Zscaler

From Wikipedia, the free encyclopedia
Jump to: navigation, search
Zscaler, Inc.
Type Private
Industry Anti-virus, Anti-spyware, Web filtering
Founded 2008
Headquarters San Jose, California, USA
Key people Jay Chaudhry
K. Kailash
Website www.zscaler.com

Zscaler is a global cloud-based information security company that provides antivirus, vulnerability management and granular control of user activity in Web, email and mobile environments.[1] The company was founded by Jay Chaudhry, a security industry professional and K. Kailash, former chief architect of NetScaler. Prior to Zscaler, Jay Chaudhry founded and funded several successful companies, including CipherTrust, AirDefense, CoreHarbor, Air2Web, and SecureIT. The company competes with similar services offered by Blue Coat Systems, Cisco, MessageLabs, Webroot and Websense.

History[edit]

Zscaler was founded and self-funded in 2008 by Jay Chaudhry and K. Kalish. Chaudhry is a serial security entrepreneur that previously founded AirDefense, CipherTrust, CoreHarbor and SecureIT. [2] In 2012, Zscaler raised $38M from Lightspeed Venture Partners. [3] In 2013, Zscaler had a reported company valuation of $1B. [4]

Technology[edit]

Zscaler provides cloud-based information security delivered through what is reportedly the world’s largest security cloud of more than 100 global data centers. Localized data centers store security policies that can be pushed worldwide in seconds, following its users as they travel around the globe to enforce these policies without latency. [5] Zscaler serves as a Web proxy, routing all traffic through its software to apply corporate and security policies, eliminating the time and money companies spend managing Web filtering and security on its own servers. Zscaler is designed to address the challenge of managing security in a world where cloud and mobility are eroding the network perimeter. [2] Zscaler centralizes administration of user policies on a single Web interface with a simple visualization. Zscaler can provide comprehensive user reports in nearly real-time and is constantly gathering global threat data to protect its customers. [5]

Additional products[edit]

Zscaler for APTs[edit]

Zscaler for APTs provides protection from zero-day attacks and advanced persistent threats by combining proactive protection against known threats, file-based behavior analysis and security analytics such as threat intelligence feeds. [6] Zscaler for APTs provides a comprehensive solution that consolidates the commoditized features of existing security appliances to protect, detect and remediate advanced security threats. [7]

Zscaler Mobile Security[edit]

Zscaler Mobile Security extends its real-time analysis and protection to mobile devices in BYOD environments by routing mobile traffic through its global cloud. [8] Zscaler Mobile Security provides visibility into mobile application traffic, protection from web-based threats and rogue applications and policy enforcement on mobile devices. [9]

Partnerships[edit]

Zscaler integrates with single sign-on providers including RSA, Okta, OneLogin and Ping Identity to enable simplified cloud application security. [10] Zscaler integrates with mobile device management (MDM) vendors, including AirWatch and MobileIron to enhance MDM with mobile security. [11] Zscaler integrates with security information event management (SIEM) vendors, including HP ArcSight, IBM QRadar and Splunk, enabling data analysis, digital security forensics and compliance with industry and government regulations. [12]

Recognition[edit]

2008[edit]

Zscaler was named “Startup of the Week” by InformationWeek[13]

2009[edit]

Zscaler was named a “Cool Vendors in Software-as-a-Service Security, 2009” by Gartner[14]

2011[edit]

Zscaler was named a “Cool Vendors in Cloud Security Services, 2011” by Gartner. [15] Zscaler was named a “Leader” in the Gartner “Magic Quadrant for Secure Web Gateway.” [16] Zscaler was named an “Emerging Vendor 2011: Security Vendors” by CRN. [17] Zscaler was named a “Best Web Content Management Finalist” in the SC Magazine[18]

2012[edit]

Zscaler was named a “Leader” in the Gartner “Magic Quadrant for Secure Web Gateways.” [19] Zscaler was named an “Emerging Vendor 2012: Security Vendors” by CRN. [20] Zscaler CEO Jay Chaudhry was named a “The Top 25 Disrupters Of 2012” by CRN. [21]

2013[edit]

Zscaler was named a “Leader” in the Gartner “Magic Quadrant for Secure Web Gateways.”[22] Zscaler was named an “Emerging Vendor 2013: Security Vendors” by CRN. [23] Zscaler was named a “Tech 10: Hot Antivirus Alternatives For 2013” by CRN. [24] Zscaler was named a Red Herring “2013 Top 100 North America: Winners.” [25]

SSL traffic considerations[edit]

The Zscaler service operates in part by having all web traffic to be managed sent through Zscaler owned and operated devices.[26] In order to monitor or inspect secure HTTPS connections, Zscaler implements what is known as a man-in-the-middle attack to decrypt SSL traffic for users going through the Zscaler service.[27][28] When a user attempts to open an HTTPS website, Zscaler mimics the web browser, as the user accesses the server. In response to a CONNECT request by the web browser, the server will send ZScaler a server certificate. Zscaler will then check the validity of the cert and then create a new cert signed by Zscaler. The new cert will be sent to the Web Browser, and assuming that the user has pre-installed a ZScaler root cert, the browser will check the validity of the cert and then accept and install the cert and then will continue to access the website. If a root cert has not been installed, then the user will receive an error stating that there is a problem with the website’s security certification and user will have the option to continue or not.

