DATA SHEET

Zscaler Security Preview

Security health check in 60 seconds.

How healthy is your security?

Your IT environment has evolved significantly over the past decade, expanding from a centralized data center approach to a more cloud and mobile-centric model. Attackers have adjusted their tactics along the way, shifting their focus from servers in your data center to your users and web browsers, and developing cyber-attacks that elude traditional signature-based security methods Unfortunately, enterprises have largely failed to keep pace with these changes, continuing to use dated methods to thwart attacks, and appliance-based security infrastructure to protect an increasingly cloud and mobile centric workplace. As a result, despite costly on-premise internet security solutions, many enterprises find vulnerabilities in their current infrastructure.

Zscaler Security Preview tests vulnerabilities in your network through a simple, comprehensive Web-based tool to help your organization pinpoint security gaps and recommend the appropriate action to properly secure your network and content. In fact, 85% of companies who run this test find vulnerabilities that require immediate attention, and numerous companies have found security holes resulting from misconfiguration or lack of capacity.

In just 60 seconds, Zscaler Security Preview can give you an instant risk assessment of your current security and compliance infrastructure, with recommendations for closing any gaps. You can run Security Preview at anytime, view the results online and save them as a PDF report, and share the findings with your colleagues.

IS YOUR NETWORK VULNERABLE?

• Common viruses• Cross-site scripting attacks• Malicious code• Phishing attacks• Malicious websites• Malware in zipped and

executable files• Browser cookie stealing• Executable file downloads• Sensitive data leaks,

including credit card data, intellectual property, U.S. Social Security numbers

• Embargoed websites in countries designated by the United States and/or European Union

Click here to begin your free, confidential and safe risk assessment

http://securitypreview.zscaler.com/

CHECK YOUR SECURITY

CHECK YOUR SECURITY

Average risk level results from people like you: VERY HIGH

ZSCALER SECURITY PREVIEW

Security Tests

• Botnets – Once a device is compromised, it’s no longer entirely under your control - criminals can now direct it to exfiltrate your intellectual property, infect other machines on your internal network, participate in Distributed Denial of Service attacks, email spam, spreading spyware, and other malicious attacks. This test tries to contact a known Botnet command and control server (‘calling home’) to determine if your internet security infrastructure will stop it..

• Cross-site scripting (XSS) – Cross-site scripting (XSS) attacks can steal a web visitor’s credentials and session keys (e.g. passwords and other sensitive data). This test visits a website that has been compromised by malicious code and checks to see if it is able to compromise your web browser.

• Viruses – 99% of anti-virus engines detect and block this common virus at the network level. This tests checks to see if your infrastructure will block a virus coming from a CDN, which is how most web content is delivered today.

• Phishing – Criminals typically target phishing attacks at employees to steal corporate credentials or sensitive personal data. This test checks to see if your computer is able to access one of the latest validated phishing sites uncovered by Phishtank.com.

• Malicious Sites – Hackers can launch zero day and ‘watering hole’ attacks by compromising legitimate sites with malicious code. This test checks to see if your security solution blocks a malicious page hosted on a compromised site.

• Download EXE – Malware is often distributed through executable files downloaded from unknown websites or app stores. This test tries to download an executable file to test whether your system blocks, analyzes or quarantines it.

• Zipped Viruses – Criminals sometimes try to deliver their virus payloads using compressed/zipped files. Unzipping takes computational power that can slow traffic down, so many appliance-based security systems skip analyzing files zipped multiple times. This test attempts to download a file containing a virus that is zipped multiple times.

• Cookie Hijacking – Cookie theft is the primary way criminals steal personal information such as logins to Gmail or corporate accounts on Oracle or Salesforce. This test takes