CXO logo

Products > Zero Trust Microsegmentation

Zero Trust Auto-Segmentation for Hybrid Cloud

Microsegmentation That Is Simpler And Stronger

Microsegments are created automatically

Automated Segmentation. Legacy microsegmentation involves multiple steps that can take months. Zscaler Workload Segmentation microsegmentation happens in mere minutes—with just one click. From mapping data flows, to measuring exposure risk, to deploying policies for enforcement, our microsegmentation is quick and simple.

Microsegments are created automatically

Policies are built without any manual intervention

Policy Recommendation Engine. Based on the cryptographic identities of all software and machines communicating software on your networks, Zscaler Workload Segmentation eliminates risk by building policy recommendations using our patented machine learning technology. All software updates are captured instantly, making your days of manual policy creation a thing of the past.

Policies are built without any manual intervention

Risk is reduced through policy compression

Risk-Based Policy Management. Policy Compression. At the heart of Zscaler Workload Segmentation’s policies is a model of every application connection across your environment. Using a combination of exposure, reputation, behaviors—and of course, software identity—Zscaler Workload Segmentation creates risk-driven policies that are 25x fewer than those of traditional microsegmentation tools.

Risk is reduced through policy compression

Security outcomes are provable

Exposure Analysis (Risk Analysis). Zscaler Workload Segmentation automatically builds a real-time application topology map and measures network exposure. As you apply segmentation policies, see how risk is reduced as attack paths are blocked and critical assets are protected with the highest level of confidence.

Security outcomes are provable

Both software identity and machine identity are verified through cryptographic attributes

Zero Trust Identity. All software and machines in the environment are fingerprinted using a combination of cryptographic identity attributes. The identity of machines and software is the basis for every access control decision. Per our zero trust model, if a software or a machine can’t be verified, it can’t communicate, regardless of previous permissions. This ensures the strongest level of protection for your workloads, independent of network changes.

Both software identity and machine identity are verified through cryptographic attributes

Segments adapt to accommodate app updates and changes

Adaptive Segments. Segmentation using traditional controls requires ongoing manual policy management because it can’t easily account for software updates and new hosts being added to a segment. In contrast, Zscaler Workload Segmentation segments are based on the identity of communicating software and not the network itself. This means that segments can adjust as new applications and hosts are added, verified, and permitted to communicate. The result: hardened security minus operational burden and complexity.

Segments adapt to accommodate app updates and changes

Security monitoring tools are enriched with app data

Easy to use API. Feeding your customized Zscaler Workload Segmentation application communication logs directly into your SIEM enables you to prioritize security events better, detect anomalous communication faster, and reduce alert fatigue, all while monitoring the health of your Zscaler Workload Segmentation implementation.

Security monitoring tools are enriched with app data