https://www.zscaler.com/press/feeds Press releases and announcements, featuring Zscaler. Thu, 15 May 2025 09:22:58 GMT https://validator.w3.org/feed/docs/rss2.html RSS 2.0, JSON Feed 1.0, and Atom 1.0 generator for Node.js en https://www.zscaler.com/press/zscaler-threatlabz-uncovers-surge-ai-driven-cyberattacks-targeting-critical-business https://www.zscaler.com/press/zscaler-threatlabz-uncovers-surge-ai-driven-cyberattacks-targeting-critical-business Thu, 24 Apr 2025 12:00:00 GMT Key Findings:Global phishing is down 20%, but attackers are striking deeper, not wider—targeting IT, HR, finance, and payroll teams with high-impact campaigns.Telegram, Steam, and Facebook are top platforms for phishing – used for both impersonation and malware delivery.Tech support and job scams increase with 159M+ hits in 2024, preying on users across social platforms.Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today published its Zscaler ThreatLabz 2025 Phishing Report, analyzing over two billion blocked phishing attempts between January and December 2024 captured by the Zscaler Zero Trust Exchange™, the world’s largest cloud security platform. The annual report exposes how cybercriminals are using Generative AI to launch surgical, targeted attacks against high-impact business functions – and why a Zero Trust + AI defense strategy is mission critical. The report uncovers a shift from high-volume email blasts to targeted, AI-fueled attacks designed to evade defenses and exploit human behavior. It also offers actionable insight to help organizations defend against this evolving threat landscape.“The phishing game has changed. Attackers are using GenAI to create near-flawless lures and even outsmart AI-based defenses,” said Deepen Desai, CSO and Head of Security Research, Zscaler. “Cybercriminals are weaponizing AI to evade detection and manipulate victims, which means organizations must leverage equally advanced AI-powered defenses to outpace these emerging threats. Our research reinforces the importance of adopting a proactive, multi-layered approach—combining robust zero trust architecture with advanced AI-driven phishing prevention—to effectively combat the rapidly evolving threat landscape.”Emerging markets see a surge in phishing activityWhile phishing dropped overall by 20% globally and by nearly 32% in the U.S., due in part to rising email authentication standards, attackers transitioned just as fast, launching more attacks on emerging markets like Brazil, Hong Kong, and the Netherlands, often where digital adoption outpaces security investment. Established targets like India, Germany, and the UK remain under sustained pressure, as threat actors adapt to local patterns and seasonal trends.Community platforms fuel phishing growthPhishing campaigns are increasingly abusing community-based platforms like Facebook, Telegram, Steam, and Instagram – not only spoofing their brands, but using them to distribute malware, mask C2 communications, gather target intel, and carry out social engineering attacks. Meanwhile, tech support scams, where attackers pose as IT support teams to exploit urgency and safety concerns of victims, remain widespread with 159,148,766 hits in 2024.Threat actors capitalize on AI: Phishing-as-a-Service and AI deception on the riseCybercriminals are using GenAI to scale attacks, generate fake websites, and craft deepfake voice, video, and text for social engineering. New scams mimic AI tools – such as resume generators and design platforms – tricking users into handing over credentials or payment data. Critical departments like payroll, finance, and HR are prime targets, along with executives – as they hold the keys to sensitive systems, information, and processes, and can more easily approve fraudulent payments.Cybercriminals are also creating fake “AI assistant” or “AI agent” websites, falsely offering services such as resume generation, graphic design, workflow automation, and more. As AI tools become increasingly integrated into daily life, attackers are capitalizing on the ease of use and trust around AI to drive unsuspecting users to fraudulent sites.Zscaler can help: Defending against AI threats with Zero Trust everywhere + AIAs cybercriminals continue to use GenAI to develop new tactics and deliver more sophisticated attacks, enterprises need to strengthen their defenses against every type of compromise.The Zscaler Zero Trust Exchange protects users, applications, and data across all phases of the attack chain by:Minimizing the attack surfacePreventing initial compromiseEliminating lateral movementShutting down insider threats Stopping data lossZscaler AI-powered offerings add advanced protection by securing public AI use, shielding private AI models, and detecting AI-generated threats.Download the ReportGet the full ThreatLabz 2025 Phishing Report to explore emerging trends and attack vectors. Learn why a Zero Trust + AI approach is critical to staying ahead of today’s phishing threats. Download today.Research MethodologyZscaler ThreatLabz analyzed 2 billion blocked phishing transactions between January–December 2024, exploring various aspects including the top phishing attacks, targeted countries, hosting countries for phishing content, distribution of company types based on server IP addresses, and the top referrers linked to these phishing attacks. Additionally, ThreatLabz tracked and examined notable phishing trends and use cases observed throughout 2024.About ThreatLabzThreatLabz is the security research arm of Zscaler. This world-class team is responsible for hunting new threats and ensuring that the thousands of organizations using the global Zscaler platform are always protected. In addition to malware research and behavioral analysis, team members are involved in the research and development of new prototype modules for advanced threat protection on the Zscaler platform, and regularly conduct internal security audits to ensure that Zscaler products and infrastructure meet security compliance standards. ThreatLabz regularly publishes in-depth analyses of new and emerging threats on its portal, research.zscaler.com. press@zscaler.com (zscaler.com) https://www.zscaler.com/press/zscaler-listed-aws-icmp-us-federal-government https://www.zscaler.com/press/zscaler-listed-aws-icmp-us-federal-government Thu, 24 Apr 2025 12:00:00 GMT Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced that it listed its solutions in the AWS Marketplace for the U.S. Intelligence Community (ICMP). The ICMP is a curated digital catalog from Amazon Web Services (AWS) that makes it easy to discover, purchase, and deploy software packages and applications from vendors that specialize in supporting government customers.Zscaler delivers secure cloud modernization for the federal government through its zero trust solutions in the AWS ICMP, providing seamless access to applications and data. The Zscaler Zero Trust Exchange™ platform is now authorized through the U.S. federal government’s FedRAMP program at High and Moderate levels, helping public sector agencies modernize securely while meeting the highest security standards."Zscaler's inclusion in ICMP marks a significant milestone in our commitment to supporting our nation's federal government," said Drew Schnabel, President and GM of Zscaler US Government Solutions. "By providing the government with greater access to the Zscaler Zero Trust Exchange platform, we are driving the acceleration of secure cloud adoption and empowering agencies with the modern, resilient cybersecurity infrastructure required to outpace an ever-evolving threat landscape." press@zscaler.com (zscaler.com) https://www.zscaler.com/press/zscaler-threatlabz-2025-vpn-risk-report-over-half-organizations-say-security-and-compliance https://www.zscaler.com/press/zscaler-threatlabz-2025-vpn-risk-report-over-half-organizations-say-security-and-compliance Thu, 10 Apr 2025 12:00:00 GMT Key Findings:92% of organizations are concerned about ransomware attacks due to VPN vulnerabilities93% of organizations fear backdoor vulnerabilities from third-party VPN connections81% of organizations are adopting or planning to adopt zero trust within the next yearZscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today published the Zscaler ThreatLabz 2025 VPN Risk Report, commissioned by Cybersecurity Insiders, which highlights the widespread security, user experience and operational challenges posed by VPN services. The findings are based on insights from a survey of 600+ IT and security professionals. The results are stark: maintaining security and compliance is the single largest challenge (56%) facing enterprises using VPNs today. Meanwhile, the risks of supply chain attacks and ransomware are top of mind for these companies with 92% of respondents concerned that persistent VPN vulnerabilities will lead to ransomware attacks. These combined risks have culminated in a profound shift in thinking around enterprise VPNs with 65% of organizations planning to replace their VPNs within the year — while 81% plan to implement a zero trust everywhere strategy.Initially built for remote access, VPNs have become a liability for corporate networks, exposing IT assets and sensitive data due to over-privileged access, vulnerabilities, and an ever-growing attack surface. VPN, both physical and virtual, is opposite of Zero Trust as by architecture it brings the remote users as well as attackers on the network. Additionally, VPNs hinder operational efficiency with slow performance, frequent connection issues, and complex maintenance, burdening IT teams and disrupting employee productivity. The report aims to shed light on these concerns with trusted insights from industry peers, while arming enterprises with guidance to enable secure access across today's hybrid work environments.Security and usability concernsSecurity and compliance risks ranked as the top VPN challenges at 54%, highlighting growing concerns that VPNs are inadequate and obsolete for defending against today’s evolving cyber threats. Cybercriminals are now leveraging AI to pinpoint vulnerabilities by using GPT models to run queries focused on identifying weaknesses in VPNs — for instance, performing reconnaissance by simply asking a generative AI chatbot to return all current CVEs for VPN products in use by an enterprise. Tasks that once required weeks or even months can now be accomplished in just minutes.Recently, a foreign cyberespionage group exploited vulnerabilities in a popular VPN, gaining unauthorized access to corporate networks. This incident, one of several in recent months, reinforces how VPN vulnerabilities continue to be a key target in cyberattacks, underscoring the urgent need to transition from legacy security models to a Zero Trust architecture. A staggering 92% of survey respondents said they are concerned about being targeted by ransomware attacks due to unpatched VPN vulnerabilities.“Attackers will increasingly leverage AI for automated reconnaissance, intelligent password spraying, and rapid exploit development, allowing them to compromise VPNs at scale,” said Deepen Desai, CSO at Zscaler. "To address these risks, organizations should shift to a Zero Trust everywhere approach. This approach eliminates the need for internet-exposed assets like VPNs (physical and virtual), while drastically reducing the attack surface and potential impact of breaches. It’s encouraging to see that 81% of organizations are planning to implement Zero Trust within the next year—a critical step in mitigating the security risks posed by legacy technologies like VPNs."The rise of critical, scannable VPN vulnerabilitiesTo understand how attackers exploit vulnerabilities in internet-connected VPN infrastructure, ThreatLabz also analyzed VPN Common Vulnerabilities and Exposures (CVEs) from 2020-2025, based on data from the MITRE CVE Program. In general, vulnerability reporting is a good thing, as rapid vulnerability disclosure and patching helps the entire ecosystem improve cyber hygiene, foster community collaboration, and quickly respond to new vectors of attack. No type of software is immune from vulnerabilities, nor should it be expected to be.Over the sample period, VPN CVEs grew by 82.5% (note that early 2025 data has been removed for this portion of the analysis). In the past year, roughly 60% of the vulnerabilities indicated a high or critical CVSS score — indicating a potentially serious risk to impacted organizations. Moreover, ThreatLabz found that vulnerabilities enabling remote code execution (RCE) were the most prevalent kind, in terms of the impact or capabilities they can grant to attackers. These types of vulnerabilities are typically serious, as they can grant attackers the ability to execute arbitrary code on the system. Put another way, far from being innocuous, the bulk of VPN CVEs are leaving their customers vulnerable to critical exploits that attackers can, and often do, exploit. Unwelcome party guestsVPNs provide broad access following authentication, extending user access to contractors, external partners and vendors. While great in theory connectivity tools, attackers can easily exploit weak or stolen credentials, misconfigurations, and unpatched vulnerabilities to compromise these trusted connections. The report shows, 93% of organizations now worry about backdoor vulnerabilities stemming from third-party access. In February 2024, a financial services company suffered a data breach exposing nearly 20,000 clients' personal information, caused by vulnerabilities in their VPN. This incident highlights how VPNs create exploitable entry points into corporate networks. Out with the old, in with the new - Zero Trust EverywhereLegacy or traditional vendors are attempting to adapt to the evolving landscape by deploying virtual machines in the cloud and labeling them as Zero Trust solutions. Unfortunately, a VPN hosted in the cloud remains, at its core, a VPN and does not adhere to true Zero Trust principles. Illustrating this point, the industry has recently witnessed massive spikes in scanning activity targeting tens of thousands of publicly searchable VPN IP addresses hosted by at least one of the largest security vendors. Historically, this kind of activity has indicated some likelihood that attackers may be preparing to exploit yet-to-be-disclosed vulnerabilities in targeted VPN assets. Case in point: if you are reachable, you are breachable — which is why, from an architectural perspective, cloud-based VPN technology can never achieve true zero trust principles, no matter the branding.The switch to a holistic Zero Trust architecture is rapidly gaining momentum and replacing outdated legacy security tools due to the proven security benefits and efficiency gains for adopting organizations. The report found 81% of organizations are adopting, or planning to adopt, a Zero Trust architecture within the next year and by extending this architecture to users, applications and workloads, enterprises are ensuring that Zero Trust is truly everywhere enabling VPN-free resilient security that:Minimizes the Attack Surface: Replaces network-based access with Zero Trust policies and identity-based controls to secure users and third parties.Blocks Threats: Prevents initial compromise through robust authentication, identity security, and least-privileged Zero Trust Access.Prevents Lateral Movement: Uses Zero Trust segmentation to contain threats and stop unauthorized spread within networks.Enhances Data Security: Enforces context-aware, integrated Zero Trust policies to protect sensitive information.Simplifies Operations: Replaces VPNs with AI-driven security, continuous monitoring, and automated policy enforcement, in addition to uninterrupted access with business continuity.By adopting these best practices, organizations can replace VPN security risks with a robust Zero Trust framework, enabling continuous verification, least-privileged access, and proactive threat prevention.Download the ThreatLabz 2025 VPN Risk ReportDownload the full version of the 2025 VPN Risk Report here for more information about security inefficiencies that highlight the inherent flaws of traditional VPNs, and the need for Zero Trust.Research MethodologyThis report is based on a comprehensive survey of 632 IT and cybersecurity professionals conducted by Cybersecurity Insiders. The study examines VPN security risks, enterprise access trends, and the adoption of zero trust architectures. Respondents include executives, IT security practitioners, and network infrastructure leaders across various industries. The findings provide a data-driven perspective on the decline of VPNs and the shift to zero trust, offering critical insights for organizations modernizing their access security strategies.About ThreatLabzThreatLabz is the security research arm of Zscaler. This world-class team is responsible for hunting new threats and ensuring that the thousands of organizations using the global Zscaler platform are always protected. In addition to malware research and behavioral analysis, team members are involved in the research and development of new prototype modules for advanced threat protection on the Zscaler platform, and regularly conduct internal security audits to ensure that Zscaler products and infrastructure meet security compliance standards. ThreatLabz regularly publishes in-depth analyses of new and emerging threats on its portal, research.zscaler.com. press@zscaler.com (zscaler.com) https://www.zscaler.com/press/zscaler-zero-trust-exchange-platform-deployed-across-t-mobile-operations https://www.zscaler.com/press/zscaler-zero-trust-exchange-platform-deployed-across-t-mobile-operations Tue, 01 Apr 2025 12:00:00 GMT Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, collaborated with T-Mobile in late 2023 to rapidly deploy hybrid zero trust throughout its operations. In just three months, T-Mobile implemented the Zscaler Zero Trust Exchange™ AI-powered cloud security platform, which is designed to secure access to applications and the internet, regardless of user location or device. Now, one year later, the roll-out has further secured the Un-carrier’s infrastructure against potential cyber threats and over that time, T-Mobile is retiring its traditional VPNs. By reducing the need for traditional VPNs and providing secure and direct access to applications, T-Mobile’s employees and other team members can access needed resources efficiently and effectively, whether they are in the office, at home or on the go.“As T-Mobile is continually focused on making enhancements to our cybersecurity approach to stay ahead of bad actors, working with Zscaler to roll out these tools is another positive step forward in that mission,” said Jeff Simon, senior vice president and chief security officer, T-Mobile. “Zscaler’s tools help us ensure that only verified and authorized users and devices can securely access the systems they need to do their job — and nothing more. This is critical to significantly reducing the risk of cyber threats.”Modernizing Security with the Zscaler Zero Trust Exchange The Zscaler Zero Trust Exchange platform is designed to secure access to applications and the internet, regardless of user location or device. T-Mobile’s deployment includes:Secure internet access with Zscaler Internet Access™ (ZIA™) to eliminate the need for backhauling, delivering full TLS/SSL traffic inspection and zero-trust access for internet and SaaS applications.Secure private access with Zscaler Private Access™ (ZPA™) to replace traditional VPNs and provide direct access to applications from any location.Advanced threat detection with Zscaler Deception technology to detect and neutralize threats by using decoys and false user paths to lure bad actors away from resources.Optimized User Experience with Zscaler Digital Experience™ (ZDX™) that detects and resolves issues with application connectivity and performance issues that could impact productivity.“The Zscaler Zero Trust Exchange is a cloud native cybersecurity platform built on the concept of zero trust. Following the principle of least-privileged access, the platform establishes trust based on user identity and context — including location, device, application and content — and creates secure, direct user-to-app, app-to-app and machine-to-machine connections,” said Mike Rich, chief revenue officer and president of global sales at Zscaler. “We’re proud that Zscaler reduced T-Mobile’s use of legacy firewalls and VPNs to enhance secure and efficient access to applications and information.”Watch a video from Zscaler and T-Mobile here. For more on the Zscaler Zero Trust Exchange, visit zscaler.com. press@zscaler.com (zscaler.com) https://www.zscaler.com/press/new-zscaler-ai-security-report-reveals-over-3000-surge-enterprise-use-ai-ml-tools https://www.zscaler.com/press/new-zscaler-ai-security-report-reveals-over-3000-surge-enterprise-use-ai-ml-tools Thu, 20 Mar 2025 12:00:00 GMT ChatGPT is the most popular AI/ML application, accounting for nearly half of all AI/ML transactions (45.2%) and is also the most-blocked AI application, followed by Grammarly, and Microsoft Copilot as the second and third most-blocked applications, respectivelyAgentic AI and open-source model DeepSeek are creating new opportunities for threat actors to weaponize AI and automate and scale their attackThe top five countries generating the most AI/ML transactions are the United States, India, United Kingdom, Germany, and JapanThe Finance & Insurance and Manufacturing industries generate the most AI/ML traffic, with 28.4% and 21.6% share of all AI/ML transactions in the Zscaler cloud, respectively, followed by Services (18.5%), Technology (10.1%), Healthcare (9.6%), and Government (4.2%) Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today released the ThreatLabz 2025 AI Security Report, based on insights from more than 536 billion AI transactions processed between February 2024 to December 2024 in the Zscaler Zero Trust Exchange™platform, the largest in-line security cloud,which discovered real-world threat scenarios ranging from AI-enhanced phishing to fake AI platforms. This report also explores recent developments in areas that will undoubtedly influence AI in 2025 and beyond, including agentic AI, the emergence of DeepSeek, and the evolving regulatory landscape. The report reveals a 3,000+% year-over-year growth in enterprise use of AI/ML tools, highlighting the rapid adoption of AI technologies across industries to unlock new levels of productivity, efficiency, and innovation. Enterprises are sending significant volumes of data to AI tools, totaling 3,624 TB, underscoring the extent to which these technologies are integrated into operations. However, this surge in adoption also brings heightened security concerns. Enterprises blocked 59.9% of all AI/ML transactions, signaling enterprise awareness around the potential risks associated with AI/ML tools, including data leakage, unauthorized access, and compliance violations. Threat actors are also increasingly leveraging AI to amplify the sophistication, speed, and impact of attacks—forcing enterprises to rethink their security strategies. “As AI transforms industries, it also creates new and unforeseen security challenges,” said Deepen Desai, Chief Security Officer at Zscaler. “Data is the gold for AI innovation, but it must be handled securely. The Zscaler Zero Trust Exchange platform, powered by AI with over 500 trillion daily signals, provides real-time insights into threats, data, and access patterns—ensuring organizations can harness AI’s transformative capabilities while mitigating its risks. Zero Trust Everywhere is the key to staying ahead in the rapidly evolving threat landscape as cybercriminals look to leverage AI in scaling their attacks.”Key Insights from the ThreatLabz 2025 AI Security ReportChatGPT Dominates AI/ML Transactions, But Security Concerns RemainChatGPT emerged as the most widely used AI/ML application, driving 45.2% of identified global AI/ML transactions in the Zscaler Zero Trust Exchange. However, it was also the most-blocked tool due to enterprises' growing concerns over sensitive data exposure and unsanctioned use. Other most-blocked applications include Grammarly, Microsoft Copilot, QuillBot, and Wordtune, showing broad usage patterns for AI-enhanced content creation and productivity improvements.“We had no visibility into [ChatGPT]. Zscaler was our key solution initially to help us understand who was going to it and what they were uploading.”—Jason Koler, CISO, Eaton Corporation | See the video case studyDeepSeek and Agentic AI: Innovation Meets Escalating ThreatsAI is amplifying cyber risks, with usage of agentic AI and China’s open-source DeepSeek enabling threat actors to scale attacks. So far in 2025, we’ve seen DeepSeek challenge American giants like OpenAI, Anthropic, and Meta, disrupting AI development with strong performance, open access, and low costs. However, such advancements also introduce significant security risks.Geographies Leading AI Adoption: US and India The United States and India generated the highest AI/ML transaction volumes, representing the global shift toward AI-driven innovation. However, these changes aren’t occurring in a vacuum, and organizations in these and other geographies are grappling with increasing challenges like stringent compliance requirements, high implementation costs, and shortage of skilled talent.Finance & Insurance Lead Enterprise AI Traffic by IndustryThe Finance & Insurance sector accounted for 28.4% of all enterprise AI/ML activity, reflecting its widespread adoption, and indicative of the critical functions supported by the industry, such as fraud detection, risk modeling, and customer service automation. Manufacturing was second, accounting for 21.6% of transactions, likely driven by innovations in supply chain optimization and robotics automation. Additional sectors, including Services (18.5%), Technology (10.1%), and Healthcare (9.6%), are also increasing their reliance on AI, while each industry also faces unique security and regulatory challenges posing new risks and possibly impacting the overall rate of adoption.The Zscaler AI Advantage Built on a true zero trust architecture, Zscaler delivers Zero Trust Everywhere, securing user, workload, IoT/OT communication using business policies, not network policies. Zscaler mitigates AI-powered threats by hiding applications and IP addresses from attackers, inspecting all traffic for threats, and ensuring users access only authorized applications—never full networks. This approach minimizes the attack surface, prevents lateral movement, and stops threats before they can cause harm. Zscaler protects its users against today's most sophisticated AI-driven threats by implementing the following:Zero Trust Foundation: Minimize the external attack surface through continuous verification and least-privilege access. Real-time AI Insights: Employ predictive and generative AI to deliver actionable insights that enhance security operations and digital performance. Data Classification: Leverage AI-driven classification to seamlessly detect and safeguard sensitive data across Zscaler’s Data Fabric.Threat Protection: Block AI-enhanced threats through continuous monitoring and response powered by the Zscaler Zero Trust Exchange.App Segmentation: Restrict lateral movement and reduce the internal attack surface with AI-driven, automatic app segmentation.Breach Prediction: Harness the power of Zscaler Breach Predictor that combines the power of generative AI and multi-dimensional predictive models.Cyber Risk Assessments: Leverages AI-generated security reports to continuously optimize your zero trust implementation.Download the Full ThreatLabz 2025 AI Security ReportDownload the full version of the 2025 AI Security Report here for more information about real-world threat scenarios, AI predictions, insights into AI regulations, and AI best practices. MethodologyAnalysis of 536.5 billion total AI and ML transactions in the Zscaler cloud from February 2024 to December 2024. The Zscaler global security cloud processes over 500 trillion daily signals and blocks 9 billion threats and policy violations per day, delivering over 250,000 daily security updates.About ThreatLabzThreatLabz is the security research arm of Zscaler. This world-class team is responsible for hunting new threats and ensuring that the thousands of organizations using the global Zscaler platform are always protected. In addition to malware research and behavioral analysis, team members are involved in the research and development of new prototype modules for advanced threat protection on the Zscaler platform, and regularly conduct internal security audits to ensure that Zscaler products and infrastructure meet security compliance standards. ThreatLabz regularly publishes in-depth analyses of new and emerging threats on its portal, research.zscaler.com. press@zscaler.com (zscaler.com) https://www.zscaler.com/press/zscaler-unveils-asset-exposure-management-faster-more-effective-cyber-risk-reduction https://www.zscaler.com/press/zscaler-unveils-asset-exposure-management-faster-more-effective-cyber-risk-reduction Tue, 25 Feb 2025 12:00:00 GMT Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced the introduction of Zscaler Asset Exposure Management, designed to advance how organizations manage their asset risk, commonly referred to as Cyber Asset Attack Surface Management (CAASM). Serving as a critical foundation for Zscaler's broader Continuous Threat Exposure Management (CTEM) offerings, this innovative solution consolidates and correlates data from a vast array of sources to deliver to organizations a precise inventory of assets and visibility into their security gaps to mitigate cyber risk.Organizations often struggle to maintain an accurate inventory of their assets. As a result, IT and security teams resort to spending hours using spreadsheets to track assets, making it difficult to assess the risks these assets pose and to prioritize remediation efforts. This issue is particularly pressing in regulated industries, such as healthcare and financial services, where non-compliance can result in significant fines.Built on Zscaler's powerful Data Fabric for Security, Zscaler Asset Exposure Management integrates and correlates data from hundreds of sources, including Zscaler’s cloud security platform providing organizations with a comprehensive and accurate inventory of their assets and their risk. Zscaler's Zero Trust Exchange platform processes over 500 billion security transactions daily, offering a comprehensive view of customer assets and associated risks. With more than 50 million devices using Zscaler agents to collect and share telemetry, the platform provides in-depth visibility into assets operating in branches and factories through the Zero Trust Branch solution. Additionally, it delivers insights into workloads in multi-cloud environments via the Zero Trust Cloud solution. This breadth of data delivers more effective security outcomes.Zscaler Asset Exposure Management offers comprehensive asset risk management, enabling organizations to:Create an Accurate Asset Inventory: Aggregate and deduplicate data from multiple sources to provide a comprehensive view of assets and their associated software stacks.Identify Coverage Gaps: Detect assets lacking essential security measures, such as missing Endpoint Detection and Response (EDR) solutions or outdated software versions.Enhance Data Accuracy: Improve data hygiene by automatically updating Configuration Management Databases (CMDB) and resolving data discrepancies across systems.Mitigate Risks: Trigger automated remediation workflows and policy adjustments to restrict access for users associated with risky assets, thereby immediately lowering enterprise risk.Together with Zscaler Risk360 and Unified Vulnerability Management, this new CAASM offering provides customers with a comprehensive solution for more effective exposure management.