SlideShare a Scribd company logo
1 of 34
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION0
Virtualized Firewall: Is it the panacea to
secure distributed enterprises?
ZSCALER CONFIDENTIAL INFORMATION
Dr. Amit Sinha
CTO, EVP of Engineering and Cloud Operations
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION1
Keynote Speaker
• Dr. Amit Sinha is a skilled entrepreneur and technology leader who has
driven the research and development of disruptive security and wireless
technologies at both start-ups and market-leading organizations.
• Prior to Zscaler, Dr. Sinha served as CTO for Motorola’s enterprise
networking and communications business, which he joined via its
acquisition of AirDefense where he held the same role. He has also
served as Chief Technologist at Engim, which he co-founded.
• Amit earned an MS and PhD in Electrical Engineering and Computer
Science from the Massachusetts Institute of Technology, and a B.Tech. in
Electrical Engineering from the Indian Institute of Technology, Delhi,
where he graduated summa cum laude and was awarded the President
of India Gold Medal. He holds 27 US patents and has contributed to
several books and dozens of conference and journal papers.
©2017 Zscaler, Inc. All rights reserved.
Dr. Amit Sinha
Chief Technology Officer,
Executive Vice President of Engineering
and Cloud Operations Zscaler, Inc.
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION2
Engage in the Discussion
• Type your questions into the chat box in the Webex
panel or email us at webcast@zscaler.com
• We’ll try to get to all questions during the Q&A
session. If we do not get to your question, we’ll make
sure to follow up afterwards
• At the end of the webcast – please let us know how
we did!
©2017 Zscaler, Inc. All rights reserved.
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION33 ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION
Cloud and mobility require a fundamental change
in network and security architecture
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION4
FW / IPS
Internet Gateway
URL Filter
Antivirus
DLP
SSL
Sandbox
Global LB
DDoS
Ext. FW/IPS
RAS (VPN)
Internal FW
Internal LB
Internet gateways
Secure access to the Internet
VPN gateways
Remote access to DC apps
CORPORATE NETWORK
Internet & VPN Gateway
Internet Gateway: Security perimeter to protect the corporate network
Circa 1987 – 1994– 1999 – 2000 – 2004
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION5
HQ
EMEA
Branch
APJ
Branch
Branch
Branch
Branch Branch BranchBranch
Home, Coffee Shop Airport, Hotel
SaaS Open Internet IaaS
Cloud and mobility break network security
The Internet is Your New Corporate NetworkHow do you secure a network (Internet) you don’t control?
“GE will run 70 percent of its
workload in the cloud by 2020”
Jim Fowler, CIO
“The Internet will be our new
corporate network by 2020”
Frederik Janssen, Head of Infrastructure
“Office 365 was built to be accessed
via direct Internet connection”
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION6
Zscaler enables secure IT transformation to the cloud
Internet and VPN Gateway
Ext. FW / IPS
URL Filtering
Antivirus
DLP
SSL
Sandbox
Global LB
DDoS
Ext FW/IPS
RAS (VPN)
Internal FW
Internal LB
SaaSOpen Internet
External
APPS
Data CenterIaaS
Internal
Internal (cloud or data center)
Connect a user to an authorized
private app (not network)
Fast and secure policy-based access to apps and services over the Internet
Any device, any location, on-net or off-net
External (open Internet or SaaS)
Nothing bad comes in,
nothing good leaks out
Zscaler
Internet Access
Zscaler
Private Access
HQMOBILE
BRANCHIOT
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION77 ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION
How do you architect a global security cloud?
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION8
A Cloud Gateway MUST be Comprehensive
INTERNET ACCESS PRIVATE APP ACCESS
ADVANCED THREAT PREVENTION
DATA LOSS PREVENTION
SECURE WEB GATEWAY
CLOUD FIREWALL
MICRO SEGEMENTATION OF APPS
BANDWIDTH CONTROL QOS
GLOBAL LOAD BALANCING
DDOS PROTECTION
CASB FOR INTERNAL APPS
SECURE APP ACCESS – WITHOUT VPN AND NGFW
APIs
Deep Malware
Analysis
Dynamic Risk Scoring of
all page objects
Data Privacy
Data must reside in the
geography of choice
regardless of where the access
Any User
Anywhere
Any Device
Policies follows the user
for consistency
Multitenant Security Platform – Inline – Extensible with APIs
Native SSL Inspection
Full inline, high-performance,
content inspections
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION9
Standard Enterprise Internet Gateway is VERY COMPLEX
Aggregation
Firewall Load Balancers
& VPNs
Web Filter
Sandbox
Flow Management
Edge Next-
Gen Firewall
DLP
SSL
HQ
11
9
8
7
6
5
4
3
2
1
12
10
13
14
16
17
18
19
20
21
22 2324
25
26
27
28
https://
15
Content Inspection
A simple web request takes 28 hops
Despite this massive investment, breaches are on the rise
Internet
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION10
New Threat New Threat New Threat New Threat New Threat
New Threat New Threat New Threat New Threat New Threat
DNS at 100Tbps
NGFW at 100Gbps
IPS at 10Gbps
LB at 100Gbps
Full AV at 10Mbps
SSL Proxy at 100Mbps
DLP at 10Mbps
Sandbox 1 file 5
every minutes
Challenges
• Single-tenant systems
(kernel)
• Separate control,
enforcement and logging
• No single policy object to
share context
• Expensive to deploy and
scale
• Poor user experience
New Threat New Threat New Threat New Threat New Threat
+1
+2
+3
+4
+5
+6
+7
+8
+9
+10
+11
+12
Latency
Building Cloud in 2007 with Appliances
Control, Enforce, Log
Control, Enforce, Log
Control, Enforce, Log
Control, Enforce, Log
Control, Enforce, Log
Control, Enforce, Log
Control, Enforce, Log
Control, Enforce, Log
How do you scale this stack
to 40Gbps?
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION11
New Threat New Threat New Threat New Threat New Threat
New Threat New Threat New Threat New Threat New Threat
DNS at 100Tbps
NGFW at 100Gbps
IPS at 10Gbps
LB at 100Gbps
Full AV at 10Mbps
SSL Proxy at 100Mbps
DLP at 10Mbps
Sandbox 1 file 5
every minutes
Remaining Challenges
• Single-tenant systems
(kernel)
• Separate control,
enforcement and logging
• No single policy object to
share context
• Poor user experience
New Threat New Threat New Threat New Threat New Threat
+1
+2
+3
+4
+5
+6
+7
+8
+9
+10
+11
+12
Latency
In 2017: Virtualization ?
Control, Enforce, Log
Control, Enforce, Log
Control, Enforce, Log
Control, Enforce, Log
Control, Enforce, Log
Control, Enforce, Log
Control, Enforce, Log
Control, Enforce, Log
VM VM VM VM
VM VM VM VM
VM VM VM VM
VM VM VM VM
VM VM
VM
VM
VM
VM
VM
VM
VM
Solves
• Horizontal scaling
• Hardware headaches
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION12
Every Appliance Vendor’s Dream
Traditional approach to local Internet breakouts with appliances
Expensive to Deploy Security CompromisesComplex to Manage
New York
Management
Platform
Logging &
Reporting
Identity Management
Server
Additional Requirements
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION13
C E L
C E L
C E L
C E L
LEGACY MODEL
C E L
C E L
• Multiple appliances, multiple hops
• Disparate control, logging and enforcement policies
• Constrained by throughput of slowest appliance
C E L
ZSCALER’S CLOUD
• Integrated control, logging and enforcement planes
• Single pass architecture
• Infinitely scalable
5MB
10MB
10GB
100MB
1GB
100GB
X
X
Zscaler Cloud vs Service Chaining
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION14
Central Authority (CA):
The control plane
• Data store for infrequent
changes but millions of reads
Nanolog:
The log plane
• Data store that can do millions of
writes but relatively infrequent reads
Zscaler Enforcement Nodes (ZENs):
The data plane
• Inline inspection of data packets and
policy enforcement at massive scale
700 Man Years of Code and over 100 Patents
Zscaler Software Defined Architecture
Would you build a power plant
with home generators?
HOME POWER
GENERATORS
POWER PLANT
NY
USER A
(policy
follows)
USA
EU
USER A
Private
London Sydney
Enforce
Log
Control
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION15
Secure
Ongoing third-
party testing
CertifiedReliable
Redundancy within and
failover across DCs
Transparent
Trust portal for service
availability monitoring
Zscaler – the largest security cloud. Reliable. Available. Fast.
35B+
Requests/day
125M+
Threats
blocked/day
120K+
Unique security
updates/day
100 data centers
across 5 continents
Peering in
Internet exchanges
150+
Vendors peered
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION1616 ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION
Secure network transformation from
hub-and-spoke to cloud-enabled enterprise
ZSCALER INTERNET ACCESS
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION17
Direct to Internet
Block the bad, protect the good
The best approach for SD-WAN and Office 365
Zscaler Internet Access – Fast, secure access to the Internet and SaaS
Data Center
APPSMPLS
HQMOBILE
BRANCHIOT
Your security stack as a service
Data Loss Prevention
Cloud Apps (CASB)
File Type Controls
Data Protection
Cloud Firewall
URL Filtering
Bandwidth Control
DNS Filtering
Access Control
Adv. Protection
Cloud Sandbox
Anti-Virus
DNS Security
Threat PreventionReal-time policy engine
Polices follow the user
Changes are immediately enforced, worldwide
Business analytics
Global visibility into apps and threats blocked
Identify botnet infected machines for remediation
Real-time policy and analytics
