Zero Trust Auto-Segmentation for Hybrid Cloud
Microsegmentation That Is Simpler And Stronger
Microsegments are created automatically
Automated Segmentation. Legacy microsegmentation involves multiple steps that can take months. Zscaler Workload Segmentation microsegmentation happens in mere minutes—with just one click. From mapping data flows, to measuring exposure risk, to deploying policies for enforcement, our microsegmentation is quick and simple.
Policies are built without any manual intervention
Policy Recommendation Engine. Based on the cryptographic identities of all software and machines communicating software on your networks, Zscaler Workload Segmentation eliminates risk by building policy recommendations using our patented machine learning technology. All software updates are captured instantly, making your days of manual policy creation a thing of the past.
Risk is reduced through policy compression
Risk-Based Policy Management. Policy Compression. At the heart of Zscaler Workload Segmentation’s policies is a model of every application connection across your environment. Using a combination of exposure, reputation, behaviors—and of course, software identity—Zscaler Workload Segmentation creates risk-driven policies that are 25x fewer than those of traditional microsegmentation tools.
Security outcomes are provable
Exposure Analysis (Risk Analysis). Zscaler Workload Segmentation automatically builds a real-time application topology map and measures network exposure. As you apply segmentation policies, see how risk is reduced as attack paths are blocked and critical assets are protected with the highest level of confidence.
Both software identity and machine identity are verified through cryptographic attributes
Zero Trust Identity. All software and machines in the environment are fingerprinted using a combination of cryptographic identity attributes. The identity of machines and software is the basis for every access control decision. Per our zero trust model, if a software or a machine can’t be verified, it can’t communicate, regardless of previous permissions. This ensures the strongest level of protection for your workloads, independent of network changes.
Segments adapt to accommodate app updates and changes
Adaptive Segments. Segmentation using traditional controls requires ongoing manual policy management because it can’t easily account for software updates and new hosts being added to a segment. In contrast, Zscaler Workload Segmentation segments are based on the identity of communicating software and not the network itself. This means that segments can adjust as new applications and hosts are added, verified, and permitted to communicate. The result: hardened security minus operational burden and complexity.
Security monitoring tools are enriched with app data
Easy to use API. Feeding your customized Zscaler Workload Segmentation application communication logs directly into your SIEM enables you to prioritize security events better, detect anomalous communication faster, and reduce alert fatigue, all while monitoring the health of your Zscaler Workload Segmentation implementation.