Since Zscaler is able to decrypt traffic, they are able to scan the content for any malicious traffic that would have otherwise come over an encrypted channel while applying policy based on the unencrypted traffic for the user. When they enable SSL decryption they also allow the user an option to specify which URL categories or custom domains should not be decrypted in order to ensure privacy. Zscaler also has the option of blocking access to specific URL categories or customer domains, regardless of whether SSL decryption is enabled or not.

User Concerns[edit]

In a corporate or academic environment, the decision to use Zscaler, and the rollout of the Zscaler services, will not necessarily be known by the individual users (vis. employees, or students). In particular, an HTTPS connection is intended to be secure against eavesdropping, and in other contexts, the way in which Zscaler replaces the SSL certificate of the website in order to monitor HTTPS traffic would be considered a cryptographic attack. Without explicit knowledge as to the extent of Zscaler's monitoring, users may assume that a secure HTTPS connection is indeed secure against eavesdropping. Such a connection may be used for personal reasons such as personal webmail or online banking or shopping, thereby unknowingly exposing the user's personal details to Zscaler.

References[edit]

  1. ^ Stephenson, Peter. "Zscaler Security Cloud". SC Magazine. Retrieved 2013-06-03. 
  2. ^ a b Stone, Brad. "Web Filtering Moves to the Cloud". New York Times. Retrieved 2008-08-04. 
  3. ^ Samuels, Diana. "Zscaler raises $38M for cloud security". Silicon Valley Business Journal. Retrieved 2012-08-29. 
  4. ^ Hardy, Quentin. "A Billion-Dollar Cloud, and Not So Exclusive". New York Times. Retrieved 2013-02-04. 
  5. ^ a b Higginbotham, Stacey. "Zscaler finally accepts VC dollars – and gets $38M". GigaOm. Retrieved 2012-09-29. 
  6. ^ Westervelt, Robert. "Zscaler’s Cloud Security Platform Has Eye on Advanced Persistent Threats". CRN. Retrieved 2013-09-17. 
  7. ^ Lennon, Mike. "Zscaler Launches Cloud-based APT Protection Solution". Security Week. Retrieved 2013-09-17. 
  8. ^ Shimel, Alan. "Zscaler moves mobile security beyond MDM". Network World. Retrieved 2013-06-17. 
  9. ^ Dunn, John. "Zscaler Fixes BYOD Risk with New Mobile Traffic Cloud Filtering". CIO. Retrieved 2013-06-08. 
  10. ^ Hoffman, Stefanie. "Zscaler Boosts Cloud Security with SSO". Channelnomics. Retrieved 2013-01-31. 
  11. ^ Magazine, SC. "Zscaler announces new mobile security solution". SC Magazine. Retrieved 2013-06-04. 
  12. ^ Watch, Market. "Zscaler SIEM Integration Accelerates 'Big Data' Analysis for Security and Compliance". MarketWatch. Retrieved 2013-09-24. 
  13. ^ "Startup Of The Week: Zscaler - Internet - Internet security". Informationweek.com. 2008-08-16. Retrieved 2013-10-15. 
  14. ^ "Cool Vendors in Software-as-a-Service Security, 2009 | 913630". Gartner.com. 2009-03-17. Retrieved 2013-10-15. 
  15. ^ "Cool Vendors in Cloud Security Services, 2011 | 1647715". Gartner.com. 2011-04-21. Retrieved 2013-10-15. 
  16. ^ "Magic Quadrant for Secure Web Gateway | 1697715". Gartner.com. 2011-05-25. Retrieved 2013-10-15. 
  17. ^ "Page 22 - Emerging Vendors 2011: Security Vendors". Crn.com. Retrieved 2013-10-15. 
  18. ^ "Best Web Content Management | SC Magazine Awards". Awards.scmagazine.com. Retrieved 2013-10-15. 
  19. ^ "Magic Quadrant for Secure Web Gateways | 2025616". Gartner.com. 2012-05-24. Retrieved 2013-10-15. 
  20. ^ "Page 20 - Emerging Vendors 2012: Security Vendors". Crn.com. Retrieved 2013-10-15. 
  21. ^ Bent, Kristin. "Page 18 - The Top 25 Disrupters Of 2012". Crn.com. Retrieved 2013-10-15. 
  22. ^ "Magic Quadrant for Secure Web Gateways | 2498315". Gartner.com. 2013-05-28. Retrieved 2013-10-15. 
  23. ^ "Page 34 - Emerging Vendors 2013: Security Vendors". Crn.com. Retrieved 2013-10-15. 
  24. ^ Westervelt, Robert. "Page 3 - Tech 10: Hot Antivirus Alternatives For 2013". Crn.com. Retrieved 2013-10-15. 
  25. ^ "2013 Top 100 North America: Winners". Redherring.com. Retrieved 2013-10-15. 
  26. ^ "Zscaler Cracks Cloud Security". Enterprisenetworkingplanet.com. 2011-05-03. Retrieved 2013-10-15. 
  27. ^ "Z-SCALER CERTIFICATE ERROR MESSAGES ON IPAD". Mcnc.org. Retrieved 2013-10-15. 
  28. ^ "ZAP - Zscaler Application Profiler". Zap.zscaler.com. Retrieved 2013-10-15. 

External links[edit]