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION18
CONTROL
BANDWIDTH
SECURE ALL
PORTS & PROTOCOLS
MULTIPLE PROPRIETARY
INSPECTION METHODS
ADVANCED THREAT
PROTECTION
Behavioral
Analysis
Sandbox
CLOUD
EFFECT
SSMA™
All security engines fire with
each content scan – only
microsecond delay
ByteScan™
Each outbound/inbound byte
scanned, native SSL scanning
PageRisk™
Risk of each object computed
inline, dynamically
NanoLog™
50:1 compression,
real-time global log
consolidation
PolicyNow™
Polices follow the user for
Same on-premise, off-
premise protection™
120,000
Unique updates per day
125 Million
Threats blocked per Day
Cutting edge security capabilities in the cloud
Dynamic Content
Classification
Proprietary
Risk Index
Anti-Malware
XSS Protection
CVE Protection
Bandwidth
Control
QoSURL Filtering
Proxy (SSL)
Block Lists
File Type Control
DNS Filtering
Cloud FW (NGFW)
Browser Control
Full Inline Inspection &
Correlation of Threat Indicators
60+ threat feeds
Find once, block
everywhere
35 Billion
Requests per Day
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION19
When the Board asks, “Have We been Compromised?”
THREATS BLOCKED
13.5 M
1092.0 K
270.3 K
47.7 K
45.6 K
33.8 K
5.2 K
383
Malicious Content
Botnet
Spyware or Adware
Phishing
Browser Exploit
Cross-site Scripting
Unauthorized Communication
Peer-to-Peer
BOTNET TRAFFIC BY LOCATION
313.5 K
273.9 K
203.2 K
115.8 K
76.2 K
Beijing
Sau Paulo
San Francisco
Tokyo
France
Zscaler applied immediate value during the proof-of-concept when we identified botnet infected
machines. We’ve easily seen a 60% drop in malware related tickets after rolling out Zscaler.
— Seth McCallister, Head of Global Information Security, Beam Suntory
BOTNETC&CUSER
BOTNET INFECTED MACHINES
Actionable intelligence to remediate botnet infected machines
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION20
ZSCALERTECHNOLOGY
PARTNERS
Securely enable the usage of cloud apps
Zscaler provides inline CASB functionality and partners for out-of-band controls
VISIBILITY
APP RISK SCORING
DATA LOSS PREVENTION
ACCESS CONTROL
INLINE CASB
OUT-OF-BAND CASB (API)
THREAT PREVENTIONAPI Integration
(In development)
SaaSOpen Internet
External
APPS
Data CenterIaaS
Internal
HQMOBILE
BRANCHIOT
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION21
When the auditor asks, “Which cloud apps are we using?”
It starts with processing all Internet traffic (including SSL), not a few sites
MEDIA AND FILE SHARING
Is YouTube hogging Internet
bandwidth?
How big are logs for 10K users?
30M trans/day, 60GB logs/day
Often sit at many locations/GWs
Power of Zscaler NanoLog
All logs for all users, all locations at your console
within a minute – interactive analysis and
and drill-down
Good reporting and actionable info
starts with good logs
Can you prioritize Office 365
over streaming?
BUSINESS APPS WEBMAIL
Do you allow access to
Russian webmail?
DEVELOPMENT
Is your intellectual property
stored on GitHub?
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION22
Enabling leadings brands to securely transform their IT to the cloud
Business Drivers
• Enable a user-centric experience
• Build a scalable architecture
• Enable a fast and secure direct-to-cloud experience
Bringing secure Internet access to 315K employees
The Zscaler Difference
• Immediate 30% savings on MPLS costs
• Fast Internet experience – home experience
• Foundation for the Internet-only branch
Secure 270 retail locations
Business Drivers
• Reduce number of botnet infected machines
• Support an aggressive acquisition strategy
• Meet external security requirements
The Zscaler Difference
• Eliminated the need to buy 540 branch NGFWs/UTMs
• Full security stack – SSL inspection
• Deployed in 2 months – quick to turn on new sites
WAN Transformation: Fast Office 365 experience
Business Drivers
• Fast Office 365 experience – eliminate WAN congestion
• Support increase in firewall sessions without refreshing firewalls (cost)
• Avoid deploying branch NGFWs – too expensive (650 locations)
The Zscaler Difference
• Local Internet breakouts for fast connections
• Cloud Firewall - scales elastically, per user, not bandwidth
• One-click Office 365 URL and IP updates
Office 365 is finally the highest use – not YouTube
40% of bandwidth
reserved for O365
during periods of
contention
YouTube
capped at 20%
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION2323 ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION
Secure application transformation
from data center to public or private cloud
ZSCALER PRIVATE ACCESS
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION24
Global LB
DDoS
Ext. FW / IPSInternal LB
Internal FW
RAS (VPN)
Internet
VPN Gateway: Complex, expensive, and poor user experience
Site-to-site VPN
Apps moved to a modern platform. Access is still using 30-year old technology.
How do you access internal
apps on Azure of AWS?
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION25
Zscaler Private Access – Fast, secure access to apps in Azure and AWS
Z-APP
2
Innovative design
Cloud policy engine – define user app
access rights (auth before access)
1
Z-APP – Request access to app2
Z-Connectors – sits in front of apps.
Starts inside out connection
3
Zscaler cloud brokers a secure connection
between the Z-Connector and Z-App
Z-CONNECTORS
3
3
1 POLICY (Brokers)
DATA CENTER
Internal application access without bringing users on the network
Secure App Access
without VPN and NGFWs
App Discovery (CASB for Internal Apps)
App and User Monitoring (DLP with Zscaler Internet Access)
Data Protection
User to App Policies
Multifactor Auth. – Private Certificates
Access Control
Users never on the network
DDoS Prevention – apps not exposed to the Internet
App Micro Segmentation – not network segmentation
Threat Prevention
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION26
Gain visibility into internal applications, and then tailor policies
Over 4K apps
discovered
Policies enforced for 1 user
over 8K times
High helpdesk
transaction volume
HVAC consultants
can only access the
HVAC app
Only execs
and Finance
can access
financial apps
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION27
Enabling leadings brands to securely transform their IT to the cloud
Business Drivers
• 100% cloud – AWS, SaaS
• Didn’t want to get into the datacenter, networking or security business
• Better user experience to access apps on AWS
Access to Apps on AWS – no site-to-site VPNs
The Zscaler Difference
• Business policies connected users to apps – not networks
• Eliminated the need to network VPC together
• Users no longer need to know which VPC to connect, only the domain
Business Drivers
• Aggressive acquisition strategy (33), 2017 St. Jude Medical – 18K employees
• Typical network integration would take 9-12 months
• Needed quicker integration velocity
Mergers and Acquisitions
The Zscaler Difference
• No network integration needed – policy defined access, not networks
• Shortened integration timeframe to 2-3 months.
Business Drivers
• Partner Insurance Agents targeted with phishing attack
• To limit network exposure, VPN had to be disabled
• Insurance Agents ability to sell Mass Mutual severely hindered
VPN Replacement
The Zscaler Difference
• App access provided without bringing users on the network
• No threat of lateral movement
• From start to finish, Mass Mutual fully deployed in 1 week with ZPA!
Business Drivers
• Extensive partner ecosystem for engine manufacturing
• Need quick and secure way to give partner’s access to apps
Secure Partner Access
The Zscaler Difference
• Quickly grant access to apps – didn’t require network access
• Eliminated the threat of lateral movement
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION2828 ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION
About Zscaler
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION29
Zscaler: The market leader in cloud security
Most Discerning Enterprise Customers
2,700 CUSTOMERS
Over 80 of the Fortune 500
54% International
Global Partners
100
Data centers
35B
Daily requests
185
Countries served
Unparalleled Cloud Scale
Largest Cloud Security Platform in the World
Mature Global Cloud Operations
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION30
PROTECTION
ACROSS COUNTRIES
190
130
125
113
70
LOCATIONS
PROTECTED
30,000
12,000
6,000
900
500
EMPLOYEES
PROTECTED
400K
125K
120K
80K
1.6M
1.3M
OFFICE 365
MONTHLY TRAFFIC
83 TB
44 TB
37 TB
35 TB
Unparalleled Cloud Scale
All users – All traffic
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION31
Leader – 7 years
in a row
Leading industry analysts agree…
Zscaler is a very strong choice for any
organization interested in a cloud gateway.
…On-premises web content security
can’t protect digital business…
©2017 Zscaler, Inc. All rights reserved.32
Access to the Internet and apps1
IDENTITY & ACCESS4 REPORTING & ANALYTICS5
DEVICE MANAGEMENT
& PROTECTION
3
Critical integration partner positioned in the data path
BRANCH (SD-WAN)2
APPS
HQMOBILE
BRANCHIOT
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION33
Thank You!
Questions and Next Steps
33
©2016 Zscaler, Inc. All rights reserved.
Dr. Amit Sinha
Chief Technology Officer,
Executive Vice President of Engineering and
Cloud Operations
Zscaler, Inc.
Learn more about Zscaler
The Definitive Guide to Networking for Office 365
https://www.zscaler.com/O365
Request a demonstration
https://www.zscaler.com/firewall
Upcoming Webcasts
Pitfalls to avoid when deploying Office 365
Tuesday, Nov 7th, 2017
Register @ www.zscaler.com/company/webcasts

