Traditional security appliances were designed to protect data residing on servers behind the corporate firewall. They are not equipped to protect today’s mobile devices or distributed users accessing the Internet and cloud applications from many different devices.
While many organizations have installed gateway proxies on the corporate network to scan Internet traffic, these appliances often introduce unacceptable latency to the user experience. And, they do nothing to secure mobile 3G and 4G traffic. With more organizations embracing “bring your own device” (BYOD) and “here’s your own device” (HYOD) policies, IT organizations are finding their traditional security appliances are being bypassed altogether.
Zscaler’s User Security is the first solution built from the ground up to protect users accessing the Internet from any location, on any device. Leveraging the Zscaler Security Cloud, Zscaler acts as a high-speed “proxy in the cloud” scanning all incoming and outgoing Internet content from any device in any location, with near-zero latency.
Zscaler’s User Security includes three key products:
Advanced Threat Protection
Zscaler’s Security Cloud provides protection against advanced and emerging threats,
- Botnets: By analyzing the traffic originating from user devices, Zscaler can detect bots calling their command and control center. This eliminates the threat of bots initiating attacks (spam, keyloggers, etc).
- Malicious content: To eliminate threats created by malicious content, Zscaler analyzes both the traffic leaving the network and the webpage coming back. By correlating any suspicious destination domains or URLs with page content, Zscaler can detect infected websites and block users from installing their malicious content.
- Phishing: Zscaler looks for dynamic data feeds of phishing sites and pages with phishing characteristics to prevent users from these threats.
- P2P Protection: In addition, Zscaler provides comprehensive detection and protection from the abuse and potential threats of the P2P protocol going over HTTP and HTTPS. This includes P2P file-sharing on popular applications such as BitTorrent, eDonkey and Gnutella. Preventing the abuse of file-sharing can save significant bandwidth and eliminate liabilities. By detecting and blocking P2P anonymizing applications, such as TOR, Zscaler prevents users from bypassing URL filtering policies.
Zscaler’s Security Cloud offers comprehensive detection technologies from two sources:
- First, our research team mines billions of cloud transactions generated every day and performs offline scans, pattern matching and malicious content.
- Zscaler partners with industry leaders like Microsoft, Google, Qualys, VeriSign and TippingPoint for data feeds and advanced persistent threat (APT) information.
Inline AntiVirus and Anti-Spyware
Zscaler’s Security Cloud antivirus and AntiSpyware offers comprehensive detection technologies including:
Zscaler has purpose-built a very high performance proxy with near-zero latency for antivirus inspection; traditional proxies introduce hundreds of milliseconds to a few seconds of latency.
Zscaler inspects and protects against known viruses and worms using signature and heuristic technologies. Zscaler’s architecture provides inspection at many times the speed of most competitive products, ensuring full protection without introducing latency. In addition, spyware is a pervasive and significant security risk. Zscaler anti-spyware detects and stops a range of spyware, including malicious Trojans, systems monitors, keyloggers and adware.
Finally, Zscaler’s cloud model always keeps anti-virus signatures up-to-date to keep up with new virus threats.
Web browsers offer functionality that goes well beyond viewing web pages. They can digest news feeds, call other applications and more. As browser functionality has expanded, the underlying complexity of the applications has expanded and a flood of vulnerabilities have emerged, many of which can compromise user security.
To secure browsers, Zscaler enforces policy in four areas:
- Browser Versions: Companies can enforce policy based on which browsers and versions of that browser are permissible. For example: you might have a policy that all employees have either IE 8.0+ or Firefox 3.5+.
- Browser Patches: For smaller security updates, browsers offer patches. Zscaler can help your IT organization enforce a policy that all employees install these patches.
- Plug-ins/Extensions: Because plug-ins and extensions are often third-party applications, they can have their own vulnerabilities, regardless of browser version. Companies can determine which plug-ins are allowed to be installed.
- Applications: As the browser is becoming a platform for Web-based applications, it also becomes vulnerable to the threats they can hide. Companies can enforce which applications can run in the browser.
Why Zscaler User Security?
Zscaler User Security leverages the Zscaler Security Cloud and is based on key patented technologies and approaches that clearly differentiate it from more traditional security products. These include:
- Context aware: Zscaler User Security takes into account five different contexts, including the user, device, application, location and content. User-based policy is the starting point. The specific device being used and the applications running on that device are also considered, as is the location. Finally, recognizing content as being proprietary, malicious or private is essential to any user security solution.
- Inline Scanning: Many security appliances simply monitor traffic in “tap” mode. They can alert you to threats bud don’t actively stop them. Because Zscaler User Security sits inline between the user and the Internet, it can actively block and prevent malicious threats, such as stopping botnets from calling home. Typical security products rely on reputation scores of domains to determine whether a domain is safe. However, many popular sites have active content called from other domains. Zscaler’s ByteScan technology scans every byte of every page, and dynamically computes the page risk as it is downloaded.
- SSL Scanning: As much as half of all Internet traffic is now SSL encrypted. However, to perform proper SSL scanning you need a proxy, and most proxies are too slow, making them unusable. Zscaler’s Security Cloud is an ultra high speed proxy capable of scanning all SSL content without introducing any noticeable latency to the user experience.
- Global Protection: Today’s business users are going Direct to Net, whether they are at an airport or hotel, or on a mobile device in your corporate office, bypassing corporate security measures in the process. Because Zscaler’s User Security Solution is in the cloud, you get the same policy and protection on any device, no matter where you are in the world.
- Collaborative Research: Zscaler understands that no single security company can understand all the security threats evolving in today’s global, dynamic Internet world. That is why Zscaler partners with leading companies like Microsoft, Google, Verisign, Qualys and others to perform collaborative research on threat intelligence.
- Browser Control Policy: Because many older browsers are vulnerable to newer threats and attacks, IT organizations often have policies in place that require employees to use secure, up to date browsers with proper patches and plugins that are secure. Zscaler can help IT organizations identify older browser versions and enforce browser policies.
- Cloud Intelligence: Zscaler’s User Security leverages our global security cloud, with over 100 data centers and 10 million users in 180 countries. This global presence means Zscaler can rapidly identify and detect threats around the globe, and propagate this threat intelligence to all data centers in real time.
- Interrogator Technology: Zscaler generates over 8 billion logs every day from 10 million users around the globe. Our Interrogator technology is designed to mine these logs to look for threats offline that are hard to detect inline because they need extensive, patented analysis. On an hourly basis, these threats are identified and then fed back into the Zscaler cloud, keeping our threat intelligence always up to date.