Zscaler is a cloud-based cybersecurity company founded in 2008 in San Jose, California. They provide a range of security services such as next-gen firewalls, sandboxing, SSL inspection, antivirus, and vulnerability management across web, mobile, and IoT environments. As of 2015, Zscaler is valued at over $1 billion and recently raised $100 million in new funding led by TPG Growth.
The company has more than 6,000 corporate, government, and military customers and more than 15 million paying users in total. They often refer to themselves as the Salesforce of information security; comparing Salesforce.com’s disruption of the formerly dominant on-premise CRM market to their disruption of the on-premise security appliance market led by companies like Palo Alto Networks, FireEye, Cisco, etc.
In comparison to most of the other cloud security players who target the SMB and mid-market, Zscaler started out serving the top of the enterprise and is now growing downward. Some of Zscaler’s customers include General Electric, NBC, United Airlines, Neslte, Newscorp, and Procter and Gamble.
In 2015, Zscaler was named a Leader in both Gartner and Forrester’s Web Security reports. They were also named to JPM’s Fast 50 List of the Hottest Privately Held Companies.
Zscaler’s cloud-based security platform sits on top of what is reportedly the world’s largest security cloud of more than 100 data centers and more than 1,000 points of presence. To use Zscaler, Internet traffic is routed through Zscaler POPs before reaching the public Internet. Localized Zscaler data centers store security policies that can be replicated around the globe in seconds.
Pricing & Contract Terms
The cost for Zscaler’s service varies depending what features are needed and the number of users protected. The service is available multiple tiers, with basic Web URL filtering included at the entry level, anti-virus and anti-spyware included in the midrange, and more advanced features like bandwidth management and data loss prevention at the high end. You’ll have to contact a sales rep to get a customer quote, but they do provide a free trial period with no payment required.
Advanced Persistent Threats
Zscaler for APTs protects against zero-day attacks and advanced persistent threats by combining proactive protection against known threats, behavioral analysis, sandboxing, botnet detection, and data exfiltration detection. Zscaler’s sandboxing feature is unique in that it can quarantine files for inspection instead of only making pass/block decisions. This prevents the “Patient 0” problem associated with sandboxing in some hardware appliances like FireEye or Palo Alto Networks that pass the first instance of an unrecognized threat, allow the infection to take place, and later alert you if the file turns out to be malicious.
Next Generation Firewall
Zscaler Next Generation Firewall is an entirely cloud-based web application firewall and does not require any on-premises hardware or software. It provides application awareness across any port or protocol and blocks threats and data leaks in real-time. It also integrates with other products like sandboxing, DLP, malware protection, etc.
Zscaler Shift uses DNS to secure Internet traffic. When a device requests an IP address from Zscaler’s DNS servers, one of three things will happen: 1) if the location is known to be safe, its Internet address will be returned. 2) if the location is known to be dangerous or not compliant with acceptable use policy, a security warning is returned. 3) if the status of the requested location is unknown, the request will automatically be shifted through Zscaler’s network for inspection.
Zscaler Web Security is a secure web gateway that runs on top of the Zscaler Security as a Service platform. Web Security primarily competes with hardware appliances from companies like Blue Coat Systems, Websense and Cisco. As web security continues to move into the cloud, the product is reported to have replaced more than 2 million seats formerly protected by Blue Coat Systems and Websense hardware appliances.
Cloud Application Security
Zscaler introduced Cloud Application Security in 2015. It is designed to provide security, access management, visibility and policy-based controls over cloud-based applications. It includes features that make it safe for employees to take advantage of cloud-based applications like Salesforce, Gmail, and Facebook. It also includes Data Loss Prevention, granular access control, bandwidth management, and advanced security.
In 2014, Zscaler released a free network security testing tool called Zscaler Security Grader. This product runs a set of automated tests that inspect an organization’s network security from the perspective of a client device. The tool is used to quickly determine whether current network security infrastructure is properly configured.
One key feature of Zscaler is the ability to decrypt and inspect HTTPS traffic. Over 30% of Internet traffic (and growing rapidly) is encrypted with SSL. Traditional appliances are often blind to this type of traffic. Zscaler’s cloud-based service includes SSL traffic inspection without any performance degradation.