“Managing the security stack on our endpoints has been a labor-intensive task for our team,” said Mike Melo, CISO of LifeLabs. “Previous CAASM tools lacked the policy management features we needed to pinpoint risky or non-compliant assets. With this new software, we expect to save hundreds of hours of manual work, and because it’s built on the Zscaler Data Fabric for Security, which is already serving our exposure management program, we’ll see value in just a week, with no extra effort required.”“Companies have struggled for decades with the fundamental question of how many assets they actually have and what risk they pose to the business," said Adam Geller, Chief Product Officer, Zscaler. “The unmatched data set of 500 billion daily transactions from the Zscaler platform, combined with data from third-party sources, provides our customers with a unique advantage in identifying asset risk. By aggregating and synthesizing this data for additional context, we deliver more complete insights and empower our customers to make better decisions.”“Zscaler is integrating its own unique telemetry alongside the data aggregated from third-party sources,” said Michelle Abraham, senior research director, Security and Trust at IDC. “The Data Fabric for Security’s ability to synthesize, normalize, and enrich this data brings depth to asset visibility and security insights providing Zscaler with a foundational product for improving organizational cyber hygiene.”To learn more about Zscaler Asset Exposure Management, please visit zscaler.com/ctemlaunch. Forward-Looking StatementsThis press release contains forward-looking statements that are based on our management's beliefs and assumptions and on information currently available to our management. These forward-looking statements include the expected benefits of the new Zscaler Asset Exposure Management solution to Zscaler’s customers. These forward-looking statements are subject to the safe harbor provisions created by the Private Securities Litigation Reform Act of 1995. A significant number of factors could cause actual results to differ materially from statements made in this press release, including those factors related to our ability to successfully implement and deploy the Zscaler Asset Exposure Management solution across platforms and to improve efficiency and cost savings for our customers. Additional risks and uncertainties are set forth in our most recent Quarterly Report on Form 10-Q filed with the Securities and Exchange Commission (“SEC”) on December 5, 2024, which is available on our website at ir.zscaler.com and on the SEC's website at www.sec.gov. Any forward-looking statements in this release are based on the limited information currently available to Zscaler as of the date hereof, which is subject to change, and Zscaler will not necessarily update the information, even if new information becomes available in the future. press@zscaler.com (zscaler.com) https://www.zscaler.com/press/60-businesses-anticipating-cyber-breach-2025-organizations-must-prioritize-resilience https://www.zscaler.com/press/60-businesses-anticipating-cyber-breach-2025-organizations-must-prioritize-resilience Tue, 11 Feb 2025 12:00:00 GMT 60% of organizations expect to experience a significant failure scenario in the next year.94% of IT leaders ‘believe’ their current cyber resilience measures are effective, yet ransomware attacks continue to rise and cost organizations billions of dollars per year. But only 45% say their cyber resilience strategy is up-to-date in preparation for modern attacks in response to the rise of AI.Organizations must more closely examine their ability to respond to advanced cyber breaches, which allow threat actors to access systems, move laterally, and steal sensitive data.A global survey from Zscaler, the leader in cloud security, has revealed a critical disconnect between IT leader confidence in their organization’s ability to weather upcoming failure scenarios like cyberattacks and the effectiveness of current security approaches. According to the survey conducted by Sapio, which incorporated responses from 1,700 IT decision makers across 12 countries, almost half (49%) of IT decision makers believe their IT infrastructure is highly resilient and 94% think their current cyber resilience measures are effective. Contradicting this confidence, two-fifths (40%) of IT leaders haven’t reviewed their cyber resilience strategy in over six months, and only 45% report their strategy is up-to-date in preparation for modern attacks in response to the rise of AI–showing a disconnect between the level of confidence and taking action. With the threat landscape evolving and the devastating impact of ransomware attacks on businesses, organizations must evaluate their ability to respond to and plan for attacks– making it crucial to transition to a zero trust architecture.Cyber resilience requires greater prioritization and urgency from leadership Examining the disconnect between confidence levels and current strategies highlights a lack of investment from organizational leadership as a key friction point. Respondents indicate that a majority of leaders understand the growing importance of having a robust cyber resilience approach, but only a minority (39%) believe it is one of their leaders’ ‘top priorities’. This prioritization is reflected in the amount of budget assigned to cyber resilience strategies, with half of the respondents (49%) agreeing that the level of investment doesn’t meet the escalating need. From a total cost of ownership perspective, this suggests that spending additional funds on a legacy security model that isn’t working requires a new approach which can be accomplished with zero trust.It is also evidenced by the lack of cyber resilience involvement from leadership. For most organizations, the burden of cyber resilience planning falls to IT leaders and their teams. Fewer than half (44%) of IT leaders say they have the CISO, for example, actively participating in any resilience planning. Further evidence of cyber resilience being siloed is the fact that only 36% of IT leaders say their cyber resilience strategy is included within their organization’s overall resilience strategy.“The possibility of a major failure scenario for organizations is not an ‘if’ but ‘when’, as the statistics in our report show,” said Jay Chaudhry, CEO, Chairman and Founder, Zscaler. “It proves the need for proactive resilience to combat and mitigate inevitable incidents before they become a significant issue for business continuity. Proactive resilience is essential to address incidents before they threaten business continuity. Cyber resilience is foundational to overall business resilience, and outdated firewalls and VPNs allow persistent attacks, making a zero trust architecture crucial for defending against advanced threats. Leadership must collaborate with IT teams to develop a strong cyber resilience strategy based on Zero Trust, preparing for and mitigating the impact of sophisticated AI-driven attacks. We call this becoming ‘Resilient by Design’.”Prevention is overprioritized compared to response & recoveryThe majority (60%) of IT leaders believe their organization overly prioritizes prevention – with splits showing that over two fifths (43%) of cyber security strategies and budgets are focused on prevention, at the expense of response or recovery. This suggests that most organizations are not prepared for what would happen if a failure occurred and would struggle to recover business operations as quickly as needed. Even among those organizations focusing their efforts on prevention, fewer than half are deploying each of the following proactive security tools to contain the blast radius of cyberattacks and mitigate further damage: risk hunting (44%), Zero Trust micro segmentation (42%,) and deception technologies (35%).“With the growing threat landscape including AI-based attacks and continued pressure to digitize not likely to abate any time soon, our attack surfaces are still expanding beyond our control. A robust and proactive resilience strategy, underpinned by a zero trust architecture, ensures a foundation that won’t crumble even in the wake of a successful attack, that can be remediated faster”, said James Tucker, Head of EMEA CISOs in Residence at Zscaler. “Therefore organizations need to transform their network and security architecture and adopt a zero trust ‘Resilient by Design’ approach to weather the dangers of a digital future.”A Zero Trust architecture enables a ‘Resilient by Design’ approachTo mitigate cyber resilience risk, organizations should embed visibility and control into their security strategy. Understanding failure scenarios more quickly and thoroughly based on the insights from an AI-powered cloud security platform to mitigate the blast radius of an incident strengthens the resilience posture. This outcome is what Zscaler enables with a ‘Resilient by Design’ approach. Because cyber threats evolve and advance so quickly, Zscaler leverages AI to dynamically adjust access based on changing risk. The Zscaler Zero Trust Exchange reduces risk across all four stages of the attack chain and supports a ‘Resilient by Design’ approach:Minimize the attack surfacePrevent initial compromiseEliminate lateral movementStop data lossThe full survey report ‘Unlock the Resilience Factor: Why Resilient by Design is the Next Cyber Security Imperative’ can be downloaded via this link.Zscaler Cyber Resilience Report MethodologyIn December 2024, Zscaler commissioned Sapio Research to conduct a survey of 1,700 IT decision makers (IT leaders) across 12 markets (Australia, France, Germany, India, Italy, Japan, Netherlands, Singapore, Spain, Sweden, UK & Ireland, US). These IT leaders work at companies with 500+ employees and across industries. press@zscaler.com (zscaler.com) https://www.zscaler.com/press/zscaler-now-offers-natively-integrated-zero-trust-solution-rise-sap https://www.zscaler.com/press/zscaler-now-offers-natively-integrated-zero-trust-solution-rise-sap Tue, 28 Jan 2025 12:00:00 GMT Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security and an SAP partner, is now offering customers its Zero Trust Network Access (ZTNA) service, natively integrated within RISE with SAP. Zscaler Private Access™ (ZPA™) for SAP, delivered through the Zscaler Zero Trust Exchange™ platform, helps enable SAP customers with on-prem ERP workloads to simplify and de-risk their cloud migration, without the complexity and risk associated with traditional VPNs.As per Zscaler’s 2024 VPN Risk report, 56% of organizations have been targets of cyberattacks exploiting VPN security vulnerabilities in the last year. These incidents underscore the growing imperative to move away from traditional perimeter-based defenses towards a more robust Zero Trust architecture to enable secure access to an organization’s most critical ERP infrastructure.By running ZPA within customers' containerized RISE with SAP cloud environments, Zscaler can deliver native zero trust connectivity to SAP S/4HANA Cloud applications across deployment models, including multi-cloud or hybrid cloud. With this foundation, Zscaler also empowers customers with Zscaler Data Protection for compliance and Digital Experience Monitoring (DEM) with Zscaler Digital Experience™ (ZDX™) for an improved user experience.Businesses that use RISE with SAP can leverage ZPA to benefit from:Secure, Agile Cloud Access: RISE with SAP combines all the components that businesses need to pursue their business transformation strategies securely. With the integration of ZPA within RISE with SAP, customers can eliminate traditional firewalls and VPNs which unlocks cloud agility and improves security and compliance.Natively supported Zero Trust protection: By provisioning Zscaler connectors natively, Zero Trust access is enabled within the RISE with SAP environment, without the need for traditional VPNs. This ensures that customers can run their technology operations in a managed, secure cloud infrastructure with built-in security and data protection.Secure access for workforce and business partners: ZPA delivers seamless client-based and client-less Zero Trust connectivity, ensuring secure, direct access for employees and third parties from anywhere to RISE with SAP applications and resources. Corporate, Customer and GSI Quotes“Customers have been using the Zscaler Zero Trust Exchange to protect their SAP workloads across a large range of SAP applications for years,” said Punit Minocha, EVP, Business Development & Corporate Strategy at Zscaler. “Now, we are launching a solution that natively integrates within RISE with SAP to facilitate the secure migration of workloads to a managed service and provides improved user-friendliness by eliminating the burden of traditional firewalls and VPNs. Customers achieve application modernization while also securing remote access to business-critical applications and therefore facilitating the ‘working from anywhere’ culture that is so important to today’s workforce.”“The integration of Zscaler Private Access with RISE with SAP enables streamlined Zero Trust security across SAP applications, providing secure access for users and partners while supporting compliance and performance, no matter where their workforce, apps or data resides," said Roland Costea, Chief Information Security Office, SAP Enterprise Cloud Services.“Using Zscaler Private Access platform, we can confidently enable secure, remote access to SAP resources while maintaining the flexibility and scalability needed”, said Tobias Thörmann, Network Security Architect, Volkswagen AG. “This new integrated solution that Zscaler and SAP have created is an important capability to support our digital transformation with secure cloud services.”Zscaler’s ZPA integration with RISE with SAP marks a significant step forward in securing and optimizing enterprise applications in the cloud”, said Georgios Billios, Group Service Manager, Siemens AG. “By seamlessly connecting users to SAP services while maintaining the highest standards of security and performance, this partnership empowers organizations to innovate and scale with confidence in today’s digital landscape, which we will evaluate in our own RISE with SAP implementations.”“This innovative solution will enable organizations like ours to enhance the security and reliability of our SAP applications”, said Nataliia Iskra, Head of IT Security Operations, Deutsche Börse. “By enabling secure, zero-trust access to critical systems without the need for traditional VPNs, Zscaler empowers our teams to work with confidence, no matter where they are. This innovative approach reduces risk, ensures regulatory compliance, and ultimately strengthens the foundation of our IT security strategy.”“Using Zscaler’s ZPA solution to securely access SAP applications is a strategic move for organizations aiming to fortify their enterprise security”, said Britta Simms, Managing Director, Accenture. “Moving beyond traditional perimeter defenses like VPNs allows organizations to ensure that every access request is validated based on identity, context, and risk. This continuous authentication model is essential for protecting SAP applications in the cloud, enabling organizations to embrace digital transformation while maintaining a robust security posture.”“Modern organizations operate SAP systems across a hybrid landscape and today’s distributed workers need access to these systems from different locations”, said Sachin Singh, Managing Director, Deloitte & Touche LLP. “This new solution offered jointly by Zscaler and SAP simplifies migration of SAP applications to the cloud by allowing users to have a consistent, secure experience, no matter where these applications are hosted. With our deep technical cybersecurity knowledge and this new solution from Zscaler and SAP, we can help clients navigate data protection compliance while utilizing digital experience monitoring for optimizing user experience during the migration.”Join us for our exclusive virtual event featuring leaders from SAP, Siemens, Volkswagen, Deutsche Börs e, Deloitte, Accenture, and Capgemini, in which they will discuss the partnership in detail. Register here.For more information on the latest Zscaler and SAP integration, please visit - https://www.zscaler.com/partners/sap.SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE in Germany and other countries. Please see https://www.sap.com/copyright for additional trademark information and notices. All other product and service names mentioned are the trademarks of their respective companies. press@zscaler.com (zscaler.com) https://www.zscaler.com/press/nokia-turns-zscaler-modernize-security-architecture-and-accelerate-cloud-transformation https://www.zscaler.com/press/nokia-turns-zscaler-modernize-security-architecture-and-accelerate-cloud-transformation Tue, 17 Dec 2024 12:00:00 GMT Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced that Nokia, a multinational technology leader in pioneering networks, digital services and applications, is deploying the Zscaler Zero Trust Exchange™ platform to enhance its security, operational efficiency, and cloud capabilities. The Zscaler platform is a cloud-native security solution that connects users directly to applications and workloads without exposing the corporate network, thereby reducing the attack surface and enhancing overall cybersecurity and compliance posture. Zscaler’s platform is built to provide secure, fast connections from any device, anywhere, at any time.Legacy Challenges Lead to Strategic ModernizationNokia previously relied on a combination of traditional hardware and virtual firewalls across data centers, offices, and cloud environments. With the traditional IP-based security approach, maintaining uniform security control across all branch offices and across all applications and platforms was complex. “Now we are moving towards identity-based, location-independent, application access, with a zero trust security approach without compromising on user experience”, said Nishant Batra, Chief Strategy & Technology Officer at Nokia. “With our push towards a cloud-first model, it became evident that we needed a security architecture capable of supporting this evolution efficiently and securely.”Traditional firewall solutions lack the agility to deliver true zero-trust security, impacting the optimization of digital and cloud transformation initiatives. Nokia’s adoption of Zscaler’s Secure Access Service Edge (SASE) solution aligns with its goal to streamline operations, reduce latency, and elevate security without the limitations of traditional solutions.A Future-Focused Approach with Zscaler’s Zero Trust Exchange PlatformNokia has selected Zscaler due to Zscaler’s robust, multi-cloud SaaS platform, which provides extensive public edge coverage and an application-centric approach to zero-trust. Zscaler’s platform includes more than 160 globally distributed data centers to optimize performance and ensure highly available, seamless and secure access for Nokia’s global workforce.Key components of Nokia’s deployment include:Zscaler Internet Access™ (ZIA™): Delivering secure, zero-trust access directly to the internet and SaaS applications through an AI-powered secure web gateway.Zscaler Private Access™ (ZPA™): Replacing VPNs with direct, secure access to private applications from any device or location.Zscaler Digital Experience™ (ZDX™): Enabling Nokia’s IT team to quickly detect and resolve user experience issues, ensuring seamless connectivity and productivity.Zscaler Data Protection: Securing sensitive data through advanced inspection and threat prevention capabilities.Transformative Benefits for Nokia’s Cloud-Centric InitiativesBy implementing the Zscaler platform as part of a phased journey, Nokia expects to realize substantial benefits from both an operational and a security perspective. The platform’s ability to integrate seamlessly with Nokia’s cloud solutions allows for easy scalability and rapid adaptation to Nokia’s evolving security needs.Nokia has already witnessed the potential for a significantly improved end-user connectivity experience in the initial rollout phase. “Our team was particularly impressed with the seamless user experience provided by Zscaler, which advanced our performance and productivity from day one,” said Batra.With Zscaler, Nokia is planning to streamline security infrastructure, reduce operational costs, and provide a foundation for further digital transformation."As the leader in cloud security, Zscaler is thrilled to partner with Nokia on their journey towards a Zero Trust architecture," said Jay Chaudhry, CEO, Chairman, and Founder of Zscaler. " Zscaler’s AI-powered cloud security platform is helping Nokia accelerate their implementation of a modern security model that will deliver superior threat detection and response while significantly reducing costs and providing improved user experiences. Nokia’s commitment to security and cloud transformation, combined with Zscaler’s dedication to delivering unparalleled customer value, we will help ensure industry-leading security, performance, and productivity for its employees, partners and customers.”To learn more about Zscaler’s Zero Trust Exchange and how it supports digital transformation, visit zscaler.com.Forward-Looking Statements This press release contains forward-looking statements that are based on our management's beliefs and assumptions and on information currently available to our management. These forward-looking statements include the expected benefits of Nokia’s Zscaler deployment. These forward-looking statements are subject to the safe harbor provisions created by the Private Securities Litigation Reform Act of 1995. A significant number of factors could cause actual results to differ materially from statements made in this press release, including those factors related to our ability to successfully implement and deploy our solutions to promote Nokia’s cloud security transformation initiatives. Additional risks and uncertainties are set forth in our most recent Quarterly Report on Form 10-Q filed with the Securities and Exchange Commission (“SEC”) on December 5, 2024, which is available on our website at ir.zscaler.com and on the SEC's website at www.sec.gov. Any forward-looking statements in this release are based on the limited information currently available to Zscaler as of the date hereof, which is subject to change, and Zscaler will not necessarily update the information, even if new information becomes available in the future.About NokiaAt Nokia, we create technology that helps the world act together.As a B2B technology innovation leader, we are pioneering networks that sense, think and act by leveraging our work across mobile, fixed and cloud networks. In addition, we create value with intellectual property and long-term research, led by the award-winning Nokia Bell Labs.With truly open architectures that seamlessly integrate into any ecosystem, our high-performance networks create new opportunities for monetization and scale. Service providers, enterprises and partners worldwide trust Nokia to deliver secure, reliable and sustainable networks today—and work with us to create the digital services and applications of the future. press@zscaler.com (zscaler.com) https://www.zscaler.com/press/zscaler-finds-over-87-cyberthreats-hide-encrypted-traffic-reinforcing-need-zero-trust https://www.zscaler.com/press/zscaler-finds-over-87-cyberthreats-hide-encrypted-traffic-reinforcing-need-zero-trust Thu, 05 Dec 2024 12:00:00 GMT Key Findings:Malware, phishing and cryptominers account for nearly 90% of all encrypted threats observed in ThreatLabz analysisManufacturing was the target of 42% of encrypted attacks, making it the most- targeted industry The United States and India are the top targets of encrypted attacksZscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today published its Zscaler ThreatLabz 2024 Encrypted Attacks Report, which explores the latest threats blocked by the Zscaler security cloud and provides critical insights into how encryption has become a conduit for more sophisticated threats, further compounded by the rise of artificial intelligence (AI). ThreatLabz found that over 87% of all threats were delivered over encrypted channels between October 2023 and September 2024—a 10% increase year-over-year. The report offers strategies and best practices to help organizations tackle these covert threats. "The rise in encrypted attacks is a real concern as a significant share of threats are now delivered over HTTPS," said Deepen Desai, Chief Security Officer, Zscaler. "With threat actors focused on exploiting encrypted channels to deliver advanced threats and exfiltrate data, organizations must implement a zero trust architecture with TLS/SSL inspection at scale. This approach helps to ensure that threats are detected and blocked effectively, while safeguarding data without compromising performance."Encrypted malware continues to dominate Malware accounted for 86% of encrypted attacks, totaling 27.8 billion hits—a 19% year-over-year increase. Encrypted malware includes malicious web content, malware payloads, macro-based malware, etc. This growing prevalence of malware reflects a strategic shift by attackers adapting tactics to thrive within encrypted traffic, using encryption to conceal malicious payloads and content. According to ThreatLabz researchers, the most active malware families were:AsyncRAT Choziosi Loader/ChromeLoader AMOS/Atomic Stealer DucktailAgent TeslaKoi LoaderThe report also details notable year-over-year increases in web-based attacks, including cryptomining/cryptojacking (123%), cross-site scripting (110%) and phishing (34%), among other encrypted threats—surges that could be potentially fueled by the growing use of generative AI technologies by threat actors.Most targeted industry verticalsManufacturing was the most-targeted industry, accounting for 42% of encrypted attacks—nearly three times more than the second-most targeted industry, technology and communications. Attacks on the manufacturing industry grew 44% year-over-year, likely driven by rapid Industry 4.0 advancements and the extensive use of interconnected systems, which have expanded the attack surface and heightened manufacturers’ vulnerability to cyber threats.The top five most targeted industries were:ManufacturingTechnology and communications ServicesEducationRetail and wholesaleCountries that experience the most encrypted attacksThreatLabz found that the United States, India and France are the most frequently targeted nations by encrypted attacks. The U.S. and India are consistently the top two most frequently targeted, highlighting their significance as high-value targets for cybercriminals. The top five most targeted countries by encrypted attacks were:United States - 11BIndia - 5.4BFrance - 854MUnited Kingdom - 741MAustralia - 672MStopping encrypted attacks with zero trustUnderstanding how zero trust disrupts encrypted threats requires looking at a typical attack sequence. Advanced attacks often unfold in four stages:First, attackers conduct reconnaissance to find a way into the targeted network.Next, they breach the network, often via exploits, brute-force attacks or stolen credentials.Once inside, they move laterally, escalate privileges and establish persistence.Finally, they carry out their objectives, typically conducting data exfiltration to extract valuable information that can be leveraged for further extortion or attacks. The Zscaler Zero Trust Exchange™ platform provides security controls at each stage to mitigate risk and stop encrypted threats.A key component of the Zscaler platform’s approach is its full TLS/SSL inspection capabilities, based on an advanced proxy architecture. Zscaler advises inspecting 100% of traffic to protect users and organizations from threats concealed within encrypted channels.Organizations can bolster their ability to protect their devices, apps and data from encrypted attacks by following these recommendations:Understand that any internet-facing service can be found and attacked or abusedInspect incoming encrypted traffic to detect and block threatsUse a zero trust architecture to secure all connectivity holistically between users and applications, between devices like IoT and OT systems, between all locations and branch offices, between cloud workloads and more.Implement microsegmentation to reduce access, even for authenticated users. Leverage an AI-driven cloud sandbox to isolate and quarantine unknown attacks and stop patient-zero malware before it touches users.Reduce the number of entry points into an environment. Inspect outgoing northbound traffic along with incoming southbound traffic to disrupt C2 communications and protect sensitive data.The ThreatLabz 2024 Encrypted Attacks Report provides additional insights and best practices to help organizations effectively prevent encrypted attacks. Download your copy here today.Research MethodologyAnalysis of 32.1 billion blocked threats from October 2023 to September 2024 in the Zscaler cloud shows that all blocked threats came via encrypted channels. About ThreatLabzThreatLabz is the security research arm of Zscaler. This world-class team is responsible for hunting new threats and ensuring that the thousands of organizations using the global Zscaler platform are always protected. In addition to malware research and behavioral analysis, team members are involved in the research and development of new prototype modules for advanced threat protection on the Zscaler platform, and regularly conduct internal security audits to ensure that Zscaler products and infrastructure meet security compliance standards. ThreatLabz regularly publishes in-depth analyses of new and emerging threats on its portal, research.zscaler.com. press@zscaler.com (zscaler.com) https://www.zscaler.com/press/zscaler-introduces-innovations-intelligent-segmentation-extend-zero-trust-branches-factories https://www.zscaler.com/press/zscaler-introduces-innovations-intelligent-segmentation-extend-zero-trust-branches-factories Tue, 12 Nov 2024 12:00:00 GMT Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced the industry’s first Zero Trust Segmentation solution to provide a more secure, agile and cost-effective means to connect users, devices, and workloads across and within globally distributed branches, factories, campuses, data centers, and public clouds. While traditional networks, including SD-WAN and site-to-site VPN, have extended enterprise connectivity to branches and clouds, they have also inadvertently accelerated the spread of ransomware. Although firewalls are used to do segmentation on networks, they add complexity, increase costs, and fail to provide adequate security. Zero Trust Segmentation for branch and cloud is an innovative solution that prevents ransomware attacks, turns branches into simplified café-like environments and in the process eliminates the need for firewalls, network access control (NAC), SD-WAN and site-to-site VPNs.With a Zero Trust architecture, organizations are no longer required to extend the corporate network from the data center to distributed locations and public clouds. Each branch, factory and public cloud becomes a virtual island that communicates directly with the Zscaler cloud security platform over any broadband connection. The Zscaler Zero Trust Exchange™ platform then applies business policies to securely connect users, workloads and devices. As a result, Zscaler minimizes the attack surface associated with public IPs, prevents ransomware from spreading between locations, and eliminates firewalls, SD-WAN and the reliance on Direct Connect and ExpressRoute.