Zscaler is always inline, inspecting every byte of traffic, so you’ll finally be able to see—and control—the cloud applications that are really in use in your organization. Zscaler sits between your users and the Internet—regardless of which device they are using or where they are located. Our cloud-based architecture gives you visibility in near real time, even on SSL‐encrypted traffic—something firewall vendors just aren’t designed to provide.
Because Zscaler looks at all traffic, attempts to navigate to suspicious sites are blocked before the request leaves your network. We can also prevent sensitive data from leaking out, helping you to meet compliance goals. And because we are also inspecting reply traffic, we can identify and stop malware and threats before they hit you. Finally, we act as an identity broker for key cloud applications such as Microsoft Office 365, Google Apps, Salesforce, and Box to provide secure access and enable single sign‐on (SSO) into these applications.
Cloud applications provide tremendous benefits, but they are notoriously hard to control. That’s because in many cases the use of cloud applications is completely legitimate; after all, many of your business apps are in the cloud, so you would expect to see traffic going there. Many other applications, including webmail and cloud storage, are used for both personal and business purposes. In fact, the ease with which cloud applications can be adopted is a big reason for the growth of Shadow IT.
Solutions have been limited. You could compile logs from proxies to get reports on cloud app use, but your visibility is reactive at best. Or you could deploy reverse proxies in front of applications if you don’t mind going app by app. Or you could just get Zscaler.
With the many benefits that cloud applications offer, however, they can also pose very real threats. Cloud apps can be a vector for malware, as can any site hosted on the Internet. Their use can sidestep the processes you’ve put in place to control data loss and to ensure industry and regulatory compliance. And because of the overlap between business and personal use, the user streaming a training video may be competing for bandwidth with another user streaming the latest movie.
In 2012, Gartner coined the term Cloud Application Security Brokers (CASB) to quantify a new offering that was entering the security scene. In some areas these products overlap with Zscaler’s offering, and in some areas the products are complementary.
CASB vendors offer three primary values at varying levels of maturity:
Zscaler excels at visibility and control of cloud applications, and we partner with select CASB vendors on API-based activities.
CASB vendors enable visibility and control for IT‐sanctioned cloud-based applications by sitting between users and those apps in the cloud. One of the primary differences between Zscaler technology and that of CASB vendors is that their implementations are specific to each application—so there will be a module specific to Office 365, another specific to Salesforce, and so on. Because the information that these vendors derive is different than what we arrive at, Zscaler will combine the risk finding from partner CASB vendors with our own, and we’ll show you everything.
Zscaler is built on a massively scalable, global proxy platform that was not constructed to tie into specific applications. In fact, Cloud Application Visibility and Control is only part of what we do. Unlike CASB vendors, who compile their statistics on non-sanctioned cloud app use by deriving information from customer logs, Zscaler sits inline and sees all traffic, sanctioned or not.
Another important difference is that Zscaler inspects all SSL-encrypted traffic. Due to the increasing length of keys and growing complexity of encryption schemes, most vendors simply don’t have the compute power to inspect everything. But this was one of the founding principles of Zscaler…and we were built to do it, from the ground up.
Easily drill down from the dashboard view to an application, to a location, or to a user.