More Related Content

What's hot

Three ways-zero-trust-security-redefines-partner-access-ch
Three ways-zero-trust-security-redefines-partner-access-chThree ways-zero-trust-security-redefines-partner-access-ch
Three ways-zero-trust-security-redefines-partner-access-chZscaler
 
Migration to microsoft_azure_with_zscaler
Migration to microsoft_azure_with_zscalerMigration to microsoft_azure_with_zscaler
Migration to microsoft_azure_with_zscalerZscaler
 
Zscaler ThreatLabz dissects the latest SSL security attacks
Zscaler ThreatLabz dissects the latest SSL security attacksZscaler ThreatLabz dissects the latest SSL security attacks
Zscaler ThreatLabz dissects the latest SSL security attacksZscaler
 
3 reasons-sdp-is-replacing-vpn-in-2019
3 reasons-sdp-is-replacing-vpn-in-20193 reasons-sdp-is-replacing-vpn-in-2019
3 reasons-sdp-is-replacing-vpn-in-2019Zscaler
 
Schneider electric powers security transformation with one simple app copy
Schneider electric powers security transformation with one simple app   copySchneider electric powers security transformation with one simple app   copy
Schneider electric powers security transformation with one simple app copyZscaler
 
Three Key Steps for Moving Your Branches to the Cloud
Three Key Steps for Moving Your Branches to the CloudThree Key Steps for Moving Your Branches to the Cloud
Three Key Steps for Moving Your Branches to the CloudZscaler
 
Rethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation EraRethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation EraZscaler
 
The secure, direct to-internet branch
The secure, direct to-internet branchThe secure, direct to-internet branch
The secure, direct to-internet branchZscaler
 
Dissecting ssl threats
Dissecting ssl threatsDissecting ssl threats
Dissecting ssl threatsZscaler
 
Maximize your cloud app control with Microsoft MCAS and Zscaler
Maximize your cloud app control with Microsoft MCAS and ZscalerMaximize your cloud app control with Microsoft MCAS and Zscaler
Maximize your cloud app control with Microsoft MCAS and ZscalerAnkit Dua
 
Office 365 kelly services
Office 365 kelly servicesOffice 365 kelly services
Office 365 kelly servicesZscaler
 
Overcoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the CloudOvercoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the CloudZscaler
 
Moving from appliances to cloud security with phoenix children's hospital
Moving from appliances to cloud security with phoenix children's hospitalMoving from appliances to cloud security with phoenix children's hospital
Moving from appliances to cloud security with phoenix children's hospitalZscaler
 
O365 quick with fast user experience
O365 quick with fast user experienceO365 quick with fast user experience
O365 quick with fast user experienceZscaler
 
How sdp delivers_zero_trust
How sdp delivers_zero_trustHow sdp delivers_zero_trust
How sdp delivers_zero_trustZscaler
 
The evolution of IT in a cloud world
The evolution of IT in a cloud worldThe evolution of IT in a cloud world
The evolution of IT in a cloud worldZscaler
 
Rethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation EraRethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation EraZscaler
 
Secure remote access to AWS your users will love
Secure remote access to AWS your users will loveSecure remote access to AWS your users will love
Secure remote access to AWS your users will loveZscaler
 
SD-WAN plus cloud security
SD-WAN plus cloud securitySD-WAN plus cloud security
SD-WAN plus cloud securityZscaler
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Zscaler
 

What's hot (20)

Three ways-zero-trust-security-redefines-partner-access-ch
Three ways-zero-trust-security-redefines-partner-access-chThree ways-zero-trust-security-redefines-partner-access-ch
Three ways-zero-trust-security-redefines-partner-access-ch
 
Migration to microsoft_azure_with_zscaler
Migration to microsoft_azure_with_zscalerMigration to microsoft_azure_with_zscaler
Migration to microsoft_azure_with_zscaler
 
Zscaler ThreatLabz dissects the latest SSL security attacks
Zscaler ThreatLabz dissects the latest SSL security attacksZscaler ThreatLabz dissects the latest SSL security attacks
Zscaler ThreatLabz dissects the latest SSL security attacks
 
3 reasons-sdp-is-replacing-vpn-in-2019
3 reasons-sdp-is-replacing-vpn-in-20193 reasons-sdp-is-replacing-vpn-in-2019
3 reasons-sdp-is-replacing-vpn-in-2019
 
Schneider electric powers security transformation with one simple app copy
Schneider electric powers security transformation with one simple app   copySchneider electric powers security transformation with one simple app   copy
Schneider electric powers security transformation with one simple app copy
 
Three Key Steps for Moving Your Branches to the Cloud
Three Key Steps for Moving Your Branches to the CloudThree Key Steps for Moving Your Branches to the Cloud
Three Key Steps for Moving Your Branches to the Cloud
 
Rethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation EraRethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation Era
 
The secure, direct to-internet branch
The secure, direct to-internet branchThe secure, direct to-internet branch
The secure, direct to-internet branch
 
Dissecting ssl threats
Dissecting ssl threatsDissecting ssl threats
Dissecting ssl threats
 
Maximize your cloud app control with Microsoft MCAS and Zscaler
Maximize your cloud app control with Microsoft MCAS and ZscalerMaximize your cloud app control with Microsoft MCAS and Zscaler
Maximize your cloud app control with Microsoft MCAS and Zscaler
 
Office 365 kelly services
Office 365 kelly servicesOffice 365 kelly services
Office 365 kelly services
 
Overcoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the CloudOvercoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the Cloud
 
Moving from appliances to cloud security with phoenix children's hospital
Moving from appliances to cloud security with phoenix children's hospitalMoving from appliances to cloud security with phoenix children's hospital
Moving from appliances to cloud security with phoenix children's hospital
 
O365 quick with fast user experience
O365 quick with fast user experienceO365 quick with fast user experience
O365 quick with fast user experience
 
How sdp delivers_zero_trust
How sdp delivers_zero_trustHow sdp delivers_zero_trust
How sdp delivers_zero_trust
 
The evolution of IT in a cloud world
The evolution of IT in a cloud worldThe evolution of IT in a cloud world
The evolution of IT in a cloud world
 
Rethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation EraRethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation Era
 
Secure remote access to AWS your users will love
Secure remote access to AWS your users will loveSecure remote access to AWS your users will love
Secure remote access to AWS your users will love
 
SD-WAN plus cloud security
SD-WAN plus cloud securitySD-WAN plus cloud security
SD-WAN plus cloud security
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?
 