“Traditional network and security architectures enable the spread of ransomware," said Dhawal Sharma, EVP of Product Management at Zscaler. "Using firewalls to segment business networks is extremely complex, turning into a never-ending initiative for many organizations. Integrating advanced technology from the recent AirGap acquisition, Zscaler Zero Trust Segmentation now offers the most advanced, robust protection against ransomware attacks, which can be implemented in days. Additionally, it delivers up to 50% cost savings by eliminating the need for legacy firewalls and complex infrastructures.”Zero Trust Segmentation for Branches and FactoriesWith the increasing prevalence of IoT devices and operational technology (OT) systems in today's branch offices and factories, security leaders are urgently working to protect their environments from sophisticated attacks. A recent Zscaler ThreatLabz report revealed that over 50% of OT devices rely on legacy, end-of-life operating systems with known vulnerabilities, leaving them highly susceptible to attacks. Zscaler's solution securely segments every device—including legacy OT— within hours, without north-south firewalls.“As OT devices are becoming increasingly common in our environment, ensuring their security is a top priority,” said Brian Morris, Vice President, Chief Information Security Officer, Gray Television. “Zscaler Zero Trust Branch has been nothing short of transformative. It has not only helped us reduce network costs, but has significantly reduced cyber risk and helped accelerate M&A integration.”Zero Trust Segmentation for Data Center and Public CloudsRelying on firewalls to secure workload communications in hybrid and multi-cloud environments increases business risk and complexity. Each internet-facing firewall presents a discoverable attack surface and can lead to inconsistent cyber threat and data protection, as each public cloud service provider operates differently. Zscaler Zero Trust Segmentation standardizes multi-cloud workload security for internet-bound traffic, communication between clouds and data centers, between Virtual Private Clouds (VPCs), and between workloads and processes. This scalable approach eliminates the need for firewalls, site-to-site VPNs, Direct Connect, or ExpressRoute, simplifying and strengthening security across diverse cloud environments.“Cloud is a critical component of our infrastructure, and we depend on Zscaler’s Zero Trust architecture to secure our cloud workloads,” said Shanker Ramrakhiani, CISO at IIFL. “Zscaler’s Zero Trust Cloud has empowered us to enforce consistent security across our data centers and multiple clouds, simplifying operations and significantly reducing the risk of lateral threat movement.”Zero Trust Segmentation currently supports AWS and Azure, with GCP support slated for February 2025. To learn more about Zero Trust Segmentation, please visit https://zscaler.com/ztsegmentation.Forward-Looking StatementsThis press release contains forward-looking statements that are based on our management's beliefs and assumptions and on information currently available to our management. These forward-looking statements include the expected benefits of the new Zero Trust Segmentation solution to Zscaler’s customers. These forward-looking statements are subject to the safe harbor provisions created by the Private Securities Litigation Reform Act of 1995. A significant number of factors could cause actual results to differ materially from statements made in this press release, including those factors related to our ability to successfully implement and deploy our Zero Trust Segmentation solution across platforms and we believe this will result in improved efficiency and cost savings for our customers. Additional risks and uncertainties are set forth in our most recent Annual Report on Form 10-K filed with the Securities and Exchange Commission (“SEC”) on September 12, 2024, which is available on our website at ir.zscaler.com and on the SEC's website at www.sec.gov. Any forward-looking statements in this release are based on the limited information currently available to Zscaler as of the date hereof, which is subject to change, and Zscaler will not necessarily update the information, even if new information becomes available in the future. press@zscaler.com (zscaler.com) https://www.zscaler.com/press/new-zscaler-business-continuity-services-enables-customers-continue-secure-operations-even https://www.zscaler.com/press/new-zscaler-business-continuity-services-enables-customers-continue-secure-operations-even Tue, 22 Oct 2024 12:00:00 GMT Zscaler, the leader in cloud security, today announced it is expanding its business continuity solutions for cloud and endpoints that enable customers to prepare for and quickly recover from catastrophic events that can significantly disrupt business operations. These solutions build on Zscaler’s existing and widely adopted Business Continuity Standard offering.Recent major IT outages have refocused attention on how organizations can improve business continuity planning to minimize impact during a catastrophic, widespread event. Many business-critical organizations require always-on operations, and they cannot afford interruptions, which can be costly in financial and reputational terms.New Private Business Continuity Cloud solutions provide ongoing full inspection and enforcement of Zero Trust policies for web, SaaS, and private applications, with synchronization of configuration and policies, when the Zscaler public cloud is unreachable or unavailable.Additionally, new regulatory requirements in many industries and regions are compelling more organizations to develop business continuity plans that extend to their IT solutions.Zscaler Private Cloud Business Continuity Services provide:Continued access to all web, SaaS, and private applications in the event of a catastrophic event when the Zscaler cloud is unreachable or unavailableA full Zero Trust security posture with consistent policies and inspectionPrivate clouds maintain synchronization with Zscaler’s Zero Trust ExchangeA customer-hosted solution is available now, with a fully managed offering coming soonFor a deeper dive into the new Zscaler Private Cloud Business Continuity Services, as well as our solution for unavailable endpoints, like laptops, please visit this blog. press@zscaler.com (zscaler.com) https://www.zscaler.com/press/zscaler-and-okta-enhance-enterprise-cybersecurity-new-zero-trust-integrations https://www.zscaler.com/press/zscaler-and-okta-enhance-enterprise-cybersecurity-new-zero-trust-integrations Tue, 15 Oct 2024 12:00:00 GMT Today at Oktane2024, Zscaler and Okta announced four new integrations designed to accelerate their mutual customers' zero trust transformation. By delivering end-to-end, context-aware security, Okta and Zscaler are helping customers reduce risk, improve the user experience, and enable cross-domain response through shared telemetry and threat intelligence.“The integrations announced today significantly deepen our collaboration with Okta and our commitment to keeping our customers secure,” said Amit Raikar, Vice President, Technology Alliances and Business Development, Zscaler. “Together, we are focused on helping customers strengthen their zero trust security posture in an increasingly complex risk environment, where rigorously managing user identities and enforcing adaptive access controls is more crucial than ever.”“In the AI era, the only way to effectively protect customers is by rallying the security ecosystem. Point security solutions address individual areas but don’t integrate with one another, which increases complexity,” said Stephen Lee, vice president of Technical Strategy and Partnerships at Okta. “That’s why Okta and Zscaler have invested in deep integrations that accelerate the zero trust journey and elevate the security posture of our mutual customers worldwide.”Organizations continue to navigate the complexities of securing the growing number of remote users, cloud applications, and hybrid IT environments. Both Zscaler and Okta are committed to delivering deep integrations that enhance secure access to cloud and web applications while minimizing user disruptions. Our newest integrations deliver:Adaptive Access Policy Enforcement: The Zscaler Adaptive Access and Okta integration allows organizations to enforce context-based access policies that dynamically adjust based on the changing risk context of the user. These include password expiration, credential compromise, account recovery, or high-risk user behavior. Zscaler’s ingestion of Okta’s user risk telemetry expands upon an earlier integration, where Identity Threat Protection with Okta AI ingests risk telemetry from Zscaler Deception to respond to credential compromise or insider attacks. With the new integration, risk telemetry is exchanged bidirectionally between Okta and Zscaler, enhancing threat detection and response.Dynamic Step-Up Authentication: The Zscaler Adaptive Access can trigger step-up authentication with Okta Workforce Identity Cloud (WIC) to add an extra layer of security when Zscaler detects higher-than-usual risky user behavior. In such scenarios, step-up authentication dynamically requires the user to comply with stronger forms of authentication before access to sensitive resources, such as Salesforce, is granted.Security Data Contextualization and Unified Vulnerability Management: Zscaler's Data Fabric for Security enriches and aggregates data from Okta logs with concurrent data streams to provide contextualized, real-time insights into vulnerabilities and exposures across the enterprise ecosystem. Easy to set up and configure, this solution provides a dynamic risk assessment of an organization via a simple dashboard to accelerate security remediation.Zero Trust Partner Access: Zscaler’s Zero Trust Exchange cloud security platform, with natively integrated cloud browser isolation (CBI), enables secure, agentless access to web applications. It allows external third-party users and partners to instantly access corporate resources from their devices, while protecting enterprise applications and preventing data loss. Okta complements this by streamlining identity and access management (IAM) for IT administrators with Okta Universal Directory. This enables them to manage users and policies, automate app assignments, and onboard more securely and quickly.For more information about this integration, please get a copy of the solution brief.Forward-Looking StatementsThis press release contains forward-looking statements that are based on our management's beliefs and assumptions and on information currently available to our management. These forward-looking statements include the expected benefits of the new integrations to Zscaler’s product offerings and to our customers. These forward-looking statements are subject to the safe harbor provisions created by the Private Securities Litigation Reform Act of 1995. A significant number of factors could cause actual results to differ materially from statements made in this press release, including those factors related to our ability to successfully integrate these enhancements. Additional risks and uncertainties are set forth in our most recent Annual Report on Form 10-K filed with the Securities and Exchange Commission (“SEC”) on September 12, 2024, which is available on our website at ir.zscaler.com and on the SEC's website at www.sec.gov. Any forward-looking statements in this release are based on the limited information currently available to Zscaler as of the date hereof, which is subject to change, and Zscaler will not necessarily update the information, even if new information becomes available in the future.About OktaOkta is the World’s Identity Company. As the leading independent Identity partner, we free everyone to safely use any technology—anywhere, on any device or app. The most trusted brands trust Okta to enable secure access, authentication, and automation. With flexibility and neutrality at the core of our Okta Workforce Identity and Customer Identity Clouds, business leaders and developers can focus on innovation and accelerate digital transformation, thanks to customizable solutions and more than 7,000 pre-built integrations. We’re building a world where Identity belongs to you. Learn more at okta.com. press@zscaler.com (zscaler.com) https://www.zscaler.com/press/zscaler-identifies-more-200-malicious-apps-google-play-store-over-8-million-installs https://www.zscaler.com/press/zscaler-identifies-more-200-malicious-apps-google-play-store-over-8-million-installs Tue, 15 Oct 2024 12:00:00 GMT Key Findings:Mobile remains a top threat vector, with 111% growth in spyware and 29% growth in banking malwareTechnology, education, and manufacturing sectors continue to be most susceptible to attacksThe United States remains the top target for IoT, OT, and mobile cybersecurity attacksZscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today published its Zscaler ThreatLabz 2024 Mobile, IoT, and OT Threat Report, which offers an overview of the mobile and IoT/OT cyber threat landscape from June 2023 through May 2024. The findings in this report stress the urgency for organizations to reevaluate and secure mobile devices, IoT devices and OT systems. ThreatLabz identified more than 200 malicious apps in the Google Play Store, with more than 8 million collective installs, and the Zscaler cloud blocked 45% more IoT malware transactions than last year–indicative of botnets continuing to proliferate across IoT devices."Cybercriminals are increasingly targeting legacy exposed assets which often act as a beachhead to IoT & OT environments, resulting in data breaches and ransomware attacks," said Deepen Desai, Chief Security Officer at Zscaler. "Mobile malware and AI driven vishing attacks adds to that list making it critical for CISOs and CIOs to prioritize an AI powered zero trust solution to shut down attack vectors of all kinds safeguarding against these attacks."Financially motivated mobile attacks remain a top threat vectorWith 29% growth in banking malware attacks and a 111% rise in spyware year over year, cyberattacks have never been more profitable for threat actors, either through monetary gain via direct extortion or passthrough use of stolen personally identifiable information (PII) and user credentials that can be sold and leveraged in future attacks.Anatsa, a known Android banking malware that uses PDF and QR code readers to distribute malware, has targeted more than 650 financial institutions, and more specifically, users in Germany, Spain, Finland, South Korea and Singapore.Verticals most targeted by bad actorsThe technology (18%), education (18%) and manufacturing (14%) sectors are the most frequent targets of mobile malware. Education in particular saw a dramatic 136% increase in blocked transactions compared to the previous year.Additionally, for the second year in a row, manufacturing experienced the highest volume of IoT malware attacks, accounting for 36% of all IoT malware blocks observed on the Zscaler Zero Trust Exchange™ platform. When analyzing unique devices across different verticals, this sector stands out with the highest implementation of IoT devices due to its extensive use of IoT applications, ranging from automation and process monitoring to supply chain management.The United States remains the top target for IoT cyberattacksWith its central role in global communication and data processes, the US also stands out as the primary destination for IoT device traffic, accounting for 81% of IoT cyberattacks. The top five countries that receive the most IoT traffic are:United StatesJapanChinaSingaporeGermanyThe report also revealed that India (28%) is now the country most targeted by mobile malware. The other four are:United StatesCanadaSouth AfricaThe NetherlandsLegacy and end-of-life operation systems leave OT systems vulnerableOnce air-gapped and isolated from the internet, OT and cyber-physical systems have rapidly become integrated into enterprise networks, enabling threats to proliferate. OT deployments can involve thousands of connected devices spread across dozens of sites, creating a substantial attack surface for external threats, such as those that exploit known zero-day vulnerabilities. Additionally, this also creates a large attack surface between internal (east-west) OT traffic, increasing the risk of lateral movement and the potential blast radius of a successful attack.How to secure mobile, IoT and OT With today’s hybrid-work environments, users can work from anywhere with internet access, SaaS apps and private applications, whether in the cloud or the data center. To enable secure hybrid work and provide seamless access to any application, enterprises need to retire network-centric approaches, which hamper productivity and leave them vulnerable to lateral movement. Instead, organizations must adopt a zero trust architecture that enables secure remote access from any user device to any application, from any location.Zscaler for IoT and OT enables enterprises to reduce cyber risk while embracing IoT and OT connectivity to drive business agility and increase productivity. Powered by the Zero Trust Exchange, these capabilities protect IoT devices against compromise and prevent lateral movement with device segmentation and deception–all while allowing for remote access to OT systems without risky VPN connectivity.The findings of the 2024 Mobile, IoT, and OT Threat Report stress the need for organizations to better secure their mobile endpoints, IoT devices, and OT systems. Download the full report here.Research MethodologyThe Zscaler ThreatLabz team analyzed a data set collected from the Zscaler Security Cloud between June 2023 and May 2024, comprising more than 20 billion threat-related mobile transactions and associated cyberthreats. press@zscaler.com (zscaler.com) https://www.zscaler.com/press/zscaler-zero-trust-exchange-tm-extends-cybersecurity-market-leadership-surpassing-half https://www.zscaler.com/press/zscaler-zero-trust-exchange-tm-extends-cybersecurity-market-leadership-surpassing-half Wed, 09 Oct 2024 12:00:00 GMT Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced that the Zscaler Zero Trust Exchange™ cloud security platform has surpassed half a trillion daily transactions which is nearly 60 times greater than the total number of Google searches per day. This milestone underscores the unparalleled scalability, resilience, and trust customers have placed in the Zscaler platform, which enables organizations to secure users and applications, simplify operations, and advance their business. By extracting security signals from the half a trillion daily transactions and analyzing them with advanced AI models in real-time, Zscaler has the ability to gain a comprehensive understanding of the evolving threat landscape. This advancement delivers customers superior threat detection, prevention, and response capabilities.Scalable and Resilient Security Cloud for Mission-Critical RequirementsThe Zscaler Zero Trust Exchange is the world’s largest security cloud that delivers comprehensive security for users, devices, workloads and applications. The platform is built on the principle of least-privileged access to establish trust based on user identity and context—including location, device, application, and content—and then creates secure, direct user-to-app, app-to-app, and machine-to-machine connections. Zscaler services 8,600+ customers and 47+ million users, processing over half a trillion daily transactions and health performance and security metrics. Building a cloud of this magnitude and capacity takes deep experience and investment across four key areas: Scale, Resilience, Performance, and Zero Trust Connectivity. Scale: Enterprises need enough scale and capacity to dynamically and effortlessly handle large-scale events. Zscaler’s ability to effortlessly scale with the exponential rise in customer security transactions reinforces its strength to handle evolving and escalating enterprise demands. Resilience: It is critical to maintain the highest availability and interconnections between users and devices to critical cloud-based applications. Zscaler’s architecture helps ensure business continuity by helping customers prepare for and quickly recover from black swan events that could otherwise disrupt or stop business operations by automatically finding the optimal path from users and devices to application.Zero Trust Connectivity: Zscaler’s proxy-based cloud native Zero Trust platform securely connects users, applications, and devices—using business policies—over any network, in any location. By only granting access to the resources they need to perform their tasks, customers greatly reduce the risk of data breaches while simplifying operations for security and IT teams.Performance: An exceptional customer user experience—the ultimate measure of performance—is achieved by Zscaler’s platform scalability with over 160 hosted Zero Trust Exchange edges close to population centers around the world. This ensures that modern digital-first enterprises can operate effectively, around the globe, without trading off speed for unmatched security. "The growth in adoption and proliferation of our services continue to accelerate over the past 16 years," said Jay Chaudhry, CEO, Chairman, and Founder of Zscaler. "Zscaler consistently invests in its cloud security operations to ensure we have ample capacity to rapidly scale with user growth, and we built in resilience at its heart to ensure non-stop operations for our customers. As an innovator and a market leader, we also became the first cloud security company to introduce a Business Continuity service that enables customers to continue their operations, even during catastrophic events."Half a Trillion Daily Transactions Fuel New AI Security Controls for Security and IT ProfessionalsDelivering impactful AI-powered outcomes for customers requires large volumes of diverse, high-quality data, and a sophisticated AI engine to deliver meaningful and accurate results. Zscaler’s AI advantage is the result of 16 years of expertise and technology leadership. Zscaler processes the most daily transactions in the industry allowing Zscaler to extract security signals that are constantly analyzed by AI models to better understand the evolving threat landscape to offer the best protection to our customer base. By leveraging its massive data foundation, Zscaler is poised to transform the AI capabilities for the cybersecurity industry to not only enable organizations to mitigate risks and optimize performance, but also pave the way for zero-touch operations. press@zscaler.com (zscaler.com) https://www.zscaler.com/press/toyota-gazoo-partners-zscaler-safeguard-data-and-users-extreme-remote-environments https://www.zscaler.com/press/toyota-gazoo-partners-zscaler-safeguard-data-and-users-extreme-remote-environments Tue, 08 Oct 2024 12:00:00 GMT Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, announced today that TOYOTA GAZOO Racing World Rally Team Oy (TGR-WRT) is using the Zscaler Zero Trust Exchange™ cloud native security platform to protect users, applications, and data across its global operations and rally stages all over the world. Based in Jyväskylä, Finland, the high-performance, competition-oriented company constantly evolves technologies beyond world-level rallying for innovations for the automotive industry.TGR-WRT runs major programs for the World Rally Championship, Customer Motorsport, and Young Driver Development. As the organization operates in extreme and often remote locations across the globe, enabling secure, high-performance access to the internet and private applications was a major challenge for the IT team. TGR-WRT connects to a combined 100 services, encompassing file storage, SaaS applications, private custom applications for their sensitive engineering and testing data. The fast-growing organization realized that its traditional security infrastructure, consisting of VPNs and firewalls, was neither agile nor secure enough to serve its needs. When TGR-WRT adopted a cloud-first strategy as part of its push for modernization, the organization was also looking for more efficient connectivity for its users on the rally stages and in branch offices, with an improved security posture through a zero trust approach.The security team began its zero trust journey by collaborating with Mintly, a Finnish technology integrator, who recommended Zscaler to meet TGR-WRT’s unique requirements. After a successful proof of concept, TGR-WRT worked closely with Mintly to deploy the Zscaler Zero Trust Exchange platform on a tight schedule. The comprehensive cloud-native zero trust security platform now enables fast, secure connections between users, branches, applications, and workloads, anywhere and on any device. It acts as a switchboard, connecting users directly to applications and other resources—not to the network—thereby reducing the attack surface and eliminating the risk of lateral movement.“Zscaler is one of the best decisions we have made,” said Riku Nykänen, Information Security Officer at TGR-WRT. “The Zscaler Zero Trust Exchange simplifies our security architecture. It’s at the core of our protection for all network traffic from our on-premises and cloud servers and the laptops and mobile devices that our teams use at rallies, test events, airports, and homes around the world. This comprehensive security platform makes our users happy because it is easy to use and gives them seamless, uninterrupted connectivity. It makes a difference in our races where every tenth of a second counts.”During a rally, it is critical to get data packages as quickly as possible from cars to all relevant persons so it can be analyzed for optimizing the performance and reliability of the vehicles. With the help of Zscaler, TGR-WRT built an environment where this highly sensitive data can be sent seamlessly and securely across these different locations. TGR-WRT deployed Zscaler for Users with Zscaler Internet Access™ (ZIA™) to grant users zero trust access to the internet and SaaS applications from anywhere and on any device. ZIA brokers secure connections between users and applications based on identity, context, and business policies. With TLS/SSL traffic inspection and AI-powered defenses, it protects all users across various stages of the attack chain to prevent compromise, eliminate lateral movement of threats, and prevent data loss. Additionally, TGR-WRT replaced its unreliable VPN with Zscaler Private Access™ (ZPA™) for seamless and secure access to private applications from any device and location. Zscaler Digital Experience™ (ZDX™) enables the TGR-WRT help-desk team to detect usability issues, pinpoint root causes, and act swiftly to remediate problems to ensure a superior user experience.The organization also relies on Zscaler Zero Trust SD-WAN’s direct-to-cloud architecture to forward traffic from service parks and headquarters via a branch connector directly to the Zscaler Zero Trust Exchange platform for secure access to applications and the internet. This further reduces complexity of the architecture and adds another layer of data protection by eliminating site-to-site VPNs. In the near future, TGR-WRT plans to implement the Zscaler Client Connector™ app to provide consistent security and faster connectivity for users at rally locations who depend on mobile phones and tablets.TOYOTA GAZOO Racing World Rally Team has realized significant gains with the Zscaler solution. From April to June this year, the security platform helped them to process 262.1 million transactions and 13.7 TB of traffic—a dramatic increase in traffic of more than 1400% from the year before. During this timespan, Zscaler detected and prevented approximately 3 million policy violations.“Zscaler blew our minds,” said Jussi Luopajärvi, IT Manager at TOYOTA GAZOO Racing World Rally Team. “User productivity has greatly improved. The time it takes for users to turn on their laptops and start doing productive work has dropped from five minutes to just a few seconds. Network stability and performance in remote locations has also improved, and false positives associated with URL filtering have gone down significantly. Additionally, the firewall issues we had previously have been eliminated.”About TOYOTA GAZOO Racing World Rally TeamThe TOYOTA GAZOO Racing World Rally Team is based in Finland and a competitor in the World Rally Championship (WRC), serving as the entry for the car manufacturer, Toyota. The team is a separate operational unit of the TOYOTA GAZOO Racing team that competes in the World Endurance Championship, but both are a part of TOYOTA GAZOO Racing Europe. The team has delivered championship titles for drivers and co-drivers every year since 2019. press@zscaler.com (zscaler.com) https://www.zscaler.com/press/zscaler-appoints-security-industry-veteran-adam-geller-chief-product-officer-scale-cloud https://www.zscaler.com/press/zscaler-appoints-security-industry-veteran-adam-geller-chief-product-officer-scale-cloud Mon, 30 Sep 2024 12:00:00 GMT Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced the appointment of Adam Geller as Chief Product Officer to scale and accelerate the company’s next phase of innovation and growth.“I am truly excited to have Adam join us as we expand Zscaler’s product suite to support our rapidly growing business and customer base,” said Jay Chaudhry, CEO, Chairman, and Founder of Zscaler. “Adam was an integral part of the growth at Exabeam as CEO and prior to that as the Chief Product Officer he drove the development of their cloud-scale security operations platform. His extensive and proven security product and engineering experience will be invaluable to Zscaler as we build our AI-driven security operations platform. Adam brings deep product experience supported by strong customer engagement with enterprises, key for our next phase of growth."Mr. Geller has over 25 years of product and engineering experience across multiple domains of cybersecurity. Prior to his time focusing on SIEM and security operations at Exabeam, he launched and grew multiple product lines for Palo Alto Networks focusing on virtualization and cloud. Earlier, Mr. Geller built managed security services for global IT provider NTT Communications and focused on identity and authentication for VeriSign/Symantec. His deep commitment to understanding customer challenges and delivering innovative solutions has its roots in his earliest jobs delivering pre-sales and post-sales security assessments, product implementation, and managed security services.