Advanced Internet Security Starts with Complete Coverage
Zscaler protects all of your users and all of your systems, wherever on the planet they happen to be located. We cover your headquarters, your branches, your factories, and all of the Internet-connected devices being used by your organization. We protect your road warriors, mobile users, guest Wifi users, and even your smart devices and Internet-connected “things.” All you need to do is ensure that the Internet traffic for those locations, people or devices that you wish to protect is directed through the Zscaler Internet security platform on its way to the Internet - and we take care of the rest.
Advanced Security for Outbound Internet Traffic
For your outbound Internet traffic, our protection starts by making sure that your organization and your devices are not talking with or sending data to obviously unsafe parts of the Internet. For example, their is no reason that your point of sale devices should ever be trying to send credit card numbers to servers in Russia, or your office copiers should be emailing images to China - so we immediately and automatically block this activity.
Our built-in features to block attempts to exfiltrate your data, lock down ports and protocols that should not be in use, and to block botnet command and control traffic are important foundations for our advanced Internet security.
It’s also likely that you prefer that your employees do not view pornography or download copyrighted materials in your office - so we automatically block this too. And it gets more sophisticated - what is the first thing that your salesperson who is about to quit does - he tries to email himself your customer list. Because we are in-line with all of your Internet traffic, we’ll notice him trying to do this, even if he is trying to use an encrypted connection - and we will block it - plus we will send a notice to your compliance officer that he tried.
Advanced Security for Inbound Internet Traffic
For your inbound Internet traffic, it is important to know that we are always in-line and we always inspect every byte, in real-time. All of your traffic always flows through through multiple active layers of security before it reaches your organization.
Our advanced security starts with being in-line with all of the traffic from your entire organization. Unlike appliance-based systems, everything and everyone in your extended enterprise is protected by Zscaler - there are no gaps for infections to leak though. Plus we automatically decrypt and inspect SSL traffic - more than 35% of the traffic flowing through our systems today is encrypted, and more than 50% of advanced malware is trying to hide behind encryption - so we can see and act on everything.
As we begin to inspect your traffic, the first thing we do is look at signatures. We have implemented a real-time database of objects on the Internet that we know to be unsafe - we leverage the massive traffic generated every day by the more than 12 million people on our system plus all of their devices and things to keep this database up to date. If we see one of these known bad objects trying to get into your organization, we will automatically block it immediately.
Next we run your traffic through six different anti-virus engines, plus we leverage threat feeds from more than 20 leading threat-sharing partners - and we keep all of this up to date within minutes of new threats being identified. After your traffic passes through our A/V layers we perform deep packet inspection, cloud-mining and risk scoring to decide whether additional static analysis, dynamic analysis, or both are required.
The last step in our advanced security process is Behavioral Analysis, also known as Sandboxing. If, after going through all of the above techniques we still are not completely sure if an object is good or bad, we’ll detonate it in our sandbox and analyze its behavior. Often this just takes milliseconds; we can analyze even the most complex zero-day attacks in less than three minutes. After this process completes, we will know conclusively whether the object is safe or malicious, so we can take the appropriate action. Uniquely, we can even quarantine suspicious objects - so not even the first person in the world who attempts to download a brand new Zero-day attack will get infected.
The Power of the Cloud - Network Effects
Once you begin using Zscaler, you organization will immediately benefit from the traffic of our more than 12 million users at more than 5,000 enterprise, government and military organizations worldwide. If any one of these 12 million people, plus all of their devices and Internet-connected things encounters a new zero-day malicious object on the Internet, we’ll identify it using the above techniques and instantly block it - not just for them, but for your organization as well.
This level of protection is literally thousands of times better than you can get with appliance-based approaches to Internet security. In the appliance model, each appliance can only react to the traffic it sees - so for a new Zero-day attack you can end up with multiple infections, even within a single organization. Plus the dirty little secret of advanced threat appliances is that they are usually deployed in tap mode - so they can only notice, but not block, infections. With an in-line, cloud-based system like Zscaler and the power of our quarantine capabilities and network effects, no one gets infected.