Similar to Virtualized Firewall: Is it the panacea to secure distributed enterprises?

הילל קוברובסקי - אתגרי אבטחת מידע והגנת סייבר בחיבור מאובטח לעבודה מרחוק של ע...
הילל קוברובסקי - אתגרי אבטחת מידע והגנת סייבר בחיבור מאובטח לעבודה מרחוק של ע...הילל קוברובסקי - אתגרי אבטחת מידע והגנת סייבר בחיבור מאובטח לעבודה מרחוק של ע...
הילל קוברובסקי - אתגרי אבטחת מידע והגנת סייבר בחיבור מאובטח לעבודה מרחוק של ע...Hillel Kobrovski
 
Next Generation Security
Next Generation SecurityNext Generation Security
Next Generation SecurityCisco Canada
 
Cisco Connect 2018 Singapore - Cisco SD-WAN
Cisco Connect 2018 Singapore - Cisco SD-WANCisco Connect 2018 Singapore - Cisco SD-WAN
Cisco Connect 2018 Singapore - Cisco SD-WANNetworkCollaborators
 
Интуитивная сеть как платформа для надежного бизнеса
Интуитивная сеть как платформа для надежного бизнесаИнтуитивная сеть как платформа для надежного бизнеса
Интуитивная сеть как платформа для надежного бизнесаCisco Russia
 
Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?
Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?
Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?michaelbasoah
 
Alpha & Omega's Managed Security
Alpha & Omega's Managed SecurityAlpha & Omega's Managed Security
Alpha & Omega's Managed SecurityDarryl Santa
 
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...ADVA
 
Maximize your cloud app control with Microsoft MCAS and Zscaler
Maximize your cloud app control with Microsoft MCAS and ZscalerMaximize your cloud app control with Microsoft MCAS and Zscaler
Maximize your cloud app control with Microsoft MCAS and ZscalerZscaler
 
Palo Alto Networks y la tecnología de Next Generation Firewall
Palo Alto Networks y la tecnología de Next Generation FirewallPalo Alto Networks y la tecnología de Next Generation Firewall
Palo Alto Networks y la tecnología de Next Generation FirewallMundo Contact
 
Introduction of Cloudflare Solution for Mobile Payment
Introduction of Cloudflare Solution for Mobile PaymentIntroduction of Cloudflare Solution for Mobile Payment
Introduction of Cloudflare Solution for Mobile PaymentJean Ryu
 
Cisco connect winnipeg 2018 we make it simple
Cisco connect winnipeg 2018   we make it simpleCisco connect winnipeg 2018   we make it simple
Cisco connect winnipeg 2018 we make it simpleCisco Canada
 
Breakfast Briefing- Natilik & Cisco Introducing The Network. Intuitive.
Breakfast Briefing- Natilik & Cisco Introducing The Network. Intuitive.Breakfast Briefing- Natilik & Cisco Introducing The Network. Intuitive.
Breakfast Briefing- Natilik & Cisco Introducing The Network. Intuitive.Natilik
 
Streamline and Secure Your Network and Users
Streamline and Secure Your Network and UsersStreamline and Secure Your Network and Users
Streamline and Secure Your Network and UsersFrederik Lawson
 
Precise, Predictive, and Connected: DDS and OPC UA – Real-Time Connectivity A...
Precise, Predictive, and Connected: DDS and OPC UA – Real-Time Connectivity A...Precise, Predictive, and Connected: DDS and OPC UA – Real-Time Connectivity A...
Precise, Predictive, and Connected: DDS and OPC UA – Real-Time Connectivity A...Real-Time Innovations (RTI)
 
Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...
Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...
Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...Cisco Russia
 
Network security security landscape-10-11-2016 part i 1200 dpi (vgarr)
Network security security landscape-10-11-2016 part i 1200 dpi (vgarr)Network security security landscape-10-11-2016 part i 1200 dpi (vgarr)
Network security security landscape-10-11-2016 part i 1200 dpi (vgarr)Vince Garr
 
2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinarAlgoSec
 
What is ThousandEyes Webinar
What is ThousandEyes WebinarWhat is ThousandEyes Webinar
What is ThousandEyes WebinarThousandEyes
 

Similar to Virtualized Firewall: Is it the panacea to secure distributed enterprises? (20)

הילל קוברובסקי - אתגרי אבטחת מידע והגנת סייבר בחיבור מאובטח לעבודה מרחוק של ע...
הילל קוברובסקי - אתגרי אבטחת מידע והגנת סייבר בחיבור מאובטח לעבודה מרחוק של ע...הילל קוברובסקי - אתגרי אבטחת מידע והגנת סייבר בחיבור מאובטח לעבודה מרחוק של ע...
הילל קוברובסקי - אתגרי אבטחת מידע והגנת סייבר בחיבור מאובטח לעבודה מרחוק של ע...
 
Netpluz corp presentation 2020
Netpluz corp presentation 2020Netpluz corp presentation 2020
Netpluz corp presentation 2020
 
Next Generation Security
Next Generation SecurityNext Generation Security
Next Generation Security
 
Cisco Connect 2018 Singapore - Cisco SD-WAN
Cisco Connect 2018 Singapore - Cisco SD-WANCisco Connect 2018 Singapore - Cisco SD-WAN
Cisco Connect 2018 Singapore - Cisco SD-WAN
 
Интуитивная сеть как платформа для надежного бизнеса
Интуитивная сеть как платформа для надежного бизнесаИнтуитивная сеть как платформа для надежного бизнеса
Интуитивная сеть как платформа для надежного бизнеса
 
Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?
Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?
Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?
 
Alpha & Omega's Managed Security
Alpha & Omega's Managed SecurityAlpha & Omega's Managed Security
Alpha & Omega's Managed Security
 
Conférence ARBOR ACSS 2018
Conférence ARBOR ACSS 2018Conférence ARBOR ACSS 2018
Conférence ARBOR ACSS 2018
 
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...
 
Maximize your cloud app control with Microsoft MCAS and Zscaler
Maximize your cloud app control with Microsoft MCAS and ZscalerMaximize your cloud app control with Microsoft MCAS and Zscaler
Maximize your cloud app control with Microsoft MCAS and Zscaler
 
Palo Alto Networks y la tecnología de Next Generation Firewall
Palo Alto Networks y la tecnología de Next Generation FirewallPalo Alto Networks y la tecnología de Next Generation Firewall
Palo Alto Networks y la tecnología de Next Generation Firewall
 
Introduction of Cloudflare Solution for Mobile Payment
Introduction of Cloudflare Solution for Mobile PaymentIntroduction of Cloudflare Solution for Mobile Payment
Introduction of Cloudflare Solution for Mobile Payment
 
Cisco connect winnipeg 2018 we make it simple
Cisco connect winnipeg 2018   we make it simpleCisco connect winnipeg 2018   we make it simple
Cisco connect winnipeg 2018 we make it simple
 
Breakfast Briefing- Natilik & Cisco Introducing The Network. Intuitive.
Breakfast Briefing- Natilik & Cisco Introducing The Network. Intuitive.Breakfast Briefing- Natilik & Cisco Introducing The Network. Intuitive.
Breakfast Briefing- Natilik & Cisco Introducing The Network. Intuitive.
 
Streamline and Secure Your Network and Users
Streamline and Secure Your Network and UsersStreamline and Secure Your Network and Users
Streamline and Secure Your Network and Users
 
Precise, Predictive, and Connected: DDS and OPC UA – Real-Time Connectivity A...
Precise, Predictive, and Connected: DDS and OPC UA – Real-Time Connectivity A...Precise, Predictive, and Connected: DDS and OPC UA – Real-Time Connectivity A...
Precise, Predictive, and Connected: DDS and OPC UA – Real-Time Connectivity A...
 
Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...
Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...
Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...
 