“Zscaler has consistently proven that it secures, simplifies, and transforms businesses who adopt its amazing platform," said Mr. Geller. “I am thrilled to take on the opportunity to grow Zscaler beyond $5B in ARR through our current and future product offerings powered by AI & ML. Zscaler sits at the confluence of users, devices, and applications and this offers unparalleled insights into identity, behavior, and intent. With access to one of the largest and richest datasets from billions of transactions, alerts, and context per day, we are able to deliver services that solve our customer’s IT challenges and give them the confidence they need to digitally transform their businesses.”Forward-Looking StatementsThis press release contains forward-looking statements that are based on our management's beliefs and assumptions and on information currently available to our management. These forward-looking statements include the potential impact of the executive appointments to Zscaler's future recurring revenue and ability to grow and scale. These forward-looking statements are subject to the safe harbor provisions created by the Private Securities Litigation Reform Act of 1995. A significant number of factors could cause actual results to differ materially from statements made in this press release.Additional risks and uncertainties are set forth in our most recent Annual Report on Form 10-K filed with the Securities and Exchange Commission (“SEC”) on September 14, 2023, which is available on our website at ir.zscaler.com and on the SEC's website at www.sec.gov. Any forward-looking statements in this release are based on the limited information currently available to Zscaler as of the date hereof, which is subject to change, and Zscaler will not necessarily update the information, even if new information becomes available in the future. press@zscaler.com (zscaler.com) https://www.zscaler.com/press/zscaler-and-crowdstrike-announce-new-ai-and-zero-trust-cyber-security-integrations https://www.zscaler.com/press/zscaler-and-crowdstrike-announce-new-ai-and-zero-trust-cyber-security-integrations Tue, 17 Sep 2024 12:00:00 GMT Zscaler, Inc. (NASDAQ: ZS) the leader in cloud security, today announced a new set of AI and Zero Trust integrations with the CrowdStrike Falcon® cybersecurity platform to advance security operations. The latest integrations with Zscaler Zero Trust Exchange™ Platform, Zscaler Data Fabric for Security, and CrowdStrike Falcon® Next-Gen SIEM modernize security operations to provide advanced threat detection, response, and risk management.Security operations center (SOC) teams are under constant pressure to assess and manage risks, detect threats early, and respond swiftly to security incidents–all while facing an increasingly complex threat landscape. Siloed security data streams from disparate sources and arbitrary risk assessment mechanisms across diverse environments create operational inefficiencies and delay response times that increase an organization’s cybersecurity risks and possibility of a breach. “Zscaler’s latest integrations with CrowdStrike represent a significant step forward in our collective mission to ease day-to-day work streams for IT security and SOC teams,” said Punit Minocha, EVP of Business Development and Corporate Strategy, Zscaler. “Together, we can deliver a synergistic approach to risk management, threat detection, and policy enforcement.”“To defeat today’s threats, organizations must transform the SOC by harnessing the power of AI and automation to eliminate blind spots and stop adversaries,” said Daniel Bernard, chief business officer at CrowdStrike. “CrowdStrike’s partnership with Zscaler is a critical step in advancing zero trust enforcement, empowering organizations to transform their SOC, closing the gap between security and IT operations.”The latest collaboration between Zscaler and CrowdStrike delivers:Coordinated Threat Sharing, Detection and Response: Through the Falcon Foundry for Zscaler app, which serves as a foundation for Zscaler’s integration with CrowdStrike Falcon® Next-Gen SIEM, mutual customers can leverage pre-built scripts for threat intel sharing and quickly build custom SOAR workflows. Holistic Cyber Risk Quantification and Visualization: Zscaler Risk360’s integration with the Falcon platform provides security teams deep insights into the contributing factors of an organization's risk, by pulling in rich incident, asset, and vulnerability data from Crowdstrike.Security Data Contextualization and Unified Vulnerability Management: Zscaler’s Data Fabric for Security enriches and correlates CVE (common vulnerabilities and exposure) data from the Falcon platform with concurrent data streams to provide contextualized, real-time insights into vulnerabilities and exposures across the enterprise ecosystem.Adaptive Access Policy Enforcement: CrowdStrike enhances Zscaler's Adaptive Access Engine by providing active security incident signals from the Falcon platform. The integration adds a rich layer of context to policy enforcement, making device posture-driven zero trust access control even more robust.For detailed information about this integration and benefits provided, please visit us here.Forward Looking StatementsThis press release contains forward-looking statements that are based on our management's beliefs and assumptions and on information currently available to our management. These forward-looking statements include the expected benefits to customers from the Zscaler and CrowdStrike partnership. These forward-looking statements are subject to the safe harbor provisions created by the Private Securities Litigation Reform Act of 1995. A significant number of factors could cause actual results to differ materially from statements made in this press release, including those factors related to our ability to successfully integrate technologies. Additional risks and uncertainties are set forth in Zscaler’s most recent Annual Report on Form 10-K filed with the Securities and Exchange Commission (“SEC”) on September 12, 2024, which is available on our website at ir.zscaler.com and on the SEC's website at www.sec.gov. Any forward-looking statements in this release are based on the limited information currently available to Zscaler as of the date hereof, which is subject to change, and Zscaler will not necessarily update the information, even if new information becomes available in the future. About CrowdStrikeCrowdStrike (NASDAQ: CRWD), a global cybersecurity leader, has redefined modern security with the world’s most advanced cloud-native platform for protecting critical areas of enterprise risk – endpoints and cloud workloads, identity and data.Powered by the CrowdStrike Security Cloud and world-class AI, the CrowdStrike Falcon® platform leverages real-time indicators of attack, threat intelligence, evolving adversary tradecraft and enriched telemetry from across the enterprise to deliver hyper-accurate detections, automated protection and remediation, elite threat hunting and prioritized observability of vulnerabilities.Purpose-built in the cloud with a single lightweight-agent architecture, the Falcon platform delivers rapid and scalable deployment, superior protection and performance, reduced complexity and immediate time-to-value.CrowdStrike: We stop breaches.Learn more: https://www.crowdstrike.com/Follow us: Blog | Twitter | LinkedIn | Facebook | InstagramStart a free trial today: https://www.crowdstrike.com/free-trial-guide/© 2024 CrowdStrike, Inc. All rights reserved. CrowdStrike, the falcon logo, CrowdStrike Falcon and CrowdStrike Threat Graph are marks owned by CrowdStrike, Inc. and registered with the United States Patent and Trademark Office, and in other countries. CrowdStrike owns other trademarks and service marks, and may use the brands of third parties to identify their products and services.CrowdStrike Corporate Communicationspress@crowdstrike.com press@zscaler.com (zscaler.com) https://www.zscaler.com/press/zscaler-doubles-down-investments-australia-new-co-located-data-center https://www.zscaler.com/press/zscaler-doubles-down-investments-australia-new-co-located-data-center Wed, 11 Sep 2024 12:00:00 GMT Zscaler, the leader in cloud security, today announced the launch of a new co-located data center in Perth to extend greater support to customers in the region to further fortify their organization’s Zero Trust cybersecurity postures. As part of Zscaler’s continued investment in the Australia and New Zealand markets, the new site will complement the existing Zscaler data center infrastructures in Sydney, Melbourne and Canberra – all of which are co-located within Equinix data centers. As Australian entities continue to battle the rising volume and sophistication of cyber threats, there is a growing impetus from both the public and private sectors to double down on Zero Trust adoption. In fact, the Zscaler ThreatLabz found over 29 million phishing attempts in Australia alone – with a 479% surge in volume of phishing content hosted in the country year-over-year. In line with the Australian Federal Government’s goal of becoming the most cyber secure nation in the world by 2030, the launch of this new site will provide customers with improved capacity and performance and prevent malicious activities from impacting their operations. The new data centers will support the Zscaler Zero Trust Exchange™ platform, including solutions such as Zscaler Private Access™ (ZPA) and Zscaler Internet Access™ (ZIA), to optimize digital experiences and support security for modern, dynamic applications. The Zscaler Zero Trust Exchange platform was the first cloud security vendor to achieve IRAP assessed to ‘Protected’. Furthermore, as part of our commitment to becoming carbon neutral by 2025, the new site adds to Zscaler’s more than 150 data centres – all of which are fully powered by renewable energy. “With the advent of new technologies like GenAI tools, the threat landscape is advancing in volume and sophistication, making it all the more critical to adopt a Zero Trust approach to cybersecurity – especially as more organizations move beyond legacy private network to connect in a cloud-enabled, mobile world,” said Eric Swift, Area Vice President, Australia & New Zealand at Zscaler. “Australia is setting the benchmark on the global stage when it comes to being cybersecurity-first and we are proud to partner with both public and private enterprises across the region to implement a Zero Trust strategy. We are deeply committed to helping all organizations to secure, simplify and transform their operations.”Some of Zscaler's customers in Australia include John Holland, Probe CX, Northern Beaches Council and Ramsay Healthcare. “We’re delighted Zscaler continues to choose Equinix as its preferred data center partner, adding a point of presence in Perth to complement existing sites in Sydney, Melbourne, and Canberra,” said Guy Danskine, Managing Director, Equinix Australia. “This expanded partnership illustrates the role Equinix plays in enabling the critical infrastructure that powers a safe and prosperous digital economy, giving customers and partners unbridled access to a dense ecosystem of technologies and networks. With continued investments in Western Australia, Perth is becoming a major data hub in Australia and together, Equinix and Zscaler provide the resilient infrastructure organisations need to strengthen their cybersecurity posture and maximize the benefits of a digital-first strategy.”Register here to learn more about the latest product innovations and industry trends and best practices on Zero Trust & AI, join us at our annual Zenith Live roadshow in Sydney on 17 September 2024. press@zscaler.com (zscaler.com) https://www.zscaler.com/press/zscaler-appoints-diplomat-and-tech-executive-casper-klynge-new-vice-president-and-head-emea https://www.zscaler.com/press/zscaler-appoints-diplomat-and-tech-executive-casper-klynge-new-vice-president-and-head-emea Mon, 12 Aug 2024 12:00:00 GMT Zscaler, Inc., the leader in cloud security, today announced the appointment of Casper Klynge for the new role as Zscaler’s Vice President, Head of EMEA Government Partnerships. As part of the Global Government Partnership team, Ambassador (ret.) and tech executive Casper Klynge will lead the public policy work and the strategic relationships and alliances with governments, international and regional organizations, and senior leaders across Europe, the Middle East, and Africa. Casper will be responsible for helping countries, organizations and critical infrastructure operators mitigate cybersecurity risks, in line with European and national data privacy and regulatory requirements, and driving digital sovereignty initiatives and strategic autonomy aspirations. European governments and institutions are moving with an urgency to securely transform their infrastructures to digital and cloud based requirements, in line with the utmost priority for data privacy and protection as well as regulatory obligations. Zscaler, with its global cloud-based and AI-powered Zero Trust security platform, already enables organizations worldwide in their secure adoption of multi-cloud environments, Working from Anywhere, 5G and the digitization of OT infrastructures, AI/ML security to combat the growing cyber risks effectively and can expand the same expertise to the public sector. As data sovereignty has to go hand in hand with cyber security, the new Zscaler function will build strategic partnerships with governments across EMEA to elevate the benefits of the Zero Trust approach and address regulatory affairs.“I am thrilled to work directly with Casper after having the privilege of collaborating for years while he served as Denmark’s Cyber and Tech Ambassador, and in his various industry leadership roles,” said Ryan Gillis, Senior Vice President, Global Head of Government Partnerships at Zscaler. “Bringing in a European leader of Casper’s experience, seniority and expertise reflects Zscaler’s commitment to building strategic relationships with governments and regional organizations at a critical inflection point for cybersecurity and public policy.”“I am very proud to join Zscaler at a pivotal time where cybersecurity challenges and data protection concerns driven by the possibilities of AI are becoming top of mind for the private and public sectors alike,” said Casper Klynge, Vice President, Head of EMEA Government Partnerships at Zscaler. “Leveraging secure and future-proof technology has become a key geopolitical issue to achieve digital resilience. It is the very foundation for creating the trust that will be the driver for digital transformation, and thus essential for productivity, economic growth and job creation in the digital decade ahead. I look forward to working with Zscaler colleagues in advancing digital sovereignty and in line with cybersecurity, data protection and privacy requirements as well as sovereign cloud solutions for our partners in Europe, the Middle East and Africa.”About Casper KlyngePrior to joining Zscaler, Casper Klynge had a unique career working in the intersection between geopolitics, international affairs, security and technology. Casper has a background in foreign affairs spanning several roles in the EU, NATO, and in government with geographical and operational experience from Europe, Africa, Asia and North America. His experience includes serving as Denmark’ s (& the world’s first) Ambassador to the global tech industry, Ambassador to Indonesia, Papua New Guinea, Timor Leste & ASEAN, and Ambassador to the Republic of Cyprus. Casper was the Deputy Head of Mission of NATO’s Provincial Reconstruction Team in Helmand Province, Afghanistan as well as Head of Mission of the EU’s civilian crisis management planning mission in Kosovo.More recently, Casper was Microsoft’s VP for European Government Affairs with responsibility for government affairs across the European continent, and the SVP in the Danish Chamber of Commerce. Casper holds a M.Sc. in Political Science, supplemented by an executive education from Stanford University. He is a 2009 Marshall Memorial Fellow and was in 2018 named among the World’s 100 most influential people in digital government. He is a member of the ECFR Council and serves on the Advisory Board of Think Tank Europe. In 2021 he joined the GLOBSEC Future Security and Defense Council (FSDC), advising NATO on geopolitics as it developed its new Strategic Concept. From 2020-2023 he served on the Executive Board of Digital Europe in Brussels. press@zscaler.com (zscaler.com) https://www.zscaler.com/press/zscaler-s-annual-ransomware-report-uncovers-record-breaking-ransom-payment-us-75-million https://www.zscaler.com/press/zscaler-s-annual-ransomware-report-uncovers-record-breaking-ransom-payment-us-75-million Tue, 30 Jul 2024 12:00:00 GMT Key Findings:ThreatLabz tracked an 18% increase in ransomware attacks year-over-yearManufacturing, healthcare, and technology sectors were the top targets of ransomware attacksThe United States remains the top target of ransomware, experiencing nearly 50% of overall attacks, followed by the United Kingdom, Germany, Canada, and FranceThreatLabz identified 19 new ransomware families during the analysis period, bringing the total number to 391 since tracking startedZscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today published its Zscaler ThreatLabz 2024 Ransomware Report, which analyzed the ransomware threat landscape from April 2023 through April 2024. The annual report details the latest ransomware attack trends and targets, ransomware families, and effective defense strategies. Findings in the report uncovered an 18% overall increase in ransomware attacks year-over-year, as well as a record-breaking ransom payment of US$75 million – nearly double the highest publicly known ransomware payout – to the Dark Angels ransomware group. ThreatLabz believes Dark Angels’ success will drive other ransomware groups to use similar tactics, reinforcing the need for organizations to prioritize protection against rising and ever-more costly ransomware attacks.“Ransomware defense remains a top priority for CISOs in 2024. The increasing use of ransomware-as-a-service models, along with numerous zero-day attacks on legacy systems, a rise in vishing attacks and the emergence of AI-powered attacks, has led to record breaking ransom payments,” said Deepen Desai, Chief Security Officer at Zscaler. “Organizations must prioritize Zero Trust architecture to strengthen their security posture against ransomware attacks. This is where an AI-powered Zero Trust platform like Zscaler helps organizations fast-track their segmentation journeys, reducing the blast radius as well as shutting down unknown vectors for future AI-driven attacks.”Top industries impacted by ransomware Ransomware attacks pose significant risks to businesses of all sizes and industries. The manufacturing industry was by far the most targeted according to the report, facing more than twice as many attacks as any other industry.Industries face unique ransomware challenges based on how they operate, handle data, and their technology infrastructure. Despite the variables, ransomware extortion attacks have consistently surged, with the number of victim companies listed on data leak sites increasing by nearly 58% since last year’s ransomware report. Most targeted industries in ransomware attacksManufacturingHealthcareTechnologyEducationFinancial ServicesUnited States remains top targetThe United States once again faced a higher volume of ransomware attacks than any other country, accounting for nearly half of all incidents globally.Most targeted countries for ransomware attacks:United States (49.95%)United Kingdom (5.92%)Germany (4.09%)Canada (3.51%)France (3.26%)When comparing year-over-year change in ransomware attacks, the US, Italy and Mexico saw the highest increase in ransomware attacks, with staggering rises of 93%, 78% and 58%, respectively.Most active ransomware familiesWhile ransomware and other cyberthreats continue to evolve in complexity and sophistication, staying informed about the most prevalent and dangerous ransomware families is crucial for maintaining an effective security posture.ThreatLabz identified the most active ransomware families:LockBit (22%)BlackCat (aka ALPHV) (9%)8Base (8%)Top five ransomware families to watch in 2024-2025:Dark AngelsLockBitBlackCatAkiraBlack BastaZscaler helps enterprises stop ransomware with zero trust securityFrom initial reconnaissance and compromise to lateral movement, data theft and payload execution, Zscaler helps organizations stop ransomware at every stage of the attack cycle:Minimize the attack surface: Zscaler effectively minimizes the attack surface by hiding users, applications and devices behind a cloud proxy, where they are not visible or discoverable from the internet.Prevent initial compromise: The Zscaler Zero Trust Exchange employs extensive TLS/SSL inspection, browser isolation, advanced inline sandboxing and policy-driven access controls to prevent users from accessing malicious websites as well as detect unknown threats before they reach your network. Eliminate lateral movement: Leverage user-to-app or app-to-app segmentation so that users connect directly to applications (and apps to other apps), not the network, eliminating the risk of lateral movement. Stop data loss: Inline data loss prevention measures, combined with full TLS/SSL inspection, effectively thwart data theft attempts. Zscaler ensures that data is secured both in transit and at rest.For a deeper dive into best practices for protecting your organization and the full findings, download the Zscaler ThreatLabz 2024 Ransomware Report. MethodologyThe research methodology for this report is a comprehensive process that uses multiple data sources to identify and track ransomware trends. The report team collected data from a variety of sources between April 2023 and April 2024. To identify and understand ransomware activity, Zscaler utilizes its global security cloud processing over 500 trillion daily signals, blocking 9 billion threats daily, and delivering 250,000+ security updates. The ThreatLabz Threat Intelligence team tracks ransomware families at scale through reverse engineering and automating malware analysis to develop effective response strategies. ThreatLabz also works closely with international law enforcement agencies and has played a significant role in recent actions, including Operation Duck Hunt and Operation Endgame. press@zscaler.com (zscaler.com) https://www.zscaler.com/press/zscaler-deliver-generative-ai-powered-zero-trust-security-innovations-collaboration-nvidia https://www.zscaler.com/press/zscaler-deliver-generative-ai-powered-zero-trust-security-innovations-collaboration-nvidia Tue, 11 Jun 2024 12:00:00 GMT Zscaler, Inc. (NASDAQ: ZS), a leader in cloud security, today announced a collaboration with NVIDIA to accelerate AI-powered copilot technologies. Zscaler will leverage NVIDIA AI technologies to deliver new user experience and security-centric copilot services to the enterprise. The introduction of new AI capabilities, leveraging NVIDIA NIM inference microservices, NVIDIA NeMo Guardrails, and the NVIDIA Morpheus framework, will dramatically increase the ability to process data from the Zero Trust Exchange™ platform, further enhancing Zscaler copilot’s ability to proactively defend enterprises against cyber threats and simplify IT and network operations.The rapid advancement of AI is becoming a primary game-changer to accelerate cybersecurity innovations. To effectively manage IT operations and combat threats at scale, enterprises must fully harness their massive volumes of data to equip an offensive and proactive security posture. The new Zscaler ZDX Copilot, a first-of-its-kind digital experience monitoring copilot, with NVIDIA NeMo Guardrails, offers network, device, and application performance insights to enable simplified IT support and operations at scale. NeMo Guardrails orchestrates dialog management, delivering accuracy, appropriateness, and security in smart applications with large language models (LLMs). It helps safeguard organizations by overseeing generative AI systems.The Zscaler Zero Trust Exchange™ platform is the world’s largest security cloud, processing more than 500B transactions per day. Using the power of Zscaler’s state-of-the-art predictive and generative AI, Zscaler is in ‌a unique position to rapidly identify, capture, and act on threats and anomalies that were previously difficult, if not impossible, to detect.Zscaler will also leverage NVIDIA Morpheus and NVIDIA NIM to deliver additional predictive and generative AI solutions to market:Zscaler ZDX Copilot with NVIDIA Morpheus, a GPU-accelerated, end-to-end AI framework that enables developers to create optimized applications for filtering, processing, and classifying large volumes of streaming cybersecurity data. This will enable real-time threat detection by optimizing AI pipelines with large volumes of data.Zscaler ZDX Copilot with NVIDIA NIM, a set of easy-to-use microservices part of NVIDIA AI Enterprise designed to accelerate the deployment of generative AI models anywhere. Its ability to support a wide range of LLMs will give customers efficient and scalable generative AI inferencing that lends itself to specific security and data protection use cases. This allows Zscaler to apply the most optimal and state-of-the-art generative AI models and multi-modal capabilities into its data protection suite via local LLMs. “The advancement of a cybersecurity vendor’s AI is becoming the critical ingredient in its ability to maintain an advantage over adversaries,” said Punit Minocha, EVP Business and Corporate Development, Zscaler. “Zscaler is committed to safeguarding AI with AI, and this collaboration with NVIDIA further builds on our leading position in the cybersecurity market.”“Generative AI and accelerated computing continue to transform every industry and enterprise, and require support spanning from cybersecurity to IT operations,” said Pat Lee, vice president of strategic partnerships at NVIDIA. “With the integration of NVIDIA’s AI software portfolio, Zscaler’s ZDX Copilot can now provide developers the security and protection needed to detect cyber anomalies and accelerate IT safety.” press@zscaler.com (zscaler.com) https://www.zscaler.com/press/zscaler-strengthens-partnership-google-deliver-secure-app-access-data-protection-and-security https://www.zscaler.com/press/zscaler-strengthens-partnership-google-deliver-secure-app-access-data-protection-and-security Tue, 11 Jun 2024 12:00:00 GMT Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, has doubled down on their partnership with Google to help organizations simplify and strengthen their approach to Zero Trust. The integration with Chrome Enterprise will provide hundreds of millions of enterprise users with advanced threat and data protection without the need for legacy VPNs or requiring additional browsers. In addition, the integration of Zscaler with Google Workspace helps prevent the exfiltration of sensitive enterprise data from apps like Gmail and Drive. And the sharing of Zscaler’s rich security telemetry with Google Security Operations enables organizations to strengthen their security operations, all from the cloud. This work with Google further strengthens Zscaler’s Zero Trust Exchange platform.Legacy security approaches like VPNs create a massive attack surface allowing adversaries to move laterally across networks and exfiltrate sensitive data. In fact, in the recent Zscaler ThreatLabz 2024 VPN Risk Report the research team found that 56% of organizations experienced one or more VPN-related cyberattacks in the last year and 91% of respondents expressed concerns about VPNs compromising their IT security environment. The Google and Zscaler partnership provides enterprises with secure access to private applications without the need for remote access VPNs.When third parties or employees use their personal devices (BYOD) to access corporate applications, cyber-threats and data loss become a concern. Traditionally, organizations have used endpoint security agents and virtual desktop infrastructure (VDI) products to address this, but they are costly, complex and deliver a poor user experience. Recently, some companies have promoted purpose-built web browsers as an alternative, but installing and managing yet another browser only adds complexity and frustration for end-users and enterprises. The integrated solution from Zscaler and Google reduces VDI reliance, without forcing users to adopt a new browser.Benefits of Google Chrome Enterprise with Zscaler Private AccessZscaler will ingest signals from Chrome Enterprise, including device posture, user identity and device attributes. This will enable organizations to enhance their security posture, improve threat detection, and make informed access control decisions. Organizations will also be able to ensure that corporate access is limited to Chrome Enterprise browsers. This will provide employees, partners and contractors with flexibility across devices to access private applications on-premises or in the cloud, while ensuring best-in-class security and performance.Preventing Exfiltration of Sensitive Data with Zscaler and Google WorkspaceZscaler integration with Workspace productivity and collaboration apps enables organizations to maintain a stricter control of their sensitive emails and documents. For example, Data Loss Prevention (DLP) capabilities help to prevent the exfiltration of sensitive data from Gmail, Google Drive, Sheets, Slides, and Docs. Tenant restrictions and granular instance controls help keep work and personal data separate with different levels of user access to personal vs work Gmail. In addition, the integration with Google Drive Labels API allows organizations to apply labels to files for classification, audit, and data protection purposes.Granular Cloud Security Insights with Zscaler’s Security Telemetry and Google Security OperationsZscaler integration with Google Security Operations enables organizations to more effectively detect, investigate, hunt and respond to threats. The integration provides actionable data within Google Security Operations, reducing the need to pivot across product consoles during investigations.“We are thrilled to partner with Google to deliver a comprehensive zero trust security solution through Chrome Enterprise that enables secure access to applications without the need for VPNs or new enterprise browsers," said Punit Minocha, EVP Business and Corporate Development, Zscaler. "In addition, by combining Zscaler's industry-leading Zero Trust Exchange with Google's powerful cloud services, we are providing enterprises with seamless data protection for Google Workspace and valuable security insights from Google Security Operations.”“Google has been a pioneer in enterprise zero trust access and has enabled secure access to corporate resources for Google employees around the world, without the need for VPNs,” stated Mayank Upadhyay, VP Engineering, Google Cloud Security. “Zscaler shares our vision for a zero trust model, and we are excited to work with them in delivering browser-based threat and data protection through Chrome Enterprise. This collaboration accelerates enterprise users’ zero trust journeys, enabling them to move away from legacy VPN approaches and embrace the future of secure access.”To learn more about Zscaler’s collaboration with Google Chrome Enterprise Premium read the blog by Google, or the detailed Zscaler Solution Guide. Forward Looking StatementsThis press release contains forward-looking statements that are based on our management's beliefs and assumptions and on information currently available to our management. These forward-looking statements include the expected benefits of the integration to Zscaler’s product offerings and to our customers. These forward-looking statements are subject to the safe harbor provisions created by the Private Securities Litigation Reform Act of 1995. A significant number of factors could cause actual results to differ materially from statements made in this press release, including those factors related to our ability to successfully integrate Google’s technology and operations. Additional risks and uncertainties are set forth in our most recent Quarterly Report on Form 10-Q filed with the Securities and Exchange Commission (“SEC”) on June 7, 2024, which is available on our website at ir.zscaler.com and on the SEC's website at www.sec.gov. Any forward-looking statements in this release are based on the limited information currently available to Zscaler as of the date hereof, which is subject to change, and Zscaler will not necessarily update the information, even if new information becomes available in the future.For more details, please see Zscaler with Google Chrome Enterprise. press@zscaler.com (zscaler.com) https://www.zscaler.com/press/persistent-systems-selects-zscaler-launch-technology-modernization-and-renewable-energy https://www.zscaler.com/press/persistent-systems-selects-zscaler-launch-technology-modernization-and-renewable-energy Thu, 30 May 2024 12:00:00 GMT Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, announced that Persistent Systems, a global organization delivering digital engineering enterprise modernization services and solutions, is leveraging the Zscaler Zero Trust ExchangeTM cloud security platform to drive its zero trust initiatives while concurrently expanding its business operations and achieving their environmental sustainability objectives.One of the fastest-growing IT services brands, Persistent sought a partner that not only had the trusted technology to support its digital transformation but also shared its environmental, social and governance corporate values.