Now that’s advanced security.
Forensics: With our graphical forensic dashboards, you can quickly focus on the key areas of an attack, see the path of an infection and develop a remediation plan. Zscaler provides detailed analytics that simplify incident analysis enabling you to quickly pinpoint systems and applications involved for better remediation and security policy development.
Correlated analytics: The Zscaler Security as a Service platform covers all of your users’ devices across all locations – and our reporting, analytics and dashboards bring together all of your data– even if your users move from device to device or location to location. You thus have a more complete picture of infection vector(s) and possible remediation targets.
Advanced reporting: With Zscaler’s advanced reporting and analytics you can analyze and share data of users, applications, and incidents. Depending on your business need, and your audience you can build reports that highlight general trends or focus on specific parameters.
On-demand SSL inspection: As a technology professional, you know that SSL inspection is critical to detect botnet traffic as well attempts to exfiltrate your information. Zscaler simplifies SSL inspection – you do not need any additional hardware, software or management. But you do retain control on deciding which SSL traffic you want our system to inspect.
Integrated Exfiltration Detection: Because Zscaler is always in-line with all of your Internet traffic, we can always inspect what content is trying to leave your organization. Even if it is hiding behind SSL. We’ll notice customer information, credit card numbers, financial data, secret formulas - or anything else that you tell us you don’t want going out - and we will both block it and notify you of the attempt.
Lock down unwanted ports, protocols, applications and destinations: Want to make sure that computers in your branch offices can’t be accessed by Microsoft Remote Desktop Protocol? Use Zscaler to disable it. Stop your point of sale terminals from communicating with anything in Russia, China or Iran. Turn off FTP, disable Skype and Bittorrent - with Zscaler you have complete control.
Behavioral analysis: Zscaler includes automatic sandboxing and behavioral analysis. We automatically move unknown or high-risk content into one of our sandboxes where our system can safely detonate it and observe malicious or suspicious behavior. If an application or file shows signs of being malicious, then it is immediately and automatically blocked for all 15 million Zscaler users A key feature we offer is the ability to quarantine zero-day files – so that no one ever gets infected.
However, it is also important to note that truly effective APT protection requires both dynamic and static analysis techniques. Behavioral analysis is simply one component of our overall continuous protection model.
Browser control: Attack vectors come from the Internet and thus browser (and related exploit) controls play a key role in limiting attacks. Zscaler provides robust browser controls ranging from only allowing specific browser/versions access to the internet to identifying specific plug-ins that are allowed. In this manner, we can automatically protect your users from risky or outdated software.
Inline scanning: Inline scanning ensures that all Internet traffic (inbound and outbound) can be inspected. This thorough approach ensures that all traffic, including active content attacks such as cross-site scripting can be detected and stopped. Inline scanning is also the only way to immediately stop detected threats. Compare this to hardware appliances that are deployed in TAP mode - so they can identify, but not block threats.
SSL inspection: More than 30% of internet traffic is SSL-encrypted with nearly all commercial applications like Salesforce and Box and most consumer cloud applications like Facebook and Google Apps requiring SSL. Lack of visibility into traffic encrypted via SSL means a huge gap in your protection. Performing SSL decryption inspection via Zscaler ensures that you have zero operational overhead and you can scale seamlessly as your traffic grows. In traditional on-premise or hybrid models, enterprises must add more hardware or cards to keep up with the demands on performance for SSL decryption.
Cloud Intelligence: At Zscaler, we leverage our nearly unlimited processing and storage capability, along with data from more 12 billion transactions daily to achieve faster detection with lower false positives. We see and correlate traffic from more than 15 million users at more than 5,000 enterprises, governments and military organizations. Your hardware appliance only sees the traffic you run through it.
Interrogator Technology: As each data packet goes through Zscaler, risk is assigned based on origin/destination, packet header content, and packet payload content. With full deep packet analysis in both directions we develop a complete risk model to decide whether static analysis, dynamic analysis, or both are required . This escalating risk model ensures a fast and thorough response.