Network security security landscape-10-11-2016 part i 1200 dpi (vgarr)
Network security security landscape-10-11-2016 part i 1200 dpi (vgarr)Network security security landscape-10-11-2016 part i 1200 dpi (vgarr)
Network security security landscape-10-11-2016 part i 1200 dpi (vgarr)
 
2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar
 
What is ThousandEyes Webinar
What is ThousandEyes WebinarWhat is ThousandEyes Webinar
What is ThousandEyes Webinar
 

More from Zscaler

Zscaler mondi webinar
Zscaler mondi webinarZscaler mondi webinar
Zscaler mondi webinarZscaler
 
Top 5 mistakes deploying o365
Top 5 mistakes deploying o365Top 5 mistakes deploying o365
Top 5 mistakes deploying o365Zscaler
 
Zenith Live - Security Lab - Phantom
Zenith Live - Security Lab - PhantomZenith Live - Security Lab - Phantom
Zenith Live - Security Lab - PhantomZscaler
 
Office 365 deployment
Office 365 deploymentOffice 365 deployment
Office 365 deploymentZscaler
 
Top reasons o365 deployments fail
Top reasons o365 deployments failTop reasons o365 deployments fail
Top reasons o365 deployments failZscaler
 
GDPR - are you ready?
GDPR - are you ready?GDPR - are you ready?
GDPR - are you ready?Zscaler
 
DNS Security, is it enough?
DNS Security, is it enough? DNS Security, is it enough?
DNS Security, is it enough? Zscaler
 

More from Zscaler (7)

Zscaler mondi webinar
Zscaler mondi webinarZscaler mondi webinar
Zscaler mondi webinar
 
Top 5 mistakes deploying o365
Top 5 mistakes deploying o365Top 5 mistakes deploying o365
Top 5 mistakes deploying o365
 
Zenith Live - Security Lab - Phantom
Zenith Live - Security Lab - PhantomZenith Live - Security Lab - Phantom
Zenith Live - Security Lab - Phantom
 
Office 365 deployment
Office 365 deploymentOffice 365 deployment
Office 365 deployment
 
Top reasons o365 deployments fail
Top reasons o365 deployments failTop reasons o365 deployments fail
Top reasons o365 deployments fail
 
GDPR - are you ready?
GDPR - are you ready?GDPR - are you ready?
GDPR - are you ready?
 
DNS Security, is it enough?
DNS Security, is it enough? DNS Security, is it enough?
DNS Security, is it enough?
 

Recently uploaded

Cybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and BadCybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and BadIvo Andreev
 
IA Generativa y Grafos de Neo4j: RAG time
IA Generativa y Grafos de Neo4j: RAG timeIA Generativa y Grafos de Neo4j: RAG time
IA Generativa y Grafos de Neo4j: RAG timeNeo4j
 
eAuditor Audits & Inspections - conduct field inspections
eAuditor Audits & Inspections - conduct field inspectionseAuditor Audits & Inspections - conduct field inspections
eAuditor Audits & Inspections - conduct field inspectionsNirav Modi
 
JS-Experts - Cybersecurity for Generative AI
JS-Experts - Cybersecurity for Generative AIJS-Experts - Cybersecurity for Generative AI
JS-Experts - Cybersecurity for Generative AIIvo Andreev
 
Kawika Technologies pvt ltd Software Development Company in Trivandrum
Kawika Technologies pvt ltd Software Development Company in TrivandrumKawika Technologies pvt ltd Software Development Company in Trivandrum
Kawika Technologies pvt ltd Software Development Company in TrivandrumKawika Technologies
 
ERP For Electrical and Electronics manufecturing.pptx
ERP For Electrical and Electronics manufecturing.pptxERP For Electrical and Electronics manufecturing.pptx
ERP For Electrical and Electronics manufecturing.pptxAutus Cyber Tech
 
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdfARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdfTobias Schneck
 
Fields in Java and Kotlin and what to expect.pptx
Fields in Java and Kotlin and what to expect.pptxFields in Java and Kotlin and what to expect.pptx
Fields in Java and Kotlin and what to expect.pptxJoão Esperancinha
 
Introduction-to-Software-Development-Outsourcing.pptx
Introduction-to-Software-Development-Outsourcing.pptxIntroduction-to-Software-Development-Outsourcing.pptx
Introduction-to-Software-Development-Outsourcing.pptxIntelliSource Technologies
 
How Does the Epitome of Spyware Differ from Other Malicious Software?
How Does the Epitome of Spyware Differ from Other Malicious Software?How Does the Epitome of Spyware Differ from Other Malicious Software?
How Does the Epitome of Spyware Differ from Other Malicious Software?AmeliaSmith90
 
Sales Territory Management: A Definitive Guide to Expand Sales Coverage
Sales Territory Management: A Definitive Guide to Expand Sales CoverageSales Territory Management: A Definitive Guide to Expand Sales Coverage
Sales Territory Management: A Definitive Guide to Expand Sales CoverageDista
 
online pdf editor software solutions.pdf
online pdf editor software solutions.pdfonline pdf editor software solutions.pdf
online pdf editor software solutions.pdfMeon Technology
 
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...OnePlan Solutions
 
AI Embracing Every Shade of Human Beauty
AI Embracing Every Shade of Human BeautyAI Embracing Every Shade of Human Beauty
AI Embracing Every Shade of Human BeautyRaymond Okyere-Forson
 
Leveraging DxSherpa's Generative AI Services to Unlock Human-Machine Harmony
Leveraging DxSherpa's Generative AI Services to Unlock Human-Machine HarmonyLeveraging DxSherpa's Generative AI Services to Unlock Human-Machine Harmony
Leveraging DxSherpa's Generative AI Services to Unlock Human-Machine Harmonyelliciumsolutionspun
 
Webinar_050417_LeClair12345666777889.ppt
Webinar_050417_LeClair12345666777889.pptWebinar_050417_LeClair12345666777889.ppt
Webinar_050417_LeClair12345666777889.pptkinjal48
 
Why Choose Brain Inventory For Ecommerce Development.pdf
Why Choose Brain Inventory For Ecommerce Development.pdfWhy Choose Brain Inventory For Ecommerce Development.pdf
Why Choose Brain Inventory For Ecommerce Development.pdfBrain Inventory
 
Streamlining Your Application Builds with Cloud Native Buildpacks
Streamlining Your Application Builds  with Cloud Native BuildpacksStreamlining Your Application Builds  with Cloud Native Buildpacks
Streamlining Your Application Builds with Cloud Native BuildpacksVish Abrams
 
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/MLBig Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/MLAlluxio, Inc.
 

Recently uploaded (20)

Cybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and BadCybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and Bad
 
IA Generativa y Grafos de Neo4j: RAG time
IA Generativa y Grafos de Neo4j: RAG timeIA Generativa y Grafos de Neo4j: RAG time
IA Generativa y Grafos de Neo4j: RAG time
 
Salesforce AI Associate Certification.pptx
Salesforce AI Associate Certification.pptxSalesforce AI Associate Certification.pptx
Salesforce AI Associate Certification.pptx
 
eAuditor Audits & Inspections - conduct field inspections
eAuditor Audits & Inspections - conduct field inspectionseAuditor Audits & Inspections - conduct field inspections
eAuditor Audits & Inspections - conduct field inspections
 
JS-Experts - Cybersecurity for Generative AI
JS-Experts - Cybersecurity for Generative AIJS-Experts - Cybersecurity for Generative AI
JS-Experts - Cybersecurity for Generative AI
 
Kawika Technologies pvt ltd Software Development Company in Trivandrum
Kawika Technologies pvt ltd Software Development Company in TrivandrumKawika Technologies pvt ltd Software Development Company in Trivandrum
Kawika Technologies pvt ltd Software Development Company in Trivandrum
 
ERP For Electrical and Electronics manufecturing.pptx
ERP For Electrical and Electronics manufecturing.pptxERP For Electrical and Electronics manufecturing.pptx
ERP For Electrical and Electronics manufecturing.pptx
 
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdfARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
 
Fields in Java and Kotlin and what to expect.pptx
Fields in Java and Kotlin and what to expect.pptxFields in Java and Kotlin and what to expect.pptx
Fields in Java and Kotlin and what to expect.pptx
 
Introduction-to-Software-Development-Outsourcing.pptx
Introduction-to-Software-Development-Outsourcing.pptxIntroduction-to-Software-Development-Outsourcing.pptx
Introduction-to-Software-Development-Outsourcing.pptx
 
How Does the Epitome of Spyware Differ from Other Malicious Software?
How Does the Epitome of Spyware Differ from Other Malicious Software?How Does the Epitome of Spyware Differ from Other Malicious Software?
How Does the Epitome of Spyware Differ from Other Malicious Software?
 