“Our initial focus was supporting our anywhere computing model for our employees spread across the globe coupled with zero trust architecture that paid dividends along the way,” said Debashis Singh, Chief Information Officer at Persistent. “Ultimately, we aimed to enhance our cybersecurity infrastructure while minimizing costs, complexity, and environmental impact. With this in mind, we were confident that evolving our strategic partnership with Zscaler was the natural next step in our security and cloud transformation journey.”To modernize its environment while providing an outstanding user experience and maximizing M&A agility, Persistent deployed the Zscaler Zero Trust Exchange platform. The AI-driven cloud security platform eliminates the need for firewall-based security appliances and enables secure access to applications and data, regardless of user location or device. This modern security architecture significantly reduces the attack surface and lateral movement, ensuring that users are always authenticated and authorized before accessing resources. With Zscaler’s cloud-native architecture, Persistent can scale their security infrastructure seamlessly as they grow, avoiding the complexities and expenses associated with legacy security solutions.In the initial phase, Persistent implemented Zscaler for Users. Zscaler Internet AccessTM (ZIATM) provides cloud-native, AI-driven secure web gateway access for its 22,800 users across 21 countries. Zscaler Private AccessTM (ZPATM) replaced traditional VPNs, offering fast and secure direct-to-cloud access to private applications from any device and location. Zscaler Data Loss PreventionTM (Zscaler DLPTM) fortified data security with advanced capabilities like inline TLS/SSL traffic inspection and data discovery. Zscaler Digital Experience enabled swift issue detection and remediation, ensuring an exceptional user experience. Zscaler DeceptionTM identified and stopped high-priority attacks by luring adversaries away from critical resources.Persistent quickly began realizing significant gains. In less than three months, the Zscaler Zero Trust Exchange platform helped Persistent measurably decrease business risk while increasing user productivity. Even as traffic sharply rose to 1,000 terabytes (about a 35% increase) since the year before, Persistent was shielded from 1.6 million security threats, 369,305 of which were hidden in encrypted traffic.“Balancing innovation and growth with cybersecurity and sustainability goals can represent a significant challenge for organizations worldwide,” said Mike Rich, Chief Revenue Officer and President of Global Sales at Zscaler. “A strategic partner that helps navigate these challenges can be a key success factor in the digital transformation journey. Zscaler is thrilled to support Persistent in their journey towards minimizing environmental impact and maximizing innovation. We value our continued partnership, especially as we move toward a future of zero trust built on generative AI.”For more stories from organizations that have leveraged Zscaler to become more efficient, resilient, and secure, visit us at the Zscaler Customer Success Stories page.To learn how Zscaler is minimizing impact on the planet and supporting customers to reach their environmental goals, visit the Zscaler CSR page.About Persistent SystemsWith over 22,800 employees located in 21 countries, Persistent Systems (BSE & NSE: PERSISTENT) is a global services and solutions company delivering Digital Engineering and Enterprise Modernization. As a participant of the United Nations Global Compact, Persistent is committed to aligning strategies and operations with universal principles on human rights, labor, environment, and anti-corruption, as well as take actions that advance societal goals. With 268% growth since 2020, Persistent is the fastest-growing Indian IT Services brand according to Brand Finance. www.persistent.com press@zscaler.com (zscaler.com) https://www.zscaler.com/press/zscaler-appoints-veteran-finance-executive-james-beer-its-board-directors https://www.zscaler.com/press/zscaler-appoints-veteran-finance-executive-james-beer-its-board-directors Tue, 28 May 2024 12:00:00 GMT Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced the appointment of James Beer to its Board of Directors and also to the audit committee of the Board of Directors. Following the appointment of Mr. Beer, the Zscaler board of directors consists of eight members.“Mr. Beer brings extensive expertise in leading complex finance organizations at large-scale enterprises across multiple industries and will be a valuable asset in helping advance Zscaler’s long-term vision and growth strategy,” said Jay Chaudhry, CEO, Chairman and Founder, Zscaler. “As we continue to advance our leadership in helping organizations navigate their zero trust cloud transformation, we are committed to attracting and appointing leaders to Zscaler’s board of directors from varying experiences and diverse backgrounds. James’ unique qualifications will bring in new perspectives and help us achieve our goal to accelerate our customers’ secure digital transformation journeys.”Most recently, Mr. Beer served as the chief financial officer of Atlassian Corporation, a leading provider of team collaboration and productivity software. Mr. Beer is currently a board member of Alaska Air Group and DocuSign, Inc. Mr. Beer holds a Bachelor of Science degree in aeronautical engineering from Imperial College London and a Master's degree in Business Administration from Harvard Business School. press@zscaler.com (zscaler.com) https://www.zscaler.com/press/european-businesses-confident-they-will-reach-nis-2-compliance-despite-limited-understanding https://www.zscaler.com/press/european-businesses-confident-they-will-reach-nis-2-compliance-despite-limited-understanding Tue, 28 May 2024 12:00:00 GMT 80% of European IT leaders are confident their organisations will meet NIS 2 compliance requirements by October, but only 53% believe their teams fully understand those requirements32% believe NIS 2 is a top priority for leadership, but 56% say IT teams still aren’t receiving the required support from that level to meet the deadline31% of respondents would consider their organisation’s current cyber hygiene ‘excellent’New research from Zscaler, the leader in cloud security, reports a disconnect between European company confidence in reaching NIS 2 compliance ahead of the October 17 deadline and an understanding of what achieving compliance will require. According to Zscaler’s latest report, NIS 2 & Beyond: Risk, Reward & Regulation Readiness, which surveyed more than 875 IT leaders across six European markets, 80% of IT leaders feel confident that their organisation will meet the compliance requirements before the deadline – and only 14% claim to have already met them. A little over half (53%) of IT leaders, however, believe their teams fully understand the demand, and even fewer (49%) believe leadership does. CISOs face an immediate need to educate all relevant stakeholders, from board level to section owners and employees across the organisation, to ensure compliance ahead of the due date.Leadership needs to act sooner rather than laterExamining the disconnect between confidence and understanding reveals some friction between how leaders are discussing NIS 2 and how they are acting upon it. Respondents indicate that leaders recognize the growing importance of the NIS 2 regulations, with one-third (32%) saying it is a top priority for their leadership and 52% saying it is becoming a higher priority. This does not appear to be reflected, however, in the support offered to company IT teams shouldering the burden of the compliance process. Most IT leaders (56%) feel their teams are not getting the leadership team support they need to meet the compliance deadline.Brian Marvin, GVP EMEA at Zscaler, said: “While there appears to be a quiet confidence across the region that businesses will reach NIS 2 compliance by the rapidly approaching deadline, our research suggests this confidence could be built on shaky foundations. If they are not careful, many businesses may find themselves rushing to the finish line and neglecting other cybersecurity processes as a result – something 60% of IT leaders admitted is possible. Leadership needs to act now and give their IT teams the necessary support to avoid missing key steps in their compliance journey and risking financial consequences and reputation damage.”Small improvements or a major overall of frameworks?Although the NIS 2 directive builds upon the existing NIS framework, 62% of respondents believe it is a significant departure from what they currently use. To become compliant, IT leaders are having to make the most significant changes in the areas of their tech stack/cybersecurity solutions (34%), educating employees (20%), and educating leadership (17%). When asked about the top three challenging sections of the directive, respondents pointed most often to:security in network and information systems acquisition, development, and maintenance (31%)basic cyber hygiene practices and cybersecurity training (30%)and policies and procedures around effective cybersecurity risk management measures (29%)While the NIS 2 directive is positioned as incorporating foundational level cybersecurity requirements, the report suggests many businesses across Europe are not as far along with their cybersecurity standards as they should be. Only 31% of respondents would label their current cyber hygiene as ‘excellent’. When looking at the survey from an industry perspective, the transport and energy sectors had a far lower level of cyber hygiene excellence, with only 14% of IT leaders in transport companies, and 21% in energy companies, claiming to have achieved this. These figures suggest that too few businesses in some critical infrastructure sectors have been keeping up with security reviews over the past few years, which could pose issues during their NIS 2 compliance checks this year.James Tucker, Head of CISO at Zscaler, said: “Regulations by themselves will never be the answer to first-class cybersecurity hygiene – particularly given the scale of the cybersecurity challenge. In fact, 53% of our respondents said the NIS 2 regulations don’t go far enough considering what businesses are facing. Rather than a problem to solve, regulations should be viewed as an opportunity to raise foundational security up a rung. Regulations need to become part of an organisation’s ongoing process reviews instead of a separate activity for IT teams to address. Businesses should be using this opportunity to review the scale of their technology stacks as well as find ways to simplify and track their hardware and software through one platform to avoid complexity in their organisational environment.”How can Zscaler help to overcome the challenges?The NIS 2 directive emphasises the responsibility of organisations to ensure network and information system security with a culture of governance and comprehensive risk management. They must adopt proactive technical, operational, and organisational measures to manage the risks posed to the security of network and information systems. Zscaler provides comprehensive security functionality with the cloud native, AI-powered Zscaler Zero Trust Exchange™ platform, designed to help organisations minimise their attack surface and ensure the effectiveness of security controls across their governance and risk management programs with the help of:Zscaler Internet Access™ and Zscaler Private Access™ deliver threat protection, data protection, and policy enforcement by controlling traffic flows while providing security event and transaction logs used for security monitoring and investigationAttack surface mitigation through the Zero Trust Exchange platform ensures that users are never placed on the network and applications are never exposed to the internet, significantly reducing the attack surface. In addition, it provides full access control policy to internal applicationsZscaler Risk360™ enables continuous monitoring and vulnerability detection, allowing organisations to proactively address security risksThe NIS 2 directive is a legislative act that aims to achieve a high common level of cybersecurity across the European Union. Member states must ensure that entities across 15 industry segments take appropriate measures to manage the risks posed to the security of network and information systems, and to prevent or minimise the impact of incidents on recipients of their services and on other services.Zscaler NIS 2 Report MethodologyThe purpose of this research was to investigate how businesses are preparing for the new NIS 2 regulation, the challenges they are facing, and where they are on their compliance journey. The survey was conducted among over 875 IT decision-makers working in companies with 500+ employees, from the UK, France, Germany, Italy, Spain, Netherlands, and Belgium. press@zscaler.com (zscaler.com) https://www.zscaler.com/press/zscaler-unveils-ai-innovations-power-industry-s-most-comprehensive-data-protection-platform https://www.zscaler.com/press/zscaler-unveils-ai-innovations-power-industry-s-most-comprehensive-data-protection-platform Tue, 14 May 2024 12:00:00 GMT Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, announced multiple innovations to its AI Data Protection Platform that leverage the world’s largest security cloud and the power of AI. These innovations make Zscaler’s AI Data Protection platform the industry’s most comprehensive data protection solution. We protect:Structured and unstructured data in-motion, at-rest, and in-useData across all inline channels including Web, SaaS, Email, BYOD, and private applications in both data centers and public cloudData in SaaS, IaaS/PaaS environments, endpoints, and on-premises network sharesData protection is a top priority for all organizations that must protect intellectual property and customers’ data from malicious insiders, accidental data loss, and bad actors. The problem is compounded with the expanding threat of new shadow AI, ransomware, and increased cloud usage. According to the 2024 ThreatLabz AI Report, enterprise AI/ML transactions grew by nearly 600% from April 2023 to January 2024, despite mounting security risks. "There is an immediate and critical need for a consolidated approach to data protection that can secure all types of data, in all locations, while streamlining security operations," said Moinul Khan, Vice President and General Manager, Data Protection, Zscaler. “Great data protection starts with complete visibility. Point products create complexity and security gaps, and do not provide a full 360 degree view of your enterprise data. With today’s launch of the Zscaler AI Data Protection Platform, we are continuing our commitment to help customers see all their data and scale security protection to prevent leaks. By enabling data security across structured and unstructured data and all channels with our comprehensive data protection platform, organizations can replace multiple legacy point products to reduce cost and complexity."Zscaler analyzes and harnesses knowledge from over 500 trillion data points daily across users, devices, networks, and applications. The power of AI and automation increases visibility to sensitive data everywhere, provides insightful context, and delivers closed-loop workflow automation. The latest enhancements to Zscaler’s AI Data Protection Platform include the following:Natively integrated Data Security Posture Management (DSPM), engineered as a central part of Zscaler’s data protection platform that discovers, classifies, and protects sensitive data in public clouds such as AWS and Microsoft AzureContext-rich GenAI App Security with user and risk correlation providing insights to risky prompts, AI app usage, and granular policy controlsNew, real-time Email DLP for securing sensitive data across corporate email including Microsoft 365 and Google Gmail - one of the most problematic insider threat vectorsAdditional platform enhancements including:Consolidated Unified SaaS Security, which integrates traditionally stand-alone technologies such as, SSPM, SaaS Supply Chain Security, Out-of-Band API CASB Security and analysis of deep user activities, to deliver a highly accurate correlation engine. This engine provides powerful, actionable insights for SaaS data, enabling proactive risk management and mitigationExpanded AI Auto Data Discovery to encompass all data-at-rest locations, including Endpoint, SaaS, and Public Cloud Infrastructure. This expansion streamlines legacy data protection programs by reducing complexity and enhancing efficiency“Organizations are looking for more ways to extract value from the data that exists across their ecosystem, while keeping sensitive and confidential information protected. The combination of data discovery, classification and mapping provides essential context for confident enforcement of security controls while still optimizing business processes,” said Jennifer Glenn, Research Director, Security & Trust, IDC. “Data security solutions, such as Zscaler’s AI Data Protection Platform, can help identify and fix data security issues, while also reducing the cost and complexity of deploying multiple classification engines and other point products.”"Today’s enterprises are tasked with managing data across more platforms than ever before including devices, clouds, applications and servers. Protecting and securing this data from loss and the exponential rise in threats like ransomware is a monumental task made even more challenging when teams have limited visibility into data at rest and in motion,” said Elad Horn, GVP, Product, Cohesity. “Together, Cohesity and Zscaler are helping these organizations bolster their data security and posture, offering deep visibility into sensitive data while empowering them to better defend their data from threats and speed their time to recovery from incidents.”To read more on how Zscaler is continuing to innovate and lead the industry in data protection, watch the innovation launch event and read the blog. press@zscaler.com (zscaler.com) https://www.zscaler.com/press/zscaler-joins-forces-google-offer-unparalleled-zero-trust-data-and-threat-protection https://www.zscaler.com/press/zscaler-joins-forces-google-offer-unparalleled-zero-trust-data-and-threat-protection Tue, 07 May 2024 12:00:00 GMT Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, has collaborated with Google on a joint zero trust architecture with Chrome Enterprise. This powerful combination brings the power of Zscaler Private Access™ (ZPA) enabling zero trust secure access to private applications to anyone across different locations and devices, with the advanced threat and data protection capabilities of Chrome Enterprise Premium. Together, they deliver an unmatched level of cybersecurity to safeguard users against malware, phishing, and advanced attacks targeting private applications.In the modern workplace in which cloud-based apps are the norm, browsers serve as the gateway to sensitive data and are prime targets for cyber threats. From phishing attacks to malware downloads and data exfiltration, the risks continue to rise. In fact, in the recent Zscaler ThreatLabz 2024 Phishing Report, the research team found a 60% increase in AI-powered phishing attacks due to a rapidly evolving threat landscape. Adopting a zero trust architecture coupled with Google Chrome Enterprise Premium offers users the most secure enterprise browsing.Enterprises using Google’s Chrome Enterprise Premium with Zscaler Private Access receive many benefits, including:Secure Zero Trust Access to Private Apps: Zscaler Private Access hides applications behind the Zero Trust Exchange and connects users directly to applications (vs network) via AI-powered segmentation to minimize the attack surface and eliminate lateral threat movement. Simplified Management and Data Protections: Chrome Enterprise Premium provides centralized control over browser settings, extensions, and data loss prevention (DLP) functions including data exfiltration controls, copy, paste and print restrictions. This complements Zscaler's data protection across endpoints, email, SaaS and cloud.Enhanced User Experience: Users gain access to a familiar and intuitive browsing experience while remaining protected. This joint solution empowers employees to work securely from any location on any managed device, promoting flexibility and productivity.“This collaboration brings together the most secure private app access solution from Zscaler with the advanced security capabilities in Chrome Enterprise to give customers the security they need without any complexity. Zscaler Private Access and Chrome Enterprise Premium are already widely adopted and with this collaboration, customers can not only retire legacy solutions like VPNs and Firewalls but also avoid adopting yet another enterprise browser to meet the security needs of today and the future,” said Dhawal Sharma, Senior Vice President and General Manager, Zscaler.“Google’s BeyondCorp model has been a pioneer in enterprise zero trust access and has enabled secure access to corporate resources for Google employees around the world, without the need for VPNs,” stated Mayank Upadhyay, VP Engineering, Google Cloud Security. “Zscaler shares our vision for a zero trust model, and we are excited to work with them in delivering browser-based threat and data protection through Chrome Enterprise Premium. This collaboration accelerates enterprise users’ zero trust journeys, enabling them to move away from legacy VPN approaches and embrace the future of secure access.” A Leader in the 2024 Gartner® Magic Quadrant™ for Security Service Edge (SSE), Zscaler protects thousands of customers from cyberattacks and data loss by securely connecting users, devices, and applications in any location. Distributed across more than 150 data centers globally, the Zero Trust Exchange™ platform is the world’s largest in-line cloud security platform. To learn more about Zscaler’s collaboration with Google Chrome Enterprise Premium see Google’s blog, or the joint solution guide. You can also stop by the Zscaler booth at RSA Conference (May 6-9, San Francisco) Booth# N-6170 to talk to one of our security experts or email us at: chromeintegration@zscaler.com. press@zscaler.com (zscaler.com) https://www.zscaler.com/press/vpn-risk-report-finds-more-half-organizations-experienced-vpn-related-cyberattack-last-year https://www.zscaler.com/press/vpn-risk-report-finds-more-half-organizations-experienced-vpn-related-cyberattack-last-year Tue, 07 May 2024 12:00:00 GMT VPN security concerns rise as 91% of respondents express concerns about VPNs leading to a compromising breachThe survey identifies the top threats exploiting VPN vulnerabilities to be ransomware (42%), other types of malware (35%), and DDoS attacks (30%)Lateral movement is a top concern, as reported by a majority of enterprises breached by VPN, demonstrating significant containment failuresZscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced the release of the 2024 ThreatLabz VPN Risk Report. The study, reviewed by Cybersecurity Insiders, surveyed over 600 professionals across the security, IT, and networking sectors. It found that 56% of organizations have been targets of cyberattacks exploiting VPN security vulnerabilities in the last year. These incidents underscore the growing imperative to move away from traditional perimeter-based defenses towards a more robust Zero Trust architecture.This shift to Zero Trust has gained momentum following recent high-profile breaches and critical vulnerabilities with VPNs from two large vendors: Ivanti (CVE-2023-46805 and CVE-2024-21887) - Remote attackers were able to perform authentication bypass and remote command injection exploits.Palo Alto Networks OS vulnerability (CVE-2024-3400) - Unauthenticated users exploited the security vendor’s operating system to infiltrate the network. As a result, the vulnerability received the maximum severity score of 10.0.The Ivanti zero-day vulnerabilities even led the Cybersecurity and Infrastructure Security Agency (CISA) to issue an emergency directive for federal agencies to immediately sever connections with the compromised VPN devices. VPN security challengesVPNs have traditionally facilitated remote enterprise access to networks, yet the growing scale and complexity of cyber threats targeting these networks remain a significant concern for security teams. Among those surveyed, 91% voiced apprehension regarding VPNs as weak entry points in their IT infrastructure, highlighted by recent breaches that exposed the dangers of relying on outdated or unpatched VPN infrastructure. “Over the past year, numerous critical VPN vulnerabilities have served as successful entry points for attacks on large enterprises and federal entities,” said Deepen Desai, CSO at Zscaler. “Considering these repeated outcomes, it’s crucial for enterprises to anticipate that threat actors will increasingly exploit these legacy, internet-exposed assets — appliances and virtual — that enable them to easily navigate laterally across traditional flat networks. It is essential to transition to a Zero Trust architecture, which significantly reduces the attack surface by eliminating legacy technologies like VPNs and Firewalls, enforces consistent security controls with TLS inspection, and limits the blast radius with segmentation & deception, thereby preventing damaging breaches.”Key VPN vulnerability exploitsThe report identifies ransomware attacks (42%), malware infections (35%), and DDoS attacks (30%), as the top threats exploiting VPN vulnerabilities. These statistics emphasize the extensive risks organizations face due to the inherent weaknesses in traditional VPN architectures, reinforcing the need for a shift to Zero Trust architecture. Notably, the report revealed that 78% of surveyed organizations plan to actively implement Zero Trust strategies within the next 12 months. Additionally, 62% of enterprises acknowledge that VPNs go against the principles of Zero Trust and that even delivering VPNs through the cloud does not constitute a Zero Trust architecture.Stop the spreadAmong enterprises who were breached via VPN vulnerabilities, a majority of impacted enterprises say threat actors moved laterally on the network, demonstrating significant containment failures after the initial point of compromise. To help minimize the blast radius and mitigate risk from VPN vulnerabilities, Zscaler strongly urges the adoption of a Zero Trust architecture. A Zero Trust architecture will help enterprises:Minimize the attack surface by making apps invisible to the internet, making them more difficult for attackers to discover and targetPrevent compromise with inline traffic and content inspection to detect and block malicious activity and shield resources from unauthorized access or data exfiltrationEliminate lateral movement by segmenting and connecting users directly to applications instead of the network, thus limiting an attackers’ opportunities for unauthorized access and lateral spreadTo learn more about the risks VPNs pose to the enterprise, download the Zscaler ThreatLabz 2024 VPN Risk Report with Cybersecurity Insiders at: www.zscaler.com/campaign/threatlabz-vpn-risk-reportMethodologyThe VPN Risk Report surveyed more than 600 security, IT, and networking professionals. press@zscaler.com (zscaler.com) https://www.zscaler.com/press/zscaler-introduces-first-its-kind-digital-experience-monitoring-copilot-enable-it-support-and https://www.zscaler.com/press/zscaler-introduces-first-its-kind-digital-experience-monitoring-copilot-enable-it-support-and Thu, 25 Apr 2024 12:00:00 GMT Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced groundbreaking innovations - ZDX Copilot, Hosted Monitoring, and Data Explorer - to its Zscaler Digital Experience™ (ZDX™) service. The new ZDX Copilot, an AI assistant, instantly analyzes and harnesses knowledge from over 500 trillion data points daily across users, devices, networks, and applications, to provide IT operations, service desk, and security teams insights they need related to digital experience and performance. Teams can ask sequences of questions to effectively converse with Copilot, which uses Generative AI, to review high-level trends and progressively narrow results down to specific actionable insights.ZDX Copilot delivers numerous benefits across IT and security:Service desk teams can isolate root cause of user complaints to efficiently triage tickets, and collaborate with other teams; they can also easily look up technical informationNetworking teams can conversationally perform deep analysis across networks, applications and regions to identify trends or find opportunities for optimizationSecurity teams can ensure that their services are performant at all times, and instantly expose root cause of issues and affected parties when performance lagsIT leaders can conveniently extract and present digital experience trends and performance insights to show progress, or to identify new opportunitiesZDX Copilot also automates common configuration tasks like setting alerts, when asked. Its versatility can help your IT teams significantly improve efficiency, and collaboration across IT operations, service desk, and security. Every customer is equipped with their own Copilot keeping their company’s data private and secure.Zscaler also announced the early availability of Zscaler Hosted Monitoring, a service that helps IT operations teams continuously monitor availability and performance of applications and services from globally distributed monitoring infrastructure on Zscaler’s global cloud. With Hosted Monitoring, IT teams can:Ensure that external websites perform at their best, no matter where customers are locatedMonitor SLA compliance for applications and services purchased from SaaS, cloud, datacenter, or network providersConfidently roll out new applications or expand into new regions as businesses grow, whether organically or through M&A“As organizations adopt Zero Trust architectures, siloed monitoring tools lose visibility across the data path,” said Dhawal Sharma, Senior Vice President and General Manager at Zscaler. “ZDX reinstates end-to-end visibility across devices, networks, and applications. And with this release, Hosted Monitoring extends 24/7 monitoring to SaaS and external websites from several global locations. Using ZDX Copilot, IT teams such as Service Desk and IT Operations can achieve operational excellence by instantly accessing insights drawn from trillions of performance metrics using GenAI to easily analyze IT issues, and to work collaboratively with speed and accuracy.”Zscaler Digital Experience has also introduced Data Explorer, which enables IT teams and leaders to easily build and share customized reports that visually correlate data drawn from diverse datasets, contextualizing it for their businesses.For a deeper dive into the latest enhancements to ZDX, read this blog. press@zscaler.com (zscaler.com) https://www.zscaler.com/press/glp-selects-zscaler-accelerate-its-cloud-security-transformation-journey https://www.zscaler.com/press/glp-selects-zscaler-accelerate-its-cloud-security-transformation-journey Wed, 24 Apr 2024 12:00:00 GMT Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, announced that GLP, a leading global business builder, owner, developer and operator of logistics real estate, digital infrastructure, renewable energy and related technologies, is leveraging Zscaler for Users, part of the AI-powered Zscaler Zero Trust ExchangeTM cloud security platform, to further strengthen its cybersecurity practice across its portfolio. GLP determined the security limitations and risk associated with their legacy security stack built on VPNs was not able to protect their users, data and applications from the increase in sophisticated cyber attacks.Founded in 2009, GLP is a leading global business builder, owner, developer and operator of logistics real estate, digital infrastructure, renewable energy and related technologies. At present, GLP owns and operates assets and businesses in 17 countries, including China, Brazil, India, Japan, and the U.S., with a portfolio of over 3,000 properties globally.GLP needed a robust cybersecurity strategy to tackle the mounting challenges posed by the increase in cyber threats. Convinced of the value of a Zero Trust architecture, GLP needed a technology partner that could help protect its intellectual property portfolio. “With the increasing physical and digital footprint of the company, it was imperative for us to be proactive in creating a cybersecurity strategy that would ensure our critical assets are well protected from escalating threats,” shared Miao Song, Global Chief Information Officer at GLP. “Previously, we had been utilizing different tools and systems, such as VPN, to keep our network and assets secure but we realized that the suite of products we had deployed were ineffective in meeting our cybersecurity goals. We were looking for a partner that can help us implement a robust Zero Trust strategy and selected Zscaler for its capabilities in helping us attain our desired outcome.”As part of the first phase of their Zero Trust transformation, GLP is deploying the Zscaler Private Access™ (ZPA™) solutions that will enable both GLP staff as well as third-party vendors to securely and effortlessly access private apps and OT devices. With Zscaler for Users, GLP and its affiliated users will be able to take advantage of Zero Trust connectivity directly to applications. This is especially beneficial in managing assets across the enterprise’s hybrid cloud environment globally. “The severity, frequency and volume of cybersecurity is escalating faster each year. These growing threats pose a data security challenge to multinational corporations when it comes to protecting their assets across all locations, all the time,” said Andreas Hartl, Senior Vice President, Asia Pacific & Japan at Zscaler. “Zscaler is committed to simplifying while accelerating our customers' security transformation journeys through using our Zero Trust Exchange, the world’s largest cloud security platform. We are thrilled to be identified as the most secure solution partner-of-choice by a leading brand like GLP and we are excited to support them in this journey to secure their operations globally.” press@zscaler.com (zscaler.com) https://www.zscaler.com/press/zscaler-research-finds-60-increase-ai-driven-phishing-attacks https://www.zscaler.com/press/zscaler-research-finds-60-increase-ai-driven-phishing-attacks Tue, 23 Apr 2024 12:00:00 GMT Vishing (voice phishing) and deepfake phishing attacks are on the rise as attackers leverage generative AI to amplify social engineering tactics.The US, UK, India, Canada and Germany were the top five countries targeted by phishing scams.The finance and insurance industry faced 27.8% of overall phishing attacks, the highest concentration among industries and a staggering 393% year-over-year increase.Microsoft remains the most imitated brand, with 43.1% of phishing attempts targeting it.Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced the release of the Zscaler ThreatLabz 2024 Phishing Report, which analyzes 2 billion blocked phishing transactions across the Zscaler Zero Trust Exchange™ platform, the world’s largest cloud security platform, between January and December 2023. The data revealed a year-over-year increase of nearly 60% in global phishing attacks, fueled in part by the proliferation of generative AI-driven schemes such as voice phishing (vishing) and deepfake phishing. This year’s report includes actionable insights on phishing activity and tactics, along with offering best practices and strategies to enhance an organization’s security posture to prevent and minimize related threats. “Phishing remains a persistent and often underestimated threat within the cybersecurity landscape, growing more sophisticated as threat actors harness cutting-edge advancements in generative AI and manipulate trusted platforms to intensify attacks,” said Deepen Desai, CSO and Head of Security Research. “In this context, the latest ThreatLabz insights are more crucial than ever for informing our strategies and strengthening phishing defenses. These findings emphasize the need for organizations to adopt a proactive layered approach that integrates a robust zero trust architecture with advanced AI-powered phishing prevention controls to effectively counteract these evolving threats.”North America experienced more than half of all phishing attacks, with EMEA and India followingIn 2023, the United States (55.9%), United Kingdom (5.6%) and India (3.9%) emerged as the top countries targeted by phishing scams. The high occurrence of phishing in the U.S. is attributable to its advanced digital infrastructure, large population of internet-connected users and extensive use of online financial transactions.Canada (2.9%) and Germany (2.8%) rounded out the top five countries that experienced the most phishing attempts. The majority of phishing attacks originated from the U.S., the U.K., and Russia, while Australia entered the top 10 due to a 479% year-over-year surge in the volume of phishing content hosted in the country.Financial industry faces a nearly 400% increase in attacks The finance and insurance sector experienced the highest number of overall phishing attempts, amounting to a 393% increase of attacks from the previous year. Reliance on digital financial platforms provides ample opportunities for threat actors to carry out phishing campaigns and exploit vulnerabilities in this sector.The manufacturing industry also experienced a significant uptick (31%) in phishing attacks from 2022 to 2023, underscoring the growing awareness of the industry's vulnerability. As manufacturing processes become more reliant on digital systems and interconnected technologies like IoT/OT, the risk of exploitation by threat actors seeking unauthorized access or disruption also grows.Microsoft remains the most impersonated brand used in phishing attacks ThreatLabz researchers identified enterprise brands such as Microsoft, OneDrive, Okta, Adobe and SharePoint as prime targets for impersonation due to their widespread usage and the value associated with acquiring user credentials for these platforms.Microsoft (43%) emerged as the top imitated enterprise brand in 2023, with its OneDrive (12%) and SharePoint (3%) platforms also ranking in the top five—serving as lucrative targets for cybercriminals aiming to exploit Microsoft’s vast user base. How a Zero Trust architecture can mitigate phishing attacksOrganizations can implement a Zero Trust architecture with advanced AI-powered phishing prevention controls to effectively defend against the ever-evolving threat landscape highlighted in the report. The Zero Trust Exchange platform helps prevent conventional and AI-driven phishing attacks at multiple stages of the attack chain by:Preventing compromise: TLS/SSL inspection at scale, AI-powered browser isolation and policy-driven access controls prevent access to suspicious websites.Eliminating lateral movement: Users connect directly to applications, not the network, while AI-powered app segmentation limits the blast radius of a potential incident.Shutting down compromised users and insider threats: Inline inspection prevents private application exploit attempts, and integrated deception capabilities detect the most sophisticated attackers.Stopping data loss: Inspection of data in-motion and at-rest prevents potential theft by an active attacker.For a deeper dive into best practices for protecting your organization and to download the full Zscaler ThreatLabz 2024 Phishing Report, visit http://www.zscaler.com/campaign/threatlabz-phishing-report.MethodologyZscaler ThreatLabz analyzed 2 billion blocked phishing transactions between January and December 2023, exploring various aspects including top phishing attacks, targeted countries, hosting countries for phishing content, distribution of company types based on server IP addresses, and the top referrers linked to these phishing attacks. press@zscaler.com (zscaler.com) https://www.zscaler.com/press/zscaler-positioned-leader-2024-gartner-r-magic-quadrant-tm-security-service-edge-sse-third https://www.zscaler.com/press/zscaler-positioned-leader-2024-gartner-r-magic-quadrant-tm-security-service-edge-sse-third Thu, 18 Apr 2024 12:00:00 GMT Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced that it has been recognized as a Leader in the 2024 Gartner Magic Quadrant for Security Service Edge (SSE) for the third year in a row. Prior to the SSE Magic Quadrant, Zscaler was recognized as a leader for 10 consecutive years in the Magic Quadrant for Secure Web Gateway (SWG).Gartner highlighted Zscaler’s strong revenue growth is outpacing the market, and that Zscaler is frequently seen on vendor shortlists for SSE. Geographic strategy was also recognized, specifically Zscaler’s global Points of Presence (PoPs) are strategically positioned close to major population centers, and it has secured a strong set of regional accreditations, including FedRAMP High, C5, IRAP, and UK Cyber Essentials. Customers continue to choose Zscaler for its ability to provide true zero trust security on a global scale.“We’re proud that Gartner has recognized Zscaler as a Leader in the Magic Quadrant for SSE for all three years since the report’s inception”, said Jay Chaudhry, CEO, Chairman, and Founder of Zscaler. “SSE remains a popular framework for guiding customers on their security transformation journeys, and we have significant architectural advantages compared to SSE powered by Next Generation Firewalls (NGFWs). As we have been repeatedly reminded by security breaches in recent months, firewall and VPN vendors continue to experience critical vulnerabilities that leave their customers at risk of attack. It’s clear that customers should leave legacy network security behind and migrate to a zero trust architecture.”In addition to being named a Leader in the 2024 Gartner Magic Quadrant for SSE, Zscaler has also been recognized by customers. The company is honored of its consistently high rating in Gartner Peer Insights, currently at 4.5/5, and is the most reviewed vendor in the SSE segment. Zscaler consistently achieves an NPS score over 70, far above the average for SaaS vendors.A complimentary copy of the 2024 Gartner Magic Quadrant for SSE report can be downloaded here.Gartner DisclaimerGartner, Magic Quadrant for Security Service Edge, 17 April 2024, Thomas Lintemuth, Charlie Winckless, Dale Koeppen.Gartner, Gartner Peer Insights ‘Voice of the Customer’: Security Service Edge, Peer Contributors, 29 September 2023.Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.Gartner Peer Insights content consists of the opinions of individual end users based on their own experiences with the vendors listed on the platform, should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose.GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, MAGIC QUADRANT and PEER INSIGHTS are registered trademarks of Gartner, Inc. and/or its affiliates and are used herein with permission. All rights reserved. press@zscaler.com (zscaler.com) https://www.zscaler.com/press/zscaler-extends-zero-trust-sase-leadership-and-eliminates-need-firewall-based-segmentation https://www.zscaler.com/press/zscaler-extends-zero-trust-sase-leadership-and-eliminates-need-firewall-based-segmentation Thu, 11 Apr 2024 12:00:00 GMT Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced they have signed an agreement to acquire Airgap Networks, the leader in cybersecurity solutions for business-critical networks. Combining Zscaler’s Zero Trust SD-WAN and Airgap Networks’ agentless segmentation technology will transform how enterprises implement Zero Trust Segmentation to IoT/OT devices, and critical infrastructure across branches, campuses, factories, and data centers, including east-west connectivity.Traditional NAC and network-based firewalls that use static Access Control Lists (ACLs) to control east-west traffic were not designed to prevent sophisticated threats from moving laterally within a Local Area Network (LAN). Airgap Networks’ novel approach, using an intelligent Dynamic Host Configuration Protocol (DHCP) proxy architecture, isolates every device and dynamically controls access based on identity and context, reducing business risk for enterprises with critical infrastructure.Customers will benefit in the following ways:Extending Zero Trust to Devices on Internal Networks - Airgap Networks’ technology enforces Zero Trust principles across east-west (LAN) device traffic, shrinking the internal attack surface to help eliminate lateral threat movement on campus and OT networks. Securing Critical OT Infrastructure - Airgap Networks’ technology delivers real-time device discovery and inline enforcement. It acts as a ransomware kill switch, disabling non-essential device communications to halt lateral threat movement without interrupting business operations. Airgap Networks’ solution neutralizes advanced threats, such as ransomware on IoT devices, OT systems, and agent-incapable devices. Delivering Operational Simplicity and Cost Savings - Airgap Networks’ solution eliminates the need for risk-prone east-west firewalls and antiquated security technologies, such as Network Access Control (NAC), with the ability to identify and control all traffic from managed and unmanaged devices on any branch, campus or factory network without requiring changes to the existing switching and routing infrastructure. This dramatically improves enterprises’ security posture as traditional approaches using NAC fundamentally contradict the foundational principle of Zero Trust – "never trust, always verify."“Together, Zscaler and Airgap Networks have the opportunity to reimagine every aspect of how traditional solutions have approached security in campus and data center environments, particularly east-west,” said Naresh Kumar, Vice President and General Manager of Product Management, Zscaler. “Zscaler is doubling down on SASE with significant innovation around Zero Trust Networking, disrupting SD-WAN, NAC, and firewall-based security for east-west and OT networks.”For more information, see “Zscaler Acquires Airgap Networks.” The terms of the deal were not disclosed. Forward-Looking Statements This press release contains forward-looking statements that are based on our management's beliefs and assumptions and on information currently available to our management. These forward-looking statements include the expected benefits of the acquisition to Zscaler’s product offerings and to our customers. These forward-looking statements are subject to the safe harbor provisions created by the Private Securities Litigation Reform Act of 1995. A significant number of factors could cause actual results to differ materially from statements made in this press release, including those factors related to our ability to successfully integrate Airgap Networks technology and operations, and our ability to retain key employees of Airgap Networks after the acquisition. Additional risks and uncertainties are set forth in our most recent Quarterly Report on Form 10-Q filed with the Securities and Exchange Commission (“SEC”) on March 6, 2024, which is available on our website at ir.zscaler.com and on the SEC's website at www.sec.gov. Any forward-looking statements in this release are based on the limited information currently available to Zscaler as of the date hereof, which is subject to change, and Zscaler will not necessarily update the information, even if new information becomes available in the future. press@zscaler.com (zscaler.com) https://www.zscaler.com/press/zscaler-only-cybersecurity-vendor-receive-mtcs-level-3-certification https://www.zscaler.com/press/zscaler-only-cybersecurity-vendor-receive-mtcs-level-3-certification Thu, 04 Apr 2024 12:00:00 GMT Zscaler, Inc., the leader in cloud security, has announced that it is the only cybersecurity vendor to receive the Multi-Tier Cloud Security Standard (MTCS) Level 3 certification under the Software-as-a-Service (Saas) category. The MTCS Certification Scheme was developed by the Information Technology Standards Committee (ITSC). Helmed by the Infocomm Media Development Authority (IMDA), the certification provides a three-tiered security standard for cloud services providers to adhere to for sound risk management and security practices. There has been an increased focus on implementing zero trust strategies across numerous public sector organizations globally – especially in light of the increasing number of cyberattack campaigns being launched by threat groups. In support of Zscaler’s commitment to helping organizations in their pursuit of driving security transformation, the cloud security leader has been ramping up investments in international markets.As the only cloud security vendor with the MTCS Level 3 certification, the Zscaler Zero Trust Exchange platform meets the security requirements of high-impact use cases by regulated organizations and the government in Singapore. This certification allows our customers to deploy the zero trust platform solution without being concerned about adherence to compliance and security requirements.Along with the MTCS certification, all core Zscaler solutions comply with the U.S. Federal government’s FedRAMP program at High and Moderate levels, as well as with NIST 800-63C, NIST 800-53, NIST 800-207, and other certifications by large international government agencies in Germany, Australia, U.K. and more.“Zscaler is thrilled to have received the highest certification for the MTCS security standard. As part of our mission to provide our customers with best-of-breed security solutions, we have implemented rigorous security, availability, and privacy standards so customers can easily adopt our services,” said Kumar Selvaraj, Vice President, Global Security Compliance, Zscaler. “Zscaler prides itself on achieving the highest level of compliance in each of the markets we operate and these certifications are a testament to the strict security standards Zscaler adheres to day-in, day-out.” “As a leading hub in both the Asia Pacific and the ASEAN region, Singapore has become an attractive target for threat actors when it comes to launching cyber attack campaigns. It is deeply heartening to see the gravity with which the government in Singapore is evolving its cybersecurity framework and policies,” added Karen Chong, Regional Vice President, ASEAN & GCR, Zscaler. “With news of cyber vulnerabilities hitting the headlines with greater frequency now, we are committed to helping the Singapore government and organizations as they double down on zero trust transformation. With this certification, we are well positioned to support our growing base of customers in the region on their digital security journeys.”You can also find out more about our various compliance certifications at https://www.zscaler.com/compliance/overview. press@zscaler.com (zscaler.com) https://www.zscaler.com/press/zscaler-finds-enterprise-use-ai-ml-tools-skyrocketed-nearly-600-over-last-year-putting https://www.zscaler.com/press/zscaler-finds-enterprise-use-ai-ml-tools-skyrocketed-nearly-600-over-last-year-putting Wed, 27 Mar 2024 12:00:00 GMT Enterprise AI/ML transactions increased from 521 million monthly in April 2023 to 3.1 billion monthly by January 2024.Manufacturing generates the most AI traffic, totaling 21% of all AI transactions in the Zscaler security cloud, followed by Finance and Insurance (20%) and Services (17%).The most popular AI/ML applications for enterprises by transaction volume are ChatGPT, Drift, OpenAI, Writer, and LivePerson.The top five countries generating the most enterprise AI transactions are the US, India, the UK, Australia, and Japan.Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced the release of its 2024 AI Security Report, which draws on more than 18 billion AI transactions across the Zscaler Zero Trust Exchange™ cloud security platform from April 2023 to January 2024. Zscaler ThreatLabz researchers analyzed how enterprises use AI/ML tools and mapped trends across sectors and geographies, highlighting how businesses are adapting to the shifting AI landscape and managing security around the use of AI tools. Today's enterprises must secure a transformation driven by generative AI (GenAI) bidirectionally: by securely adopting GenAI tools in the enterprise with Zero Trust while leveraging it to defend against the new AI-driven threat landscape.AI has already become a part of business as usual, as enterprises leverage and integrate new features and tools into their day-to-day workflows, multiplying the volume of transactions and data generated. The much higher volume is reflected in the nearly 600% increase in transactions as well as the 569 terabytes of enterprise data sent to AI tools that ThreatLabz analyzed between September 2023 and January 2024.“Data is the lifeblood of every enterprise and the gold of this new era in the AI revolution,” said Deepen Desai, Chief Security Officer, Zscaler. “With the visibility provided by the Zscaler Zero Trust Exchange’s nearly 500 trillion daily signals combined with Avalor* Data Fabric, we believe Zscaler is uniquely positioned to fight AI with AI and improve Zero Trust security across the enterprise.”AI transactions grow exponentiallyFrom April 2023 to January 2024, ThreatLabz saw AI/ML transactions grow by nearly 600%, rising to more than 3 billion monthly across the Zero Trust Exchange platform in January. Despite the mounting security risk and increasing number of data protection incidents, enterprises are adopting AI tools in large numbers.Manufacturers responsible for more than 20% of enterprise AI/ML transactionsManufacturing was found to be the industry leader in AI transactions across the Zero Trust Exchange platform, driving nearly 20% of the total volume. From analyzing vast amounts of data from machinery and sensors to preemptively detect equipment failures to optimizing supply chain management, inventory, and logistics operations, AI is proving instrumental to manufacturers. The other notable verticals that comprise the top five are finance and insurance (17%), technology (14%), services sectors (13%), and retail/wholesale (5%).ChatGPT leads the way as the most popular GenAI applicationResearch shows that ChatGPT accounted for more than half of all enterprise AI transactions (52%), while the OpenAI application itself ranked third (8%). Drift, the popular AI-powered chatbot, generated nearly 20% of enterprise traffic, while LivePerson and BoldChat also made the list. Writer was the favorite GenAI tool for creating written enterprise content.The United States leads the way in enterprise AI tools usageAI adoption trends differ globally as regulations, requirements, technology infrastructure, cultural considerations, and other factors play key roles. At 40%, the US produces the highest percentage of enterprise AI transactions globally. India was second at 16%, propelled by the country’s accelerated commitment to driving innovation.Although the UK's share of global enterprise AI transactions is only 5.5%, it leads enterprise AI traffic in EMEA with over 20%. France (13%) and Germany (12%), as expected, follow closely behind as the second and third largest enterprise AI traffic generators in EMEA. However, the United Arab Emirates is a rapidly growing technological innovator in the region that has also emerged as a prominent AI adopter.In the APAC region, ThreatLabz discovered a staggering increase of nearly 1.3 billion (135%) more enterprise AI transactions compared to EMEA. This surge can likely be attributed to India’s extensive usage and adoption of AI tools for conducting business across the tech sector, and it may suggest a higher concentration of tech jobs, stronger willingness to adopt new innovations, and fewer barriers to usage.AI empowered threat actors amplify enterprise risk and security challengesAs the power of AI has advanced, it has become a double-edged sword for enterprises. While AI offers immense potential for innovation and efficiency, it also brings forth a new set of risks that organizations must grapple with–namely, risks associated with leveraging GenAI tools within the enterprise and an evolving landscape of AI-assisted threats.The utilization of GenAI tools within enterprises introduces significant risks that can be categorized into three main areas:Protection of intellectual property and non-public information: the risk of data leakageAI application data privacy and security risks: including an expanded attack surface, new threat delivery vectors, and increased supply chain riskData quality concerns: the concept of "garbage in, garbage out" and the potential for data poisoningSimultaneously, enterprises are constantly exposed to a barrage of cyberthreats, some of which are now AI-driven. The possibilities of AI-assisted threats are virtually limitless, as attackers can leverage AI to orchestrate sophisticated phishing and social engineering campaigns, develop highly evasive malware and ransomware, exploit vulnerabilities in enterprise attack surfaces, and amplify attacks' speed, scale, and diversity. To address this challenge, enterprises and cybersecurity leaders must effectively navigate the rapidly evolving AI landscape to harness its revolutionary potential while also mitigating the risks and defending against AI-powered attacks.Enabling secure enterprise AI adoption with ZscalerZscaler is at the forefront of empowering enterprises to embrace the potential of AI applications while ensuring the safety of their data and maintaining an environment that’s secure against emerging channels for exfiltration. With the Zero Trust Exchange platform, Zscaler provides the comprehensive set of tools necessary for this transformative journey, encompassing four critical capabilities:Full visibility into AI tool usageGranular access policy creation for AIGranular data security for AI applicationsPowerful controls with browser isolationBy leveraging Zscaler’s Zero Trust security controls, enterprises can confidently embrace their AI transformation, fully harnessing the potential of generative AI while ensuring the highest level of security. They will gain the necessary tools to protect their business from AI-driven threats while benefiting from Zscaler’s fine-tuned AI policies and robust data protections.Download the full version of the 2024 AI Security Report now to uncover even more insights about securing AI.*See here to learn more about Zscaler’s recent acquisition of Avalor.MethodologyAnalysis of 18.09 billion AI transactions from April 2023 to January 2024 in the Zscaler security cloud, the Zero Trust Exchange. press@zscaler.com (zscaler.com) https://www.zscaler.com/press/zscaler-and-bt-announce-new-commercial-partnership-strengthen-bt-s-managed-security-services https://www.zscaler.com/press/zscaler-and-bt-announce-new-commercial-partnership-strengthen-bt-s-managed-security-services Tue, 26 Mar 2024 12:00:00 GMT Zscaler, Inc., and BT today announced an expanded partnership that will position BT as the first global service provider to offer a full suite of managed security services based on the Zscaler AI-driven Zero Trust Exchange™ cloud security platform. BT can offer its customers a range of new solutions that will reduce the complexity of IT infrastructures while shrinking their cyber attack surface, enabling businesses to become more agile, efficient, resilient, and secure.Tris Morgan, BT’s Managing Director, Security, said: “With digital innovations constantly changing how businesses operate, the threat landscape continues to expand. We are delighted to extend our business relationship and enrich our managed service offering with Zscaler, allowing us to offer new zero trust cybersecurity solutions for customers and making sure we’ve got their back as they go through their digital transformation.”As part of this partnership, Zscaler will also supply BT Group with security solutions to protect its own operations. This will further enhance BT’s first-hand experience as they support customers looking to adopt and implement Zscaler solutions. “Zscaler is honored to double down on the relationship with BT as a security service provider. Our partnership is evidence of the BT team's trust in the power of Zscaler’s Zero Trust Exchange cloud security platform,” said Mike Rich, CRO and President of Global Sales Zscaler. “Zero Trust security will not only modernize the security infrastructure to better stop large-scale attacks and diminish the attack surface but also reduce the administrative burden to accelerate BT customers’ infrastructure and security transformation initiatives. Zscaler is committed to supporting BT with our ever-advancing cloud security solutions to encourage the next wave of innovation driven by AI.”Zscaler-powered managed services by BT are designed to support connectivity, network, and security reorganization initiatives for digital enterprises. It allows greater business agility, reduced infrastructure complexity, and protects customers from cyberattacks and data loss by securely connecting users, devices, and applications anywhere.Solutions include Zscaler for Users powered by the Zscaler Zero Trust Exchange, including:Internet Access: A leading secure web gateway (SWG) that delivers cloud-native, AI-powered cyber threat protection and zero trust access to the Internet and SaaS apps.Private Access: A cloud-native service that gives users fast and secure access to private apps and OT devices while enabling zero trust connectivity for workloads, replacing legacy remote access tools like VPNs and VDI.Digital Experience: provides visibility into the complete path between user and app to pinpoint performance issues. As part of the comprehensive Zscaler Zero Trust Exchange, ZDX enables fast, secure connections from any location.The Zscaler Zero Trust Exchange platform analyzes over 400 billion daily transactions, extracting over 500 trillion signals. It provides visibility, access control, and data security to enterprise data at scale and uses AI-powered insights to optimize digital experience, reduce risk, and enable better business decisions.About BT GroupBT Group is the UK’s leading provider of fixed and mobile telecommunications and related secure digital products, solutions and services. We also provide managed telecommunications, security and network & IT infrastructure services to customers across 180 countries.BT Group consists of three customer-facing units: Consumer serves individuals and families in the UK; Business covers companies and public services in the UK and internationally; Openreach is an independently governed, wholly owned subsidiary wholesaling fixed access infrastructure services to its customers - over 650 communications providers across the UK.British Telecommunications plc is a wholly owned subsidiary of BT Group plc and encompasses virtually all businesses and assets of the BT Group. BT Group plc is listed on the London Stock Exchange.For more information, visit www.bt.com/about press@zscaler.com (zscaler.com) https://www.zscaler.com/press/zscaler-positioned-leader-new-tier-1-analyst-firm-security-service-edge-research-report https://www.zscaler.com/press/zscaler-positioned-leader-new-tier-1-analyst-firm-security-service-edge-research-report Mon, 25 Mar 2024 12:00:00 GMT Today, Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, announced that it was named a Leader in the first-ever Forrester Wave™ Security Service Edge Solutions for Q1 2024. Zscaler received the highest possible score in 11 criteria, including ZTNA, SWG, Digital Experience Management, and threat prevention, as well as for user experience, vision, innovation, and partner ecosystem. This recognition continues Zscaler’s momentum as a leader in three major industry research firm evaluations for SSE.The Forrester Wave is a rigorous evaluation of providers in the SSE market, considering categories such as current offering, strategy, and market presence. Zscaler believes its scores in the strategy and market presence categories underline its commitment to delivering cutting-edge solutions that protect enterprises from today’s evolving cybersecurity threats.The report noted, “Zscaler is the 800-pound gorilla of SSE… an early innovator in much of the technology now named SSE, including cloud-delivered SWG and digital experience management.”The report also noted, "Zscaler is already a significant vendor in the Zero Trust space, providing access to private apps. The vendor’s vision for the future is to bring Zero Trust connectivity to ... everything else (like public apps and IoT/OT). Zscaler’s partner programs around SSE are the broadest in the industry.”"We're honored to be a leader in the inaugural Forrester Wave™ for Security Service Edge," said Dhawal Sharma, Senior Vice President & General Manager at Zscaler. "We believe this recognition validates our continued commitment to pioneering and innovative SSE solutions and expanding our robust offerings through the Zscaler Zero Trust Exchange, the world’s largest security cloud, to continue to protect our customers from mounting cybersecurity threats.”For more information, please download the complimentary report here. press@zscaler.com (zscaler.com) https://www.zscaler.com/press/zscaler-expands-its-zero-trust-exchange-ai-powered-cloud https://www.zscaler.com/press/zscaler-expands-its-zero-trust-exchange-ai-powered-cloud Thu, 14 Mar 2024 12:00:00 GMT Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, announced another major leap forward in artificial intelligence (AI) innovations that extends the Zscaler Zero Trust Exchange™ data, from more than 400 billion daily Zscaler transactions with Avalor’s Data Fabric for Security with over 150 pre-built integrations enabling customers to proactively identify and predict critical vulnerabilities as well as improve operational efficiencies. By leveraging its massive data foundation, Zscaler is poised to transform the AI capabilities for the cybersecurity industry to not only enable organizations to mitigate risks and optimize performance but also pave the way for zero-touch operations.The rapid advancement of AI will have pivotal impacts to the cybersecurity industry and to effectively combat AI-led threats, organizations must fully harness their currently isolated security data at massive scale. Zscaler's 16 years of leadership operating the world's largest cloud security platform has allowed it to leverage a massive data set to develop its pioneering AI-driven solutions, including Zscaler Risk360 and Zscaler Business Insights, which set a new benchmark for proactive cybersecurity and business intelligence.