Zscaler has been a leader in the secure access service edge (SASE) space for the last few years, dominating the relevant Gartner Magic Quadrant during that time.

What is Zscaler doing to grow their platform and solution to new heights? I went to Zenith Live 2022 in London to find out.

Their main move is a platform play. Zscaler has segued into micro-segmentation and cloud-native application security platforms. They've also made enhancements to their core product set. Their platform is now called the Zero Trust Exchange. It gives users secure access to applications in legacy data centers as well as in Infrastructure as a Service (IaaS) and Software as a Service (SaaS) environments. Zero Trust Exchange also helps users secure workloads.

This shift in approach is more than hitching their wagon to Zero Trust, the buzz phrase of the moment. It's about tying into the vendor, platform and solution consolidation themes touched on at the recent Gartner and RSA conferences.

Zscaler services

Zscaler has five main service offerings:

  1. Zscaler Internet Access (ZIA): The classic Cloud Secure Web Gateway service that gives users secure access to SaaS applications and the general internet.
  2. Zscaler Private Access (ZPA): Zero trust network access for a number of use cases, including VPN replacement and secure third-party access.
  3. Cloud-native Application Protection Platform (CNAPP): Provides assurance around cloud configuration and workload protection.
  4. Zscaler Workload Segmentation: Provides micro-segmentation to secure east-west traffic flows into data centers and/or IaaS.
  5. Zscaler Digital Experience (ZDX): Provides insights into managing the user experience when leveraging the Zscaler solutions.

Takeaways

As you can see, Zscaler is all about bringing security to cloud-based businesses. Here are a few of my takeaways from Zenith Live:

CNAPP provides posture control and workload security from build time to run time with threat correlation, data loss prevention (DLP) and vulnerability scanning. This provides high-fidelity alerts and actionable insights to your SOC.

ZIA will get DLP enhancements and integrations to Microsoft AIP. However, the main improvements are around support for cloud HSMs, IP v6 and HTTP/2 inspection.

The Zero Trust Zero Exchange and Branch Connector provides secure local internet breakout for branch sites as either part of a "traditional" SD-WAN offering or using Zscaler's Branch Connector capability, which can run on a generic server.

DLP and the Remote Browser Isolation (RBI) capability will also be extended to ZPA. This should prove particularly useful for the third-party access scenario where users may want to provide extra controls around this sort of access. Third-party access to applications can also be limited according to the time of day.

Adaptive RBI will mean that ZIA users are able to consume the RBI service ad hoc based upon the risk posed by a site rather than being a set feature for a user's session.

Device posture assessment means that controls can be set commensurate to the risk posed by users: Is the device managed? Is the firewall on? Is the AV client on? Controls can be dialed up for higher-risk devices and access to certain apps can be restricted.

The ZPA control plane infrastructure will gain from delegated tenant administration. This is not so much aimed at Managed Security Service Providers but at companies who have multiple agencies/departments/subsidiaries within an organization. It will allow these units to administer their configuration independently.

The client connector will be used to collect software inventory and process metrics from your end points. This will provide software package history and process performance insights to operational teams.

Zscaler Workload Segmentation will gain AI-based segmentation in a bid to limit the attack surface and de-risk the roll out of micro-segmentation to the "availability" of the protected systems. It does this by using AI to proving logical groupings of users, applications and client processes.

Cloud Connector will gain WAF-like functionality to protect against OWASP Top 10 attacks. It will also leverage integrated deception technology to distract attackers from the real data and provide insight to attack techniques.

ZPA will gain ZDX functionality, giving users the ability to monitor internal application performance, just as you can with ZIA today. Granular access can be provided to critical assets based upon GeoIP. 

ZDX will be enhanced through reports on Global ISP Incidents, taking response time performance telemetry from the sessions of other Zscaler customers and showing that at an ISP level. This will help operational teams identify problematic access networks. Integrations with ServiceNow will allow some functionality, like "Deep Trace," being initiated from there.

Conclusion

Overall, Zscaler's technical enhancements, their integrated platform and Zero Trust approach will reduce the risks posed to corporate information assets and prove to be useful tooling for operation teams. But technology is not the whole story. Organizations need to be able to consume theses services — not an easy task for large, complex entities. Roll outs of this type of service can take years.

To accelerate the process, WWT's consultants leverage our Advanced Technology Center (ATC) to help organizations assess SASE and Secure Service Edge (SSE) vendor services, test architectures and roll out solutions at scale. 

To learn more, visit our SASE overview page for information on our briefing services, on-demand labs, case studies and other resources to help you make the right decisions with confidence.

Technologies