be its successor. Conti uses the Windows restart manager API before encrypting files, allowing it to encrypt more files as part of its double-extortion approach. Victims that won’t or are unable to pay the ransom have their data regularly published on the Conti data leak website. The top three industries most impacted are manufacturing (12.4%), services (9.6%), and transportation services (9.0%). Doppelpaymer: First noticed in July 2019 and 153 documented attacks, Doppelpaymer targets a range of industries and often demands large payouts - in the six and seven figures. Initially infecting machines with a spam email that contains either a malicious link or malicious attachment, Doppelpaymer then downloads Emotet and Dridex malware into infected systems. Doppelpaymer’s top three most targeted organizations were manufacturing (15.1%), retail & wholesale (9.9%) and government (8.6%). Sodinokibi: Also known as REvil and Sodin, Sodinokibi was first spotted in April 2019, and has been encountered with increasing frequency with 125 attacks. Similar to Maze, Sodinokibi uses spam emails, exploit kits, and compromised RDP accounts, as well as frequently exploiting vulnerabilities in Oracle WebLogic. Sodinokibi started using double-extortion tactics in January 2020 and had the greatest impact on transportation (11.4%), manufacturing (11.4%), and retail/wholesale (10.6%). DarkSide: DarkSide was first spotted in August 2020 after putting out a press release advertising its services. Using a “Ransomware-as-a-Service” model, DarkSide deploys double-extortion methods to steal and encrypt information. The group is public about its targeting manifesto, writing that it does not attack healthcare organizations, funeral services, education facilities, non-profit organizations, or government entities on its website. Instead, the primary targets of choice are services (16.7%), manufacturing (13.9%) and transportation services (13.9%). Similar to Conti, those that cannot pay the ransom have their data published on the DarkSide leak website. The full Zscaler ransomware review is now available to the general public. Please see “ThreatLabZ Ransomware Review: The Advent of Double Extortion” for more information. To hear more from the ThreatLabZ team about ransomware join the “Advances in Ransomware” session at Zenith Live, Zscaler’s virtual event happening June 15th. Register for free today. Thu, 13 May 2021 12:00:00 +0000 press@zscaler.com https://www.zscaler.com/press/zscaler-ransomware-report-reveals-sophisticated-double-extortion-attacks-are-targeting