“AI is only as good as the underlying data, and many solutions lack the additional context and knowledge from data sources across the enterprise to truly leverage security specific AI models,” said Jay Chaudhry, CEO, Chairman, and Founder of Zscaler. “Zscaler operates the world’s largest security cloud with the most relevant data to train security specific large language models (LLMs) and with the Avalor acquisition, we can more effectively identify vulnerabilities, while predicting and preventing breaches.”Avalor’s Data Fabric for Security ingests, normalizes, and unifies data across enterprise security and business systems to deliver actionable insights, analytics, and operational efficiencies. By expanding Zscaler’s Zero Trust Exchange platform with a security-centric data fabric, Zscaler enables enterprises to significantly enhance and fully automate AI-driven analytics and decision-making in real-time without the complexity of data aggregation and collection. Customers now have dynamic and customizable prioritization, streamlined reporting, zero-copy analytics, and real-time incident mitigation, as well as advanced threat detection, auto data discovery, classification, and policy generation, all within the Zscaler cloud security platform.“We have long understood that being able to make sense of all the disparate security data sources in an organization is essential to understanding and improving risk posture, that’s why we delivered the industry's first Data Fabric for Security to provide that aggregated platform,” said Raanan Raz, co-founder and CEO, Avalor. “The first application running on our Data Fabric is our Unified Vulnerability Management (UVM) module. By combining the Zscaler proprietary data sets with the 150 third-party sources Avalor supports, we will be in a prime position to enhance our UVM capabilities and create new applications with additional cyber protection insights.”To learn more about Zscaler’s AI capabilities, please visit https://www.zscaler.com/capabilities/machine-learning. Transaction DetailsThe purchase price was paid predominantly in cash, with a portion delivered in the form of equity subject to vesting conditions. The acquisition closed on March 13, 2024. Forward-Looking StatementsThis press release contains forward-looking statements that are based on our management's beliefs and assumptions and on information currently available to our management. These forward-looking statements include the expected benefits of the acquisition to Zscaler’s product offerings and to our customers. These forward-looking statements are subject to the safe harbor provisions created by the Private Securities Litigation Reform Act of 1995. A significant number of factors could cause actual results to differ materially from statements made in this press release, including those factors related to our ability to successfully integrate Avalor’s technology and operations, and our ability to retain key employees of Avalor after the acquisition. Additional risks and uncertainties are set forth in our most recent Quarterly Report on Form 10-Q filed with the Securities and Exchange Commission (“SEC”) on March 6, 2024, which is available on our website at ir.zscaler.com and on the SEC's website at www.sec.gov. Any forward-looking statements in this release are based on the limited information currently available to Zscaler as of the date hereof, which is subject to change, and Zscaler will not necessarily update the information, even if new information becomes available in the future. press@zscaler.com (zscaler.com) https://www.zscaler.com/press/zscaler-achieves-japan-ismap-compliance https://www.zscaler.com/press/zscaler-achieves-japan-ismap-compliance Wed, 21 Feb 2024 12:00:00 GMT Zscaler, Inc., the leader in cloud security, announced its attainment of Information Systems Security Management and Assessment Program (ISMAP) Compliance for its Zscaler Internet AccessTM for Japanese Government and Zscaler Private AccessTM for Japanese Government services. ISMAP is a Japanese government system for assessing the security of cloud service providers to participate in public sector projects. As an ISMAP-certified enterprise, Zscaler is able to provide its public sector customers in Japan with the ability to accelerate digital and security transformation. Following zero trust principles, The Zscaler Zero Trust Exchange™ platform is designed to secure critical infrastructure, and this certification is evidence of the high standards of security the platform is providing to our expanding base of public sector customers in the market. Zscaler is also the only cloud security service provider to have all core solutions in its portfolio of products authorized through the U.S. Federal government’s FedRAMP program at High and Moderate levels. In addition, Zscaler complies with NIST 800-63C, NIST 800-53, NIST 800-207 as well as being certified by other large international government agencies such as Germany, Australia, U.K. and numerous key markets. “At Zscaler, we are committed to ensuring that all of our products are aligned and certified against internationally recognized standards. We are proud to have added ISMAP compliance to our growing list of global commercial and government certifications,” said Kumar Selvaraj, Vice President, Global Security Compliance, Zscaler. “We will continue to ensure that our customers and partners are able to meet the evolving and diverse compliance requirements to give them a peace of mind as they pursue their digital transformation projects.” “The ISMAP compliance is a step in the right direction as we work to provide our customers in Japan with the best-of-breed solutions for their cybersecurity needs. The Japanese government set a goal to digitize their public sector systems in partnership with the private sector back in 2020 and Zscaler is committed to being a catalyst as we make great strides towards this goal,” added Hiroyuki Kaneda, Area Vice President, Asia, Zscaler. “We will continue to work closely with the public sector agencies to build a digital ecosystem that can be leveraged to seize opportunities and dampen shockwaves.” You can also find out more about our various compliance certifications at https://www.zscaler.com/compliance/overview. press@zscaler.com (zscaler.com) https://www.zscaler.com/press/zscaler-introduces-industry-s-first-zero-trust-sase-built-zero-trust-ai https://www.zscaler.com/press/zscaler-introduces-industry-s-first-zero-trust-sase-built-zero-trust-ai Tue, 23 Jan 2024 12:00:00 GMT Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, announced Zscaler Zero Trust SASE, an industry first, single-vendor SASE solution built utilizing Zscaler Zero Trust AI to help organizations reduce cost and complexity while implementing Zero Trust security across users, devices, and workloads. Additionally, Zscaler announced general availability for its Zero Trust SD-WAN solution and portfolio of plug-and-play appliances to help customers modernize secure connectivity for branch offices, factories, and data centers while also eliminating the need for ineffective firewalls and VPNs.The new Zscaler solutions are built on a Zero Trust architecture, where business policies determine user and device access. Legacy network and firewall architectures introduce risk and complexity, and enable lateral threat movement which is often exploited by ransomware attacks. Zero Trust SD-WAN provides secure inbound and outbound connectivity while reducing business risk and network complexity.By connecting users, locations and applications through the Zero Trust Exchange™ Platform, this solution extends zero trust beyond users and protects device and server traffic at branches, warehouses and factories. Zscaler is also employing its adaptive AI engine to continuously assess risk for users, devices, destinations, and content, incorporating telemetry from 500 trillion daily signals with third-party risk intelligence. “Users and organizations want a café-like branch experience to empower hybrid work,” said Naresh Kumar, VP, Product Management, Zscaler. “ Employees expect the same seamless and secure access they would have in an office setting, whether they are at home or on the go, without having to access their applications over a slow, cumbersome VPN. Zscaler Zero Trust SD-WAN will connect and secure users, devices, sites, and workloads using our single-vendor SASE platform, without the cyber risks of traditional SD-WAN.”With this new approach, Zscaler is delivering Zero Trust SASE, bringing together its industry-leading AI-powered SSE platform and its new Zero Trust SD-WAN solution to enable a hybrid workforce spanning all locations as well as an organization’s remote users. Zero Trust SD-WAN secures inbound and outbound Zero Trust connectivity in a single device. This approach requires no overlay routing complexity, no additional firewalls, and no separate policies for sites and users.“By adopting Zero Trust SASE, we’ve successfully implemented a comprehensive Zero Trust security framework that spans across our branches, data centers, and the cloud,” said Mike Gemza, CTO, Cornerstone Building Brands. “The implementation of Zero Trust SD-WAN has empowered us to protect our business against increasing cyberthreats by reducing attack surface, preventing lateral threat movement, and enhancing application performance with a non-routable WAN.""We continue to see strong interest and significant adoption of SASE among enterprises, along with a move to simplify, consolidate, and reduce costs," said Christopher Rodriguez, Research Director, Security & Trust at IDC. "With a strong emphasis on its Zero Trust heritage, Zscaler has made a bold move to introduce a solution that combines its popular SSE platform with a new Zero Trust SD-WAN offering that can help these enterprises on their SASE journey."With Zscaler, organizations can connect its users and devices to apps through a proxy and benefit from integrated AI-powered cyberthreat and data protection capabilities including FWaaS, SWG, CASB, and DLP. This comprehensive platform eliminates point products, reduces cost and complexity, and provides simpler management for IT teams. IT teams will be able to push granular forwarding policies for Internet, SaaS, and private applications; gain centralized visibility and management; and access AI-powered IoT device discovery and classification, bolstering their security posture for users while eliminating the need for additional firewalls and edge routers at branch locations.Zscaler’s Zero Trust SD-WAN solution features:Plug-and-play appliances: In addition to the virtual appliance already available, Plug-and-Play appliances deliver zero touch provisioning and integrated gateway capabilities to eliminate the needs for additional routers or firewalls at branches.Integrated SSE: Zero Trust AI cyberthreat and data protection capabilities, including integrated FWaaS, SWG, CASB, and DLP servicesCentralized management: Cloud-based management console with integrated policy management across users, locations, and clouds.To learn more about the new Zero Trust SASE solution, please visit - https://www.zscaler.com/capabilities/secure-access-service-edge. press@zscaler.com (zscaler.com) https://www.zscaler.com/press/zscaler-positioned-only-leader-saas-security-posture-management-research-report https://www.zscaler.com/press/zscaler-positioned-only-leader-saas-security-posture-management-research-report Thu, 18 Jan 2024 12:00:00 GMT Today, Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, announced that it was named the exclusive leader in the Forrester Wave™ for SaaS Security Posture Management for Q4 2023. In addition to being the only leader, Zscaler received the highest scores possible across 12 criteria including Data Protection, Scale, and Shadow-IT detection. The Forrester Wave is a rigorous evaluation of providers in the SSPM market, considering categories such as current offering, strategy and market presence, as well as criteria such as roadmap, community, and innovation. Zscaler believes its scores in these categories and criteria underlines its commitment to delivering cutting-edge solutions that address the evolving challenges of securing SaaS applications. Zscaler’s SSPM solution combines its Zero Trust Platform™with a robust SaaS application catalog, effective shadow IT detection, and scalable, high-performance data security. Forrester noted that Zscaler's SSPM is “a great fit for enterprises looking to use a single vendor to augment network access controls to SaaS apps with SaaS Posture Management.” “We’re thrilled to be recognized as the sole leader in the Forrester Wave™ for SaaS Security Posture Management,” said Boris Gorin, Vice President of Product Management, Zscaler. “This acknowledgment for us reaffirms our dedication to delivering innovative and effective SaaS security solutions. We owe this success to our vibrant user community, strong partner network, and the hard work of our talented team. Zscaler will continue to push the boundaries for SSPM security, setting new SaaS security standards for the industry.” For more information, please download the report here. press@zscaler.com (zscaler.com) https://www.zscaler.com/press/zscaler-threatlabz-finds-most-cyberattacks-hide-encrypted-traffic https://www.zscaler.com/press/zscaler-threatlabz-finds-most-cyberattacks-hide-encrypted-traffic Thu, 14 Dec 2023 12:00:00 GMT Key findings: Threats over HTTPS grew by 24% year-over-year in the Zscaler cloud, representing nearly 30 billion threats blocked. Encrypted malware and malicious content is a top threat, comprising 78% of observed attacks Manufacturing was the most targeted industry, experiencing 32% of encrypted attacks, with over 2.1 billion AI/ML-related transactions processed Browser exploits and ad spyware sites have increased by 297% and 290% year-over-year Zscaler, Inc. (NASDAQ:ZS), the leader in cloud security, announced today the release of its annual ZscalerTM ThreatLabz 2023 State of Encrypted Attacks Report. This year’s report focused on the increase in threats over HTTPS, which grew by 24% from 2022, underscoring the sophisticated nature of cybercriminal tactics that target encrypted channels. For the second year in a row, manufacturing was the industry most commonly targeted, with education and government organizations seeing the highest year-over-year increase in attacks. Additionally, malware, which includes malicious web content and malware payloads, continued to dominate over other types of encrypted attacks, with ad spyware sites and cross-site scripting accounting for 78% of all blocked attacks. This year’s research analyzed nearly 30 billion blocked threats from October 2022 to September 2023 by the Zscaler Zero Trust Exchange™ platform, the world’s largest security cloud platform. In total, 86% of all cyber threats, including malware, ransomware, and phishing attacks, are delivered over encrypted channels. “With nearly 95% of web traffic flowing over HTTPS and 86% of the advanced threats delivered over encrypted channels, any HTTPS traffic that does not undergo inline inspection represents a significant blind spot that cybercriminals continue to exploit when targeting global organizations,” said Deepen Desai, Chief Security Officer, Zscaler. “To defend against encrypted attacks, organizations should replace vulnerable appliances, like VPNs and firewalls, with a Zero Trust Network Access (ZTNA) solution. This allows IT teams to inspect TLS traffic at scale while blocking threats and preventing sensitive data leakage.” Malware is the top encrypted threat Malware keeps its top spot as the champion of encrypted threats, driving 23 billion encrypted hits between October 2022 and September 2023 and comprising 78% of all attempted cyberattacks. Encrypted malware includes malicious web content, malware payloads, macro-based malware, and more. The most prevalent malware family in 2023 was ChromeLoader, followed by MedusaLocker and Redline Stealer. Manufacturing keeps its spot as the most targeted industry Manufacturers saw the largest amount of AI/ML transactions compared to any other industry, processing over 2.1 billion AI/ML-related transactions. It remains the most targeted industry, accounting for 31.6% of encrypted attacks tracked by Zscaler. As smart factories and the Internet of Things (IoT) become more prevalent in manufacturing, the attack surface is expanding and exposing the sector to more security risks and creating additional entry points that cybercriminals can exploit to disrupt production and supply chains. Additionally, the use of popular generative AI applications, like ChatGPT, on connected devices in manufacturing heightens the risk of sensitive data leakage over encrypted channels. Education and Government see a huge surge in attacks The Education and Government sectors experienced a 276% and 185% year-over-year surge in encrypted attacks, respectively. The Education industry has also seen a significantly expanded attack surface in recent years, with the shift to enable more remote and connected learning. Meanwhile, the Government sector remains an attractive target, particularly for nation-state-backed threat actors, as reflected in the growth of encrypted threats. Stopping encrypted attacks with the Zscaler Zero Trust Exchange To defend against the evolving encrypted threat landscape, enterprises must rethink traditional approaches to security and networking and adopt more comprehensive, zero trust architectures. Enterprises must implement a zero trust architecture that inspects all encrypted traffic and leverages AI/ML models to block or isolate malicious traffic. This creates a single, operationally simple way to apply policy across all traffic, without impacting performance or creating a compliance nightmare. The Zscaler Zero Trust Exchange platform offers a more holistic approach to zero trust security, providing security controls that comprehensively reduce business risk at each stage of an attack. Additionally, it enables HTTPS inspection at scale using a multilayered approach that has inline threat inspection, sandboxing, and data loss prevention, along with a wide array of AI-driven defense capabilities. The Zscaler platform also uses cloud effect to automatically update within seconds and ensure customers have rapid protection against the latest threats and vulnerabilities, continuously improving their security posture. ThreatLabz recommendations to prevent encrypted attacks Use a cloud native, proxy-based architecture to decrypt, detect, and prevent threats in all encrypted traffic at scale. Inspect all traffic, all the time, use SSL inspection to detect malware payloads, phishing and C2 activity that use SSL/TLS communication. Leverage an AI-driven sandbox to quarantine unknown attacks and stop patient zero malware that may be delivered over TLS. Evaluate the organization’s attack surface to quantify risk and secure the exposed attack surface. Use zero trust architecture to secure all connectivity holistically Use user-app segmentation to enforce least privilege access, even for authenticated users To download your full copy of the report, please visit Zscaler ThreatLabz 2023 State of Encrypted Attacks Report. Methodology Analysis of 29.8 billion blocked threats inside encrypted channels, SSL and TLS, from October 2022 to September 2023 in the Zscaler cloud. The report uses data derived from customer deployments that connect to the Zscaler global security cloud, which processes over 500 trillion daily signals and blocks 9 billion threats and policy violations per day, with over 250,000 daily security updates. press@zscaler.com (zscaler.com) https://www.zscaler.com/press/zscaler-unveils-ai-powered-analytics-across-cyber-risk-digital-experience-saas-usage-and https://www.zscaler.com/press/zscaler-unveils-ai-powered-analytics-across-cyber-risk-digital-experience-saas-usage-and Tue, 12 Dec 2023 12:00:00 GMT Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, announced the availability of Business Insights, a new addition to its Business Analytics portfolio, which enables organizations to curtail SaaS sprawl and optimize office usage to improve workplace experience while saving money. Additionally, Zscaler unveiled several enhancements to its wider Business Analytics portfolio that include new AI-powered innovations within its Zscaler Risk360™ and Zscaler Digital Experience Monitoring™ (ZDX) product offerings. These solutions leverage the world’s largest security cloud, the Zscaler Zero Trust Exchange™, which sees more than 370 billion transactions and 500 trillion signals daily, and is now being used to train the world’s most powerful AI/ML security engines. “IT leaders overseeing distributed organizations are constantly challenged to control costs while at the same time improving productivity and reducing risk exposure,” said Patrick Foxhoven, Chief Innovation Officer and Executive Vice President, Zscaler. “However, point products are unable to provide sufficient insights to support distributed workplaces with proliferating applications and employees working from anywhere. Siloed data from disparate systems create blind spots in areas like cyber risk, digital experience, application usage and workplace trends. Customers turn to Zscaler for the first-party data powered by the Zscaler Zero Trust Exchange platform to empower application, network, and security transformation.” With Zscaler Business Analytics, IT leaders can improve employee experience, reduce cyber risk, and optimize SaaS spend and office utilization, all with their current Zscaler deployment. These valuable insights will help drive down costs while keeping organizations secure and productive. “With Risk360, we are able to gain visibility into cyber risk blind spots,” said Darin Hurd, CISO, Guaranteed Rate. “This visibility lets us be more focused on where we spend our time so we address and reduce the most pressing cyber risks.” New Zscaler Business Insights enables organizations to: Assess and manage SaaS utilization, including shadow IT, to identify redundant or unused applications, and reduce license costs. Visualize office use across all locations globally to understand workplace trends including days and times offices are being used, departmental usage, over-capacity and under-capacity issues, and opportunities for consolidation and cost savings. Advancements to Zscaler Risk360 allow IT teams to: Download cybersecurity maturity assessments powered by Zscaler’s generative AI, which includes custom in-house developed Large Language Models (LLMs). More effectively leverage data from third parties, like CrowdStrike, to identify additional risk signals and reduce the potential for compromise on user devices. Access new financial risk models that include Monte Carlo simulation outcomes showing distributions of possible financial scenarios tied to cyber risk. Assist SEC reporting with features that can enhance compliance with new SEC disclosure requirements. “We're excited about how rapidly Zscaler is developing Risk360, including adding features like generative AI reporting,” said Manesh Patel, CIO, Sanmina Corporation. "It's great to see Zscaler leaning into its unique architectural advantage - the data - to help solve business challenges for organizations like ours." Recent Enhancements to ZDX provide IT leaders with the ability to: Deploy AI-powered root cause analysis to help service desk analysts expedite triage and resolution in seconds without requiring deep IT skills. Reduce IT ticket volumes by empowering end users to fix local issues with AI-driven self-service notifications and resolution steps. Proactively monitor and optimize performance before users are impacted with an AI-based Incident Dashboard to detect, analyze, and provide root cause for issues impacting multiple users. Simplify collaboration between service desk and network teams by sharing ZDX Snapshots with detailed root cause analysis and reduce mean time to resolution. For more information, read the blog, Empowering Distributed Organizations with Zscaler Business Analytics. Forward-Looking Statements This press release contains forward-looking statements that are based on our management's beliefs and assumptions and on information currently available to our management. These forward-looking statements include the expected impact of Zscler’s platform development, the ability of our customers to reduce risk and the potential optimization of costs for our customers. These forward-looking statements are subject to the safe harbor provisions created by the Private Securities Litigation Reform Act of 1995. A significant number of factors could cause actual results to differ materially from statements made in this press release. Additional risks and uncertainties are set forth in our most recent Annual Report on Form 10-Q filed with the Securities and Exchange Commission (“SEC”) on March 8, 2023, which is available on our website at ir.zscaler.com and on the SEC's website at www.sec.gov. Any forward-looking statements in this release are based on the limited information currently available to Zscaler as of the date hereof, which is subject to change, and Zscaler will not necessarily update the information, even if new information becomes available in the future. press@zscaler.com (zscaler.com) https://www.zscaler.com/press/zscaler-appoints-two-key-go-market-leaders-scale-cloud-security-leader-5-billion-arr-and https://www.zscaler.com/press/zscaler-appoints-two-key-go-market-leaders-scale-cloud-security-leader-5-billion-arr-and Mon, 27 Nov 2023 12:00:00 GMT Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced the expansion of its go-to-market executive team to scale and accelerate the company’s next phase of growth. Mike Rich has been appointed as the company’s Chief Revenue Officer (CRO) and President of Global Sales, with worldwide responsibility for all aspects related to revenue growth and sales strategy. Joyce Kim has joined as Chief Marketing Officer (CMO) responsible for scaling global marketing execution. “We are thrilled to have such experienced leaders join us at an important stage in our growth as we continue to scale up our go-to-market efforts,” said Jay Chaudhry, CEO, Chairman, and Founder of Zscaler. “Mike was an integral part of scaling ServiceNow as it grew from $80 million to $8.5 billion in revenue, and his extensive and proven experience will be invaluable to Zscaler. He has driven deep customer engagement with enterprises, which is critical to the next phase of our growth. Joyce’s extensive experience in the B2B tech industry, combined with a strong marketing acumen, makes her an ideal fit to elevate Zscaler’s market impact. Her expertise in building inspirational brands and scaling go-to-market execution will be instrumental in communicating our value proposition to drive business growth. With our continued innovation of the Zscaler cloud security platform, these exceptional leaders will play a critical role as we drive to $5 billion and beyond in annual recurring revenue.” With Mr. Rich taking over the leadership role for Zscaler’s sales organization, Dali Rajic will now be able to primarily focus on scaling Zscaler’s business operations in his capacity as the Chief Operating Officer (COO). This includes lead-to-cash processes and systems, post-sales customer engagements, productivity improvements and streamlining to maximize value realization. “I am very excited that Mike is joining the Zscaler leadership team,” said Mr. Rajic. “We have been searching for the right person to fill the CRO role for some time. Building on our solid foundation, Mike is the perfect candidate for scaling Zscaler to its next stage, as he has successfully led a similar journey in his previous role. Mike brings extensive experience to scale Zscaler’s go-to-market execution which allows me to focus on scaling our operational capabilities.” Mr. Rich brings over 25 years of sales experience, most recently as the President for the Americas at