Sales Territory Management: A Definitive Guide to Expand Sales Coverage
Sales Territory Management: A Definitive Guide to Expand Sales CoverageSales Territory Management: A Definitive Guide to Expand Sales Coverage
Sales Territory Management: A Definitive Guide to Expand Sales Coverage
 
online pdf editor software solutions.pdf
online pdf editor software solutions.pdfonline pdf editor software solutions.pdf
online pdf editor software solutions.pdf
 
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...
 
AI Embracing Every Shade of Human Beauty
AI Embracing Every Shade of Human BeautyAI Embracing Every Shade of Human Beauty
AI Embracing Every Shade of Human Beauty
 
Leveraging DxSherpa's Generative AI Services to Unlock Human-Machine Harmony
Leveraging DxSherpa's Generative AI Services to Unlock Human-Machine HarmonyLeveraging DxSherpa's Generative AI Services to Unlock Human-Machine Harmony
Leveraging DxSherpa's Generative AI Services to Unlock Human-Machine Harmony
 
Webinar_050417_LeClair12345666777889.ppt
Webinar_050417_LeClair12345666777889.pptWebinar_050417_LeClair12345666777889.ppt
Webinar_050417_LeClair12345666777889.ppt
 
Why Choose Brain Inventory For Ecommerce Development.pdf
Why Choose Brain Inventory For Ecommerce Development.pdfWhy Choose Brain Inventory For Ecommerce Development.pdf
Why Choose Brain Inventory For Ecommerce Development.pdf
 
Streamlining Your Application Builds with Cloud Native Buildpacks
Streamlining Your Application Builds  with Cloud Native BuildpacksStreamlining Your Application Builds  with Cloud Native Buildpacks
Streamlining Your Application Builds with Cloud Native Buildpacks
 
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/MLBig Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
 

Virtualized Firewall: Is it the panacea to secure distributed enterprises?

