About 33% of global network traffic is encrypted today, and is set to double in the coming year in some markets. Zscaler sits between users and the Internet, inspecting every byte of traffic—even if it’s encrypted or compressed—so we can catch hidden threats before they get into your network. In fact, we found that over 54% of SSL traffic that we inspected was hiding malware, which we blocked. Did you?
Ironically, increased use of SSL in attempt to make our online lives more secure can create ‘blind spots’ that can actually reduce security…NSS Labs
As the overall percentage of encrypted traffic explodes, it is becoming vital to do SSL inspection to ensure security. Hackers are increasingly using SSL to conceal device infections, shroud data exfiltration, and hide botnet Command & Control communications. Firewalls were not designed to handle decryption, and performance grinds to a halt when they try. Dedicated appliances are extremely costly. And ignoring the issue is becoming increasingly dangerous.
While the technology is the same for all vendors, only Zscaler’s high-performance architecture enables it at scale, without latency. Zscaler’s cloud security platform is built on a proxy architecture—long understood as the best way to handle SSL inspection. Unlike firewalls, Zscaler SSL inspection is built in, not bolt on, so there’s no hardware to buy, no software to install, and no infrastructure to maintain. Your users won’t see a performance hit, regardless of where they are or what devices they are using. And you’ll get the benefit of Zscaler’s “cloud effect,” which means that once we identify a threat across any of our 15 million users, we propagate protection across all 15 million users. You’ll be able to stop threats before they hit your network, stop botnet connections, and remediate infected devices before they wreak havoc.
For all users, including mobile users
Use your own PKI for SSL inspection: In addition to the Zscaler root CA, customers can deploy a self-signed Intermediate CA for SSL inspection. Customers can also refresh Intermediate CA at periodic intervals with an API for enhanced certificate security.
With Zscaler, you will no longer be blind to over 54% of threats.