ServiceNow, where he oversaw end-to-end sales execution. He joined ServiceNow very early and rose through the ranks by driving tremendous growth in enterprise sales. Before ServiceNow, Mr. Rich held several senior sales leadership positions at Rational Software and Borland. “I am energized by the opportunity in front of us at Zscaler as we look to not only scale beyond $5B in ARR but to also evolve our cloud-native platform and leverage innovations powered by AI & ML,” said Mr. Rich. “We are at the cusp of the next phase for enterprises in cybersecurity, and Zscaler is at the forefront of this transformation with access to the largest, most valuable data pool for AI/ML sourced from more than 360 billion transactions per day.” With nearly 30 years of marketing leadership experience, Ms. Kim is a seasoned enterprise technology CMO with expertise building high-performing marketing teams at large technology companies, including Twilio, Genesys, Arm, and Microsoft, where she launched multiple enterprise applications, including real-time communications and AI-based platforms. With a proven track record of driving high impact marketing strategies and campaigns for globally recognized companies, Ms. Kim will play a central role in advancing Zscaler's brand presence and customer acquisition strategies in the rapidly advancing artificial intelligence (AI) and cloud security landscape. "I am thrilled to join Zscaler at this transformative stage to generate market momentum as the company continues to rapidly innovate," said Ms. Kim. "The industry is at a pivotal point where massive volumes of data, migration to the cloud, and AI-powered security are converging. Zscaler has an incredible opportunity to continue to define and drive the future of cybersecurity. I look forward to working with the Zscaler team to strengthen our market presence and drive meaningful engagement with our customers." Forward-Looking Statements This press release contains forward-looking statements that are based on our management's beliefs and assumptions and on information currently available to our management. These forward-looking statements include the potential impact of the executive appointments to Zscaler's future recurring revenue and ability to grow and scale. These forward-looking statements are subject to the safe harbor provisions created by the Private Securities Litigation Reform Act of 1995. A significant number of factors could cause actual results to differ materially from statements made in this press release. Additional risks and uncertainties are set forth in our most recent Annual Report on Form 10-K filed with the Securities and Exchange Commission (“SEC”) on September 14, 2023, which is available on our website at ir.zscaler.com and on the SEC's website at www.sec.gov. Any forward-looking statements in this release are based on the limited information currently available to Zscaler as of the date hereof, which is subject to change, and Zscaler will not necessarily update the information, even if new information becomes available in the future. Zscaler™, Zscaler Zero Trust Exchange™, Zscaler Internet Access™, and Zscaler Private Access™, ZIA™, and ZPA™ and Zscaler B2B™ are either (i) registered trademarks or service marks or (ii) trademarks or service marks of Zscaler, Inc. in the United States and/or other countries. Any other trademarks are the properties of their respective owners. press@zscaler.com (zscaler.com) https://www.zscaler.com/press/organizations-rush-use-generative-ai-tools-despite-significant-security-concerns https://www.zscaler.com/press/organizations-rush-use-generative-ai-tools-despite-significant-security-concerns Tue, 14 Nov 2023 12:00:00 GMT 95% of organizations are using GenAI tools in some guise 89% consider GenAI tools to be a potential security risk 23% of those using GenAI tools admit to having no monitoring in place IT teams, not general employees, emerge as the overwhelming force behind usage New research from Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, suggests that organizations are feeling the pressure to rush into generative AI (GenAI) tool usage, despite significant security concerns. According to its latest survey, “All eyes on securing GenAI” of more than 900 global IT decision makers, although 89% of organizations consider GenAI tools like ChatGPT to be a potential security risk, 95% are already using them in some guise within their businesses. Even more worryingly, 23% of this user group aren’t monitoring the usage at all, and 33% have yet to implement any additional GenAI-related security measures – though many have it on their roadmap. The situation appears particularly pronounced among smaller-sized businesses (500-999 employees), where the same number of organizations are using GenAI tools (95%), but as many as 94% recognize the risk of doing so. "GenAI tools, including ChatGPT and others, hold immense promise for businesses in terms of speed, innovation, and efficiency," emphasized Sanjay Kalra, VP Product Management at Zscaler. "However, with the current ambiguity surrounding their security measures, a mere 39% of organizations perceive their adoption as an opportunity rather than a threat. This not only jeopardizes their business and customer data integrity, but also squanders their tremendous potential.” The rollout pressure isn’t coming from where people might think, however, with the results suggesting that IT has the ability to regain control of the situation. Despite mainstream awareness, it is not employees who appear to be the driving force behind current interest and usage – only 5% of respondents said it stemmed from employees. Instead, 59% said usage was being driven by the IT teams directly. "The fact that IT teams are at the helm should offer a sense of reassurance to business leaders,” Kalra continued. “It signifies that the leadership team has the authority to strategically temper the pace of GenAI adoption and establish a firm hold on its security measures, before its prevalence within their organization advances any further. However, it's essential to recognize that the window for achieving secure governance is rapidly diminishing." With 51% of respondents anticipating a significant increase in the interest of GenAI tools before the end of the year, organizations need to act quickly to close the gap between use and security. Here are a few steps business leaders can take to ensure GenAI use in their organization is properly secured: Implement a holistic zero trust architecture to authorize only approved AI applications and users. Conduct thorough security risk assessments for new AI applications to clearly understand and respond to vulnerabilities. Establish a comprehensive logging system for tracking all AI prompts and responses. Enable zero trust-powered Data Loss Prevention (DLP) measures for all AI activities to safeguard against data exfiltration. Additional Resources “All eyes on securing GenAI” Infographic. Methodology In October 2023, Zscaler commissioned Sapio Research to conduct a survey of 901 IT decision makers (ITDMs) across 10 markets [Australia & New Zealand, France, Germany, India, Italy, Netherlands, Singapore, Spain, UK & Ireland, USA]. These ITDMs work at companies of 500+ employees, and across industries. Sapio Research is a full-service B2B and tech market research agency that helps businesses grow thanks to high quality, efficient, and honest research solutions. press@zscaler.com (zscaler.com) https://www.zscaler.com/press/zscaler-announces-industry-first-zero-trust-innovations-secure-workloads-and-cloud-vdi https://www.zscaler.com/press/zscaler-announces-industry-first-zero-trust-innovations-secure-workloads-and-cloud-vdi Wed, 08 Nov 2023 12:00:00 GMT Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced advancements to the Zero Trust Exchange™ platform to radically simplify and improve cloud workload security by eliminating lateral movement, reducing operational cost and complexity, and ensuring consistent threat and data protection. Zscaler now uniquely offers native integration with AWS user-defined tags to allow granular Zero Trust VPC segmentation, all ports and protocols inspection for cloud-based VDI and expansion to GovCloud and China regional public clouds. Public cloud adoption enables digital transformation at scale, driving a massive influx in cloud-based workloads hosting sensitive communications and data with SaaS applications or workloads in multiple public clouds or data centers. As a result, securing these mission-critical workloads is vital for enterprises to ensure their continued success and protect sensitive data. An IDG report states that 35%1 of customers struggle with increased costs in cloud management and cloud security. Securing cloud workloads without sacrificing protections, expanding the attack surface, increasing operational overhead or degrading performance is a major challenge for organizations embarking on their digital transformation initiatives. “As a leader in the global energy industry, NOV is leveraging the public cloud to enable our customers to safely produce abundant energy while minimizing environmental impact. Securing our applications and workloads deployed in the public cloud is a paramount priority for us,” said Patricia Gonzalez-Clark, VP of IT Services at NOV. “Using Zscaler technologies, we have transformed and modernized our network and security stack and have benefited immensely from reduced complexity in our environment. Now, we continue our journey with Zscaler by selecting their technologies to secure our workloads across our multi-cloud environments to transform security in the cloud.” New advancements in Zscaler Workload Communications remove operational complexity, increase security and expand cloud coverage: Workload Segmentation using User-Defined Tags: On AWS, Zscaler uniquely enables creating custom security groups based on user-defined tags and native attributes. Supporting the AWS maximum tag limit, organizations can leverage their existing workload identities for VPC or network segmentation within the public cloud and eliminate the operational complexity involved in managing security policies based on IP Addresses, FQDNs, and CIDR blocks. Real Time Resource Discovery: Enabling custom-groups, Zscaler's native integration with AWS automatically discovers VPCs, subnets, and EC2 resources, including their associated tags and attributes in real-time. Enterprises can now effortlessly integrate security definitions based on cloud attributes, eliminating the need for manual configurations. Multi-Session VDI Security: An industry first, Zscaler inspects all ports and protocols for multi-session, non-persistent VDI deployments in the public cloud. Enterprises can now apply granular threat and data protection policies per individual user session, enabling enterprises to maintain common security policies across all environments. Expanded Cloud Coverage: Workload Communications now supports Google Cloud Platform (GCP), plus Azure China Regions and AWS GovCloud with FedRAMP certification. With AWS, Azure, and now expanded cloud support, enterprises can secure their cloud workloads consistently and effectively while maintaining the flexibility of public cloud choice. “As customers accelerate the adoption of public cloud infrastructure they require a simple and effective cloud security platform to protect their cloud workloads and applications. Legacy architectures built with virtual network and security appliances, or backhauling traffic to data centers, fail to deliver consistent cyber defense and add operational complexity and cost,” said Dhawal Sharma, Senior Vice President and General Manager, Zscaler. “These new innovations radically simplify cloud workload connectivity and deliver cyber security including TLS inspection, data protection, and segmentation at cloud scale and cloud speed. Customers can use the Zscaler Zero Trust Exchange platform to connect and protect workloads across Multi-cloud, Hybrid and private cloud, Government Cloud, and Specialist Availability Regions such as China.” For a deeper dive into the new innovations, please read this blog, New Zero Trust Innovations Radically Simplifies Cloud Workload Security. Forward-Looking Statements This press release contains forward-looking statements that are based on our management's beliefs and assumptions and on information currently available to our management. These forward-looking statements include the potential impact of the hiring to Zscaler's future recurring revenue expected platform development and ability to scale. These forward-looking statements are subject to the safe harbor provisions created by the Private Securities Litigation Reform Act of 1995. A significant number of factors could cause actual results to differ materially from statements made in this press release. Additional risks and uncertainties are set forth in our most recent Annual Report on Form 10-Q filed with the Securities and Exchange Commission (“SEC”) on March 8, 2023, which is available on our website at ir.zscaler.com and on the SEC's website at www.sec.gov. Any forward-looking statements in this release are based on the limited information currently available to Zscaler as of the date hereof, which is subject to change, and Zscaler will not necessarily update the information, even if new information becomes available in the future. press@zscaler.com (zscaler.com) https://www.zscaler.com/press/zscaler-accelerates-ai-innovations-appointments-two-prominent-tech-industry-disruptors https://www.zscaler.com/press/zscaler-accelerates-ai-innovations-appointments-two-prominent-tech-industry-disruptors Mon, 06 Nov 2023 12:00:00 GMT Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, reinforces its investments in Artificial Intelligence (AI) with the appointments of two of the industry’s top innovation and tech implementation leaders to further strengthen the Zero Trust ExchangeTM cloud security platform. Working in collaboration, Claudionor Coelho Jr. joins as Chief AI Officer and Mohamed Shabar joins as EVP, Data & AI Platforms. These strategic additions to the Zscaler executive team reinforce the company’s commitment to driving rapid innovation in advanced applied Machine Learning (ML), and AI to help define the future of cloud-based security technologies. "We are delighted that Mohamed and Claudionor are joining the Zscaler family to drive the vision and implementation of advanced AI technologies for the world’s largest cloud security platform," said Syam Nair, Chief Technology Officer for Zscaler. "The combination of Claudionor’s and Mohamed’s expertise and accomplishments in creating cutting-edge AI/ML and hyper-scale automation platforms technologies will help propel Zscaler’s innovation engine and enable our customers to accelerate their digital transformation initiatives." With over 25 years of IT experience, Mohamed Shabar possesses a wealth of expertise in driving the next generation of automation, AI, and cloud platform development. Previously at Salesforce, he led the Marketing Cloud Technology organization. As a result of his vision and execution, the organization achieved an astounding 30% CAGR over four years, coupled with an impressive 3X reduction in customer attrition. Under Shabar, the automation platform underwent a 10X scaling in volume and throughput, catapulting the B2C growth engine for Salesforce and enabling the delivery of trillions of hyper-personalized messages for enterprises. Prior to his tenure at Salesforce, Shabar spent 18 years at Microsoft, where his focus was on constructing robust platforms, developer tools, and ecosystems. “I’m thrilled to join the visionary team at Zscaler,” said Mohamed Shabar, EVP, Data & AI Platforms, Zscaler. “In the era of zero trust, we’ll empower organizations to thrive against an evolving threat landscape with AI, data and automation, and build a future where resilience is rooted in the power of Zscaler’s largest security cloud.” Claudionor Coelho brings a wealth of expertise to help Zscaler deliver a competitive technology advantage through the development of AI and ML innovations. Prior to joining Zscaler, Coelho served as the Chief AI Officer and SVP of Engineering at Advantest, where he spearheaded the development of a Zero Trust private cloud solution tailored for the semiconductor manufacturing market. Before Advantest, Coelho was the VP/Fellow of AI and the Head of AI Labs at Palo Alto Networks where he led the charge in AI, AIOps and Neuro-symbolic AI, an advanced form of AI that enables reasoning, learning, and cognitive modeling, to help revolutionize time series analysis tools on a massive scale. Coelho’s career also includes vital roles in ML and Deep Learning at Google, where he developed a state-of-the-art Deep Learning technology designed for automatic quantization and model compression which played a pivotal function in the search for subatomic particles at CERN. “As Zscaler continues to empower organizations to realize the full potential of the cloud and mobility by securely connecting users to applications from any device, anywhere, I’m humbled to join this exceptional organization at the forefront of zero trust cybersecurity,” said Claudionor Coelho Jr., Chief AI Officer, Zscaler. “In our relentless pursuit of zero trust, at Zscaler, we’ll revolutionize the way we protect data, devices, and networks through state-of-the-art applied Machine Learning (ML), Deep Learning and Generative AI techniques.” As Zscaler embarks on its next era of growth and leading-edge advancements, Shabar’s and Coelho’s appointments signify the company's unwavering commitment to leading the innovation path of the evolving AI landscape. Their leadership, experience and vision will be instrumental in accelerating Zscaler's ongoing mission to protect organizations in today’s mobile and cloud era. Forward-Looking Statements This press release contains forward-looking statements that are based on our management's beliefs and assumptions and on information currently available to our management. These forward-looking statements include the potential impact of the hiring to Zscaler's product development, future recurring revenue expected platform development and ability to scale. These forward-looking statements are subject to the safe harbor provisions created by the Private Securities Litigation Reform Act of 1995. A significant number of factors could cause actual results to differ materially from statements made in this press release. Additional risks and uncertainties are set forth in our most recent Annual Report on Form 10-K filed with the Securities and Exchange Commission (“SEC”) on September 14, 2023, which is available on our website at ir.zscaler.com and on the SEC's website at www.sec.gov. Any forward-looking statements in this release are based on the limited information currently available to Zscaler as of the date hereof, which is subject to change, and Zscaler will not necessarily update the information, even if new information becomes available in the future. press@zscaler.com (zscaler.com) https://www.zscaler.com/press/zscaler-threatlabz-finds-400-increase-iot-and-ot-malware-attacks-year-over-year-underscoring https://www.zscaler.com/press/zscaler-threatlabz-finds-400-increase-iot-and-ot-malware-attacks-year-over-year-underscoring Tue, 24 Oct 2023 12:00:00 GMT Key findings: The manufacturing industry, which relies heavily on both IoT and OT, was the top targeted sector, bearing the brunt of blocked IoT malware attacks, accounting for 54.5% of all attacks and averaging 6,000 weekly attacks across all monitored devices Education experienced a substantial increase in IoT malware attacks, with a percentage jump of 961% Mexico and the United States were the most targeted countries, collectively accounting for 69.3% of attacks IoT botnet activity, a growing concern in the realm of OT, continues to dominate, with the Mirai and Gafgyt malware families accounting for 66% of attack payloads SAN JOSE, Calif. - October 24, 2023 - Zscaler, Inc. (NASDAQ:ZS), the leader in cloud security, announced today the release of the ZscalerTM ThreatLabz 2023 Enterprise IoT and OT Threat Report. This year’s report provides an in-depth look at malware activity over a six-month period, analyzing approximately 300,000 blocked attacks on IoT devices secured by the Zscaler Zero Trust Exchange™ platform. The high number of attacks on IoT devices represents a 400% increase in malware compared to the previous year. The increasing frequency of malware attacks targeting IoT devices is a significant concern for OT security, as the mobility of malware can facilitate movement across different networks, potentially endangering critical OT infrastructure. ThreatLabz focused on understanding IoT device activity and attributes via device fingerprinting and analyzing the IoT malware threat landscape. As more industries, organizations and individuals continue to rely on internet-connected devices, the threat from malware and legacy vulnerabilities increases. By adopting a zero trust architecture, organizations can gain visibility into IoT device traffic and minimize IoT security risks. “Weak enforcement of security standards for IoT device manufacturers coupled with the proliferation of shadow IoT devices at the enterprise level poses a significant threat to global organizations. Often, threat actors target ‘unmanaged and unpatched’ devices to gain an initial foothold into the environment,” said Deepen Desai, Global CISO and Head of Security Research, Zscaler. “To address these challenges, I encourage organizations to enforce zero trust principles when securing IoT and OT devices - never trust, always verify, and assume breach. Organizations can eliminate lateral movement risk by utilizing continuous discovery and monitoring processes to segment these devices.” Consistent growth in attacks With the steady adoption of IoT and personal connected devices, the report found an increase of over 400% in IoT malware attacks year-over-year. The growth in cyber threats demonstrates cyber criminals persistence and ability to adapt to evolving conditions in launching IoT malware attacks. Additionally, research indicates that cybercriminals are targeting legacy vulnerabilities, with 34 of the 39 most popular IoT exploits specifically directed at vulnerabilities that have existed for over three years. The Mirai and Gafgyt malware families continue to account for 66% of attack payloads, creating botnets from infected IoT devices that are then used to launch denial-of-service (DDoS) attacks against lucrative businesses. Botnet-driven distributed DDoS attacks are responsible for billions of dollars in financial losses across industries around the globe. In addition, DDoS attacks pose a risk to OT by potentially disrupting critical industrial processes and even endangering human lives. Manufacturing top targeted industry - Education being taught a lesson Manufacturing and retail accounted for nearly 52% of IoT device traffic, with 3D printers, geolocation trackers, industrial control devices, automotive multimedia systems, data collection terminals, and payment terminals sending the majority of signals over digital networks. However, the quantity of device traffic has created opportunities for cybercriminals, and the manufacturing sector now sees an average of 6,000 IoT malware attacks every week. Moreover, these substantial IoT malware attacks can disrupt critical OT processes, which are integral in many industrial manufacturing plants like automotive, heavy manufacturing, and plastic & rubber. This creates long-term challenges for security teams at manufacturing businesses but also demonstrates that industrial IoT holds a substantial lead in adopting unique IoT devices (nearly three times more than other sectors). This increase is critical as manufacturing organizations continue adopting IoT tools for automation and digitization of legacy infrastructure. Education is another sector that suffered from outsized attention from cybercriminals in 2023, with the propagation of unsecured as well as shadow IoT devices within school networks providing attackers with easier access points. The wealth of personal data stored on their networks has made educational institutions particularly attractive targets, leaving students and administrations vulnerable. In fact, the report found IoT malware attacks in the education sector increased by nearly 1000%. The United States and Mexico are the most targeted Findings show that the United States is a top target for IoT malware authors with 96% of all IoT malware distributed from compromised IoT devices in the United States. In 2023, Mexico experienced the most infections, with 46% of all IoT malware infections. In fact, three of the top four most infected countries (Mexico, Brazil, and Colombia) are all Latin American countries. Safeguarding against IoT/OT attacks with the Zscaler Zero Trust Exchange™ The Zscaler Zero Trust Exchange platform is a holistic approach to zero trust security, verifying identity and context, applying access controls, and enforcing policies before brokering a secure connection between a device and an application from anywhere, and on any network. Zscaler protects enterprise networks using the Zero Trust Platform by leveraging Zscaler Internet Access™ (ZIA™), whose identity-driven access and risk-based, comprehensive security protects the exchange of telemetry between IoT devices and corporate networks. Zscaler protects the security of enterprise networks with the Zero Trust Exchange platform, which utilizes Zscaler Privileged Remote Access to provide remote workers and third-party vendors with clientless remote desktop access to sensitive RDP, SSH, and VNC production systems without having to install a client on unmanaged devices or log into jump hosts and VPNs. This means remote employees or third-parties can access and service OT devices without compromising the security of the network or the critical infrastructure it powers. To download your full copy of the report, please visit Zscaler ThreatLabz 2023 Enterprise IoT and OT Threat Report. Methodology The research methodology for this report includes analysis of device logs from a multitude of sources and industry verticals between January and June 2023. The report uses data derived from customer deployments that connect to the Zscaler global security cloud, which processes over 500 trillion daily signals and blocks 9 billion threats and policy violations per day, with over 250,000 daily security updates. press@zscaler.com (zscaler.com) https://www.zscaler.com/press/zscaler-partners-imprivata-and-crowdstrike-announce-new-zero-trust-security-solution https://www.zscaler.com/press/zscaler-partners-imprivata-and-crowdstrike-announce-new-zero-trust-security-solution Tue, 19 Sep 2023 12:00:00 GMT Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced that it has teamed up with CrowdStrike and Imprivata to deliver a zero trust cybersecurity solution from device to cloud that’s custom-made for medical institutions. The new Zscaler integration with the Imprivata Digital Identity Platform will provide visibility, threat protection and traceability for end-to-end, multi-user, shared device access control that are required for organizations to meet regulatory requirements, including HIPAA and HITECH. Through the new Zscaler integration with Imprivata, Zscaler is able to take Imprivata context and leverage the existing integration with CrowdStrike Falcon® Zero Trust Assessment (ZTA) score to control access to applications with adaptive, risk-based policies. As ransomware targeting healthcare organizations increases, more advanced cybersecurity is needed to protect sensitive patient data and maintain uninterrupted operations for the continuous delivery of life-critical medical services. With this new integration, users of the Zscaler Zero Trust Exchange™ platform, Imprivata OneSign®, and the CrowdStrike Falcon® platform will be able to more effectively adopt a zero trust architecture that offers granular access management, threat protection, and traceability capabilities to better protect against ransomware. Hospitals and healthcare organizations face a unique security and identity challenge. With shared workstations among staff, they must determine how they can distinguish who is doing what on which device and enforce access control policies and threat protections based on both the user who logged in at the time and the device's posture. They also need to keep track of all user activity with logs indicating their actions for traceability and compliance requirements. “Cyberattacks on healthcare organizations are at an all-time high, and protecting patient data is critical to maintaining trust,” said Dhawal Sharma, Senior Vice President and General Manager at Zscaler. “Zscaler’s integrations with Imprivata, in addition to CrowdStrike, provide much needed help to healthcare organizations in their journey to a zero trust architecture. We’re aiding workers and technicians with least privileged access to the healthcare information they need to provide care and maintain the privacy and security of patient data.” Customer and Partner Quotes “We require a HIPAA-compliant zero trust solution that provides secure access to patient data. Enhanced vendor interoperability will significantly enhance our operational efficiency when it comes to defending against and responding to cyberattacks,” said Keith Duemling, Sr. Director of Cybersecurity Technology Protection at Cleveland Clinic. “We are delighted to see Zscaler integrating with Imprivata and CrowdStrike to address our needs, and bolstering our ability to defend against ransomware and other advanced cyberattacks.” “Simplifying secure access to healthcare data is key to improving clinician productivity," said Mark McArdle, Chief Product & Design Officer at Imprivata. "This partnership with Zscaler strengthens our zero trust ecosystem, and ultimately advances outcomes for both patients and clinicians.” “Our joint efforts will ensure patient data remains confidential, integrity is upheld, and critical services are always available,” said Raj Rajamani, Chief Product Officer of CrowdStrike. “The Falcon platform's ability to swiftly identify and thwart sophisticated ransomware attacks on devices and in the cloud, combined with Zscaler's device posture-driven access control offers comprehensive end-to-end Zero Trust solution for healthcare organizations and significantly reduces the risk of breach and data exfiltration.” Zscaler integration with the Imprivata Digital Identity Platform Highlights Multi-user, shared workstation policy enforcement and threat protection for healthcare environments End-to-end, Zero Trust Security enabling role-based access control to protect patient data Traceability of user actions on a multi-user, shared workstation for regulatory compliance including HIPAA and HITECH Zscaler and CrowdStrike partner to simplify the adoption of zero trust for IT teams by providing an integrated end-to-end security solution. For more information about the HIPAA and HITECH-compliant zero trust solution, visit Zscaler booth #105 at Fal.Con: CrowdStrike’s annual cybersecurity marquee customer event, and attend our breakout session, “Security Consolidation with AI-driven Zero Trust: CrowdStrike and Zscaler,” at Fal.Con 2023 in Las Vegas, Nevada. In addition, Zscaler published an analysis of the threats affecting healthcare and the details of how the new solution helps adopt Zero Trust in a new blog post. Zscaler was selected by CrowdStrike for the 2023 CrowdStrike Ecosystem GTM Partner of the Year award. Zscaler demonstrated excellence in driving joint growth via effective co-selling and creative co-marketing, fueled by co-innovation between the Zscaler Zero Trust Exchange and CrowdStrike Falcon® platform. press@zscaler.com (zscaler.com)