  • 1. ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION0 Virtualized Firewall: Is it the panacea to secure distributed enterprises? ZSCALER CONFIDENTIAL INFORMATION Dr. Amit Sinha CTO, EVP of Engineering and Cloud Operations
  • 2. ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION1 Keynote Speaker • Dr. Amit Sinha is a skilled entrepreneur and technology leader who has driven the research and development of disruptive security and wireless technologies at both start-ups and market-leading organizations. • Prior to Zscaler, Dr. Sinha served as CTO for Motorola’s enterprise networking and communications business, which he joined via its acquisition of AirDefense where he held the same role. He has also served as Chief Technologist at Engim, which he co-founded. • Amit earned an MS and PhD in Electrical Engineering and Computer Science from the Massachusetts Institute of Technology, and a B.Tech. in Electrical Engineering from the Indian Institute of Technology, Delhi, where he graduated summa cum laude and was awarded the President of India Gold Medal. He holds 27 US patents and has contributed to several books and dozens of conference and journal papers. ©2017 Zscaler, Inc. All rights reserved. Dr. Amit Sinha Chief Technology Officer, Executive Vice President of Engineering and Cloud Operations Zscaler, Inc.
  • 3. ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION2 Engage in the Discussion • Type your questions into the chat box in the Webex panel or email us at webcast@zscaler.com • We’ll try to get to all questions during the Q&A session. If we do not get to your question, we’ll make sure to follow up afterwards • At the end of the webcast – please let us know how we did! ©2017 Zscaler, Inc. All rights reserved.
  • 4. ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION33 ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION Cloud and mobility require a fundamental change in network and security architecture
  • 5. ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION4 FW / IPS Internet Gateway URL Filter Antivirus DLP SSL Sandbox Global LB DDoS Ext. FW/IPS RAS (VPN) Internal FW Internal LB Internet gateways Secure access to the Internet VPN gateways Remote access to DC apps CORPORATE NETWORK Internet & VPN Gateway Internet Gateway: Security perimeter to protect the corporate network Circa 1987 – 1994– 1999 – 2000 – 2004
  • 6. ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION5 HQ EMEA Branch APJ Branch Branch Branch Branch Branch BranchBranch Home, Coffee Shop Airport, Hotel SaaS Open Internet IaaS Cloud and mobility break network security The Internet is Your New Corporate NetworkHow do you secure a network (Internet) you don’t control? “GE will run 70 percent of its workload in the cloud by 2020” Jim Fowler, CIO “The Internet will be our new corporate network by 2020” Frederik Janssen, Head of Infrastructure “Office 365 was built to be accessed via direct Internet connection”
  • 7. ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION6 Zscaler enables secure IT transformation to the cloud Internet and VPN Gateway Ext. FW / IPS URL Filtering Antivirus DLP SSL Sandbox Global LB DDoS Ext FW/IPS RAS (VPN) Internal FW Internal LB SaaSOpen Internet External APPS Data CenterIaaS Internal Internal (cloud or data center) Connect a user to an authorized private app (not network) Fast and secure policy-based access to apps and services over the Internet Any device, any location, on-net or off-net External (open Internet or SaaS) Nothing bad comes in, nothing good leaks out Zscaler Internet Access Zscaler Private Access HQMOBILE BRANCHIOT
  • 8. ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION77 ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION How do you architect a global security cloud?
  • 9. ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION8 A Cloud Gateway MUST be Comprehensive INTERNET ACCESS PRIVATE APP ACCESS ADVANCED THREAT PREVENTION DATA LOSS PREVENTION SECURE WEB GATEWAY CLOUD FIREWALL MICRO SEGEMENTATION OF APPS BANDWIDTH CONTROL QOS GLOBAL LOAD BALANCING DDOS PROTECTION CASB FOR INTERNAL APPS SECURE APP ACCESS – WITHOUT VPN AND NGFW APIs Deep Malware Analysis Dynamic Risk Scoring of all page objects Data Privacy Data must reside in the geography of choice regardless of where the access Any User Anywhere Any Device Policies follows the user for consistency Multitenant Security Platform – Inline – Extensible with APIs Native SSL Inspection Full inline, high-performance, content inspections
  • 10. ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION9 Standard Enterprise Internet Gateway is VERY COMPLEX Aggregation Firewall Load Balancers & VPNs Web Filter Sandbox Flow Management Edge Next- Gen Firewall DLP SSL HQ 11 9 8 7 6 5 4 3 2 1 12 10 13 14 16 17 18 19 20 21 22 2324 25 26 27 28 https:// 15 Content Inspection A simple web request takes 28 hops Despite this massive investment, breaches are on the rise Internet
  • 11. ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION10 New Threat New Threat New Threat New Threat New Threat New Threat New Threat New Threat New Threat New Threat DNS at 100Tbps NGFW at 100Gbps IPS at 10Gbps LB at 100Gbps Full AV at 10Mbps SSL Proxy at 100Mbps DLP at 10Mbps Sandbox 1 file 5 every minutes Challenges • Single-tenant systems (kernel) • Separate control, enforcement and logging • No single policy object to share context • Expensive to deploy and scale • Poor user experience New Threat New Threat New Threat New Threat New Threat +1 +2 +3 +4 +5 +6 +7 +8 +9 +10 +11 +12 Latency Building Cloud in 2007 with Appliances Control, Enforce, Log Control, Enforce, Log Control, Enforce, Log Control, Enforce, Log Control, Enforce, Log Control, Enforce, Log Control, Enforce, Log Control, Enforce, Log How do you scale this stack to 40Gbps?
  • 12. ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION11 New Threat New Threat New Threat New Threat New Threat New Threat New Threat New Threat New Threat New Threat DNS at 100Tbps NGFW at 100Gbps IPS at 10Gbps LB at 100Gbps Full AV at 10Mbps SSL Proxy at 100Mbps DLP at 10Mbps Sandbox 1 file 5 every minutes Remaining Challenges • Single-tenant systems (kernel) • Separate control, enforcement and logging • No single policy object to share context • Poor user experience New Threat New Threat New Threat New Threat New Threat +1 +2 +3 +4 +5 +6 +7 +8 +9 +10 +11 +12 Latency In 2017: Virtualization ? Control, Enforce, Log Control, Enforce, Log Control, Enforce, Log Control, Enforce, Log Control, Enforce, Log Control, Enforce, Log Control, Enforce, Log Control, Enforce, Log VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM Solves • Horizontal scaling • Hardware headaches
  • 13. ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION12 Every Appliance Vendor’s Dream Traditional approach to local Internet breakouts with appliances Expensive to Deploy Security CompromisesComplex to Manage New York Management Platform Logging & Reporting Identity Management Server Additional Requirements
  • 14. ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION13 C E L C E L C E L C E L LEGACY MODEL C E L C E L • Multiple appliances, multiple hops • Disparate control, logging and enforcement policies • Constrained by throughput of slowest appliance C E L ZSCALER’S CLOUD • Integrated control, logging and enforcement planes • Single pass architecture • Infinitely scalable 5MB 10MB 10GB 100MB 1GB 100GB X X Zscaler Cloud vs Service Chaining
  • 15. ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION14 Central Authority (CA): The control plane • Data store for infrequent changes but millions of reads Nanolog: The log plane • Data store that can do millions of writes but relatively infrequent reads Zscaler Enforcement Nodes (ZENs): The data plane • Inline inspection of data packets and policy enforcement at massive scale 700 Man Years of Code and over 100 Patents Zscaler Software Defined Architecture Would you build a power plant with home generators? HOME POWER GENERATORS POWER PLANT NY USER A (policy follows) USA EU USER A Private London Sydney Enforce Log Control
  • 16. ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION15 Secure Ongoing third- party testing CertifiedReliable Redundancy within and failover across DCs Transparent Trust portal for service availability monitoring Zscaler – the largest security cloud. Reliable. Available. Fast. 35B+ Requests/day 125M+ Threats blocked/day 120K+ Unique security updates/day 100 data centers across 5 continents Peering in Internet exchanges 150+ Vendors peered
  • 17. ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION1616 ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION Secure network transformation from hub-and-spoke to cloud-enabled enterprise ZSCALER INTERNET ACCESS
  • 18. ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION17 Direct to Internet Block the bad, protect the good The best approach for SD-WAN and Office 365 Zscaler Internet Access – Fast, secure access to the Internet and SaaS Data Center APPSMPLS HQMOBILE BRANCHIOT Your security stack as a service Data Loss Prevention Cloud Apps (CASB) File Type Controls Data Protection Cloud Firewall URL Filtering Bandwidth Control DNS Filtering Access Control Adv. Protection Cloud Sandbox Anti-Virus DNS Security Threat PreventionReal-time policy engine Polices follow the user Changes are immediately enforced, worldwide Business analytics Global visibility into apps and threats blocked Identify botnet infected machines for remediation Real-time policy and analytics
  • 19. ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION18 CONTROL BANDWIDTH SECURE ALL PORTS & PROTOCOLS MULTIPLE PROPRIETARY INSPECTION METHODS ADVANCED THREAT PROTECTION Behavioral Analysis Sandbox CLOUD EFFECT SSMA™ All security engines fire with each content scan – only microsecond delay ByteScan™ Each outbound/inbound byte scanned, native SSL scanning PageRisk™ Risk of each object computed inline, dynamically NanoLog™ 50:1 compression, real-time global log consolidation PolicyNow™ Polices follow the user for Same on-premise, off- premise protection™ 120,000 Unique updates per day 125 Million Threats blocked per Day Cutting edge security capabilities in the cloud Dynamic Content Classification Proprietary Risk Index Anti-Malware XSS Protection CVE Protection Bandwidth Control QoSURL Filtering Proxy (SSL) Block Lists File Type Control DNS Filtering Cloud FW (NGFW) Browser Control Full Inline Inspection & Correlation of Threat Indicators 60+ threat feeds Find once, block everywhere 35 Billion Requests per Day
  • 20. ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION19 When the Board asks, “Have We been Compromised?” THREATS BLOCKED 13.5 M 1092.0 K 270.3 K 47.7 K 45.6 K 33.8 K 5.2 K 383 Malicious Content Botnet Spyware or Adware Phishing Browser Exploit Cross-site Scripting Unauthorized Communication Peer-to-Peer BOTNET TRAFFIC BY LOCATION 313.5 K 273.9 K 203.2 K 115.8 K 76.2 K Beijing Sau Paulo San Francisco Tokyo France Zscaler applied immediate value during the proof-of-concept when we identified botnet infected machines. We’ve easily seen a 60% drop in malware related tickets after rolling out Zscaler. — Seth McCallister, Head of Global Information Security, Beam Suntory BOTNETC&CUSER BOTNET INFECTED MACHINES Actionable intelligence to remediate botnet infected machines
  • 21. ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION20 ZSCALERTECHNOLOGY PARTNERS Securely enable the usage of cloud apps Zscaler provides inline CASB functionality and partners for out-of-band controls VISIBILITY APP RISK SCORING DATA LOSS PREVENTION ACCESS CONTROL INLINE CASB OUT-OF-BAND CASB (API) THREAT PREVENTIONAPI Integration (In development) SaaSOpen Internet External APPS Data CenterIaaS Internal HQMOBILE BRANCHIOT
  • 22. ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION21 When the auditor asks, “Which cloud apps are we using?” It starts with processing all Internet traffic (including SSL), not a few sites MEDIA AND FILE SHARING Is YouTube hogging Internet bandwidth? How big are logs for 10K users? 30M trans/day, 60GB logs/day Often sit at many locations/GWs Power of Zscaler NanoLog All logs for all users, all locations at your console within a minute – interactive analysis and and drill-down Good reporting and actionable info starts with good logs Can you prioritize Office 365 over streaming? BUSINESS APPS WEBMAIL Do you allow access to Russian webmail? DEVELOPMENT Is your intellectual property stored on GitHub?
  • 23. ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION22 Enabling leadings brands to securely transform their IT to the cloud Business Drivers • Enable a user-centric experience • Build a scalable architecture • Enable a fast and secure direct-to-cloud experience Bringing secure Internet access to 315K employees The Zscaler Difference • Immediate 30% savings on MPLS costs • Fast Internet experience – home experience • Foundation for the Internet-only branch Secure 270 retail locations Business Drivers • Reduce number of botnet infected machines • Support an aggressive acquisition strategy • Meet external security requirements The Zscaler Difference • Eliminated the need to buy 540 branch NGFWs/UTMs • Full security stack – SSL inspection • Deployed in 2 months – quick to turn on new sites WAN Transformation: Fast Office 365 experience Business Drivers • Fast Office 365 experience – eliminate WAN congestion • Support increase in firewall sessions without refreshing firewalls (cost) • Avoid deploying branch NGFWs – too expensive (650 locations) The Zscaler Difference • Local Internet breakouts for fast connections • Cloud Firewall - scales elastically, per user, not bandwidth • One-click Office 365 URL and IP updates Office 365 is finally the highest use – not YouTube 40% of bandwidth reserved for O365 during periods of contention YouTube capped at 20%
  • 24. ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION2323 ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION Secure application transformation from data center to public or private cloud ZSCALER PRIVATE ACCESS
  • 25. ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION24 Global LB DDoS Ext. FW / IPSInternal LB Internal FW RAS (VPN) Internet VPN Gateway: Complex, expensive, and poor user experience Site-to-site VPN Apps moved to a modern platform. Access is still using 30-year old technology. How do you access internal apps on Azure of AWS?
  • 26. ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION25 Zscaler Private Access – Fast, secure access to apps in Azure and AWS Z-APP 2 Innovative design Cloud policy engine – define user app access rights (auth before access) 1 Z-APP – Request access to app2 Z-Connectors – sits in front of apps. Starts inside out connection 3 Zscaler cloud brokers a secure connection between the Z-Connector and Z-App Z-CONNECTORS 3 3 1 POLICY (Brokers) DATA CENTER Internal application access without bringing users on the network Secure App Access without VPN and NGFWs App Discovery (CASB for Internal Apps) App and User Monitoring (DLP with Zscaler Internet Access) Data Protection User to App Policies Multifactor Auth. – Private Certificates Access Control Users never on the network DDoS Prevention – apps not exposed to the Internet App Micro Segmentation – not network segmentation Threat Prevention
  • 27. ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION26 Gain visibility into internal applications, and then tailor policies Over 4K apps discovered Policies enforced for 1 user over 8K times High helpdesk transaction volume HVAC consultants can only access the HVAC app Only execs and Finance can access financial apps
  • 28. ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION27 Enabling leadings brands to securely transform their IT to the cloud Business Drivers • 100% cloud – AWS, SaaS • Didn’t want to get into the datacenter, networking or security business • Better user experience to access apps on AWS Access to Apps on AWS – no site-to-site VPNs The Zscaler Difference • Business policies connected users to apps – not networks • Eliminated the need to network VPC together • Users no longer need to know which VPC to connect, only the domain Business Drivers • Aggressive acquisition strategy (33), 2017 St. Jude Medical – 18K employees • Typical network integration would take 9-12 months • Needed quicker integration velocity Mergers and Acquisitions The Zscaler Difference • No network integration needed – policy defined access, not networks • Shortened integration timeframe to 2-3 months. Business Drivers • Partner Insurance Agents targeted with phishing attack • To limit network exposure, VPN had to be disabled • Insurance Agents ability to sell Mass Mutual severely hindered VPN Replacement The Zscaler Difference • App access provided without bringing users on the network • No threat of lateral movement • From start to finish, Mass Mutual fully deployed in 1 week with ZPA! Business Drivers • Extensive partner ecosystem for engine manufacturing • Need quick and secure way to give partner’s access to apps Secure Partner Access The Zscaler Difference • Quickly grant access to apps – didn’t require network access • Eliminated the threat of lateral movement
  • 29. ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION2828 ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION About Zscaler
  • 30. ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION29 Zscaler: The market leader in cloud security Most Discerning Enterprise Customers 2,700 CUSTOMERS Over 80 of the Fortune 500 54% International Global Partners 100 Data centers 35B Daily requests 185 Countries served Unparalleled Cloud Scale Largest Cloud Security Platform in the World Mature Global Cloud Operations
  • 31. ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION30 PROTECTION ACROSS COUNTRIES 190 130 125 113 70 LOCATIONS PROTECTED 30,000 12,000 6,000 900 500 EMPLOYEES PROTECTED 400K 125K 120K 80K 1.6M 1.3M OFFICE 365 MONTHLY TRAFFIC 83 TB 44 TB 37 TB 35 TB Unparalleled Cloud Scale All users – All traffic
  • 32. ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION31 Leader – 7 years in a row Leading industry analysts agree… Zscaler is a very strong choice for any organization interested in a cloud gateway. …On-premises web content security can’t protect digital business…
  • 33. ©2017 Zscaler, Inc. All rights reserved.32 Access to the Internet and apps1 IDENTITY & ACCESS4 REPORTING & ANALYTICS5 DEVICE MANAGEMENT & PROTECTION 3 Critical integration partner positioned in the data path BRANCH (SD-WAN)2 APPS HQMOBILE BRANCHIOT
  • 34. ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION33 Thank You! Questions and Next Steps 33 ©2016 Zscaler, Inc. All rights reserved. Dr. Amit Sinha Chief Technology Officer, Executive Vice President of Engineering and Cloud Operations Zscaler, Inc. Learn more about Zscaler The Definitive Guide to Networking for Office 365 https://www.zscaler.com/O365 Request a demonstration https://www.zscaler.com/firewall Upcoming Webcasts Pitfalls to avoid when deploying Office 365 Tuesday, Nov 7th, 2017 Register @ www.zscaler.com/company/webcasts

Editor's Notes

  1. You can create a service chain of appliances, but you cant create a service chain of clouds.
  2. In 2010 you’d start with DNS, which can easily handle terabytes/sec of traffic. As you begin chaining services like Next-Gen firewalls and IPS, the maximum throughput drops and latency increases with each appliance. By the time you’re adding SSL proxy you have to incorporate load-balancers to have enough throughput, and latency is really suffering. AV and DLP only make this worse, not to mention sandboxing. On top of that, each of these solutions are from separate vendors, complicating configuration, enforcement, and logging.
  3. “state of the art” in 2017 is to leverage SDN and Network function virtualization to replace and scale appliances. Spin up VMS as you need them! Dynamically Route traffic through the services you need Service Chaining and Context Sharing between disparate functions Scale out for Tenancy, and Scale out for Performance.. Operational Nightmare! Assumes most advanced bundles will be less than 30% attach rate.
  4. But the Challenge of going direct to the Internet with appliances Deploy a bunch of appliances to all locations. How many locations does your customer have? Can they realistically deploy the same appliance stack sitting in their gateway to every location? No – creates expensive appliance sprawl. Pan will say – create regional hubs and backhaul traffic – which defeats the point of cloud applications and local internet breakouts OR Instead, security compromises - how many boxes can they afford and the level of security provided. Compromise leaves org vulnerable. And it is not just us saying this. When we asked end users at RSA about their concerns about creating local internet breakouts, They were concerned that it would require additional appliances, about the lack security and control with that many appliances – and that it would be too complex to manage Bottom line – appliances don’t work for breakouts. It no longer makes sense to backhaul outbound Internet traffic to a firewall in a regional or corporate datacenter. Expensive MPLS backhauling = negative user experience. It no longer makes sense to compromise security by installing smaller boxes in the branch.
  5. Single policy definition point Immediate policy enforcement Policy that follows the user 100+ Data Centers 150Gbps peak throughput a day Peering in major Internet Exchanges Every log transaction of every employee is available within a second or two Log files (never data) are only written to disk in a location of your choice
  6. Let me give you a bit more about what we mean by cloud scale and delivering the largest most reliable and available cloud. Our cloud is deployed in 100 data centers across 5 continents. So for instance, your employees sitting in Brazil go through the Brazil data center and employees sitting in India who go to Mumbai connect to the local data center I only talked about volume of traffic. The number of threats and level of innovation and sophistication is increasing rapidly, so you must be able to evolve your cloud to handle more frequent updates. Appliances were never designed for this frequency of updates. We do about a120,000 unique security updates every day. Imagine trying to update an appliance 120,000 times day. How often do you upgrade your appliances and how do you manage change control? The next thing I want to mention is appearing with Internet exchanges. We peer with all leading Internet exchanges and leading apps, ranging from Office 365, to Azure, AWS, Box and Salesforce. This helps you get the fastest performance because our data center sitting in Chicago and New York are peered with the content, giving you fastest connection from our cloud. We made sure that our cloud is very secure. We do ongoing internal testing and third-party testing and we are very good with redundancy — our cloud is built in from day 1 within our own infrastructure and across data centers where they can fail over. We have nothing to hide and have a Trust Portal which provides full monitoring for full transparency of both Zscaler and third-party partners. We are proud of our cloud and like to show how it’s performing.   Thanks to many of our early large enterprise customers, we’ve received a number of certifications for our cloud, including ISO 7001. These certifications are very important to us and we go through regular audits to maintain compliance. We’ve also received certification from EU-US Privacy Shield (the new agreement between the EU and US for transatlantic exchanges of personal data for commercial purposes).
  7. This is a screenshot of an analysis taken from a large European company that has 150,000 employees. Data taken over 3 months shows that employees clicked on malicious content over 13 million times and we blocked it. This company also had around 1 million botnet calls — that means infected pcs made 1 million calls to the company’s command and control center. It’s good thing we were in and we blocked all the calls. The next question is: How do you clean up those compromised PCs? You can drill down for example, but what I’m showing here is that you want to understand the traffic, by location, where the botnet calls are coming from. You can see in this example that Beijing is the most impacted site followed by Sau Paulo. You can drill down even further to see the actual users that are infected. The first column blurred out for obvious privacy reasons. The next column shows the command and control center where the botnet was calling You can see here that a bunch of these domains are randomly generated numbers or sit in Russia. Another thing to note is that over 47,000 times users were deceived and clicked on a URL that led them to a phishing site. And they had over a million botnet calls to C&Cs that were blocked.
  8. Zscaler continues to be the fastest-growing vendor in this market. Gartner estimates that Zscaler owns more than 50% of the market share (as measured by revenue) for cloud-based SWG services. The vendor is a good option for most enterprises seeking a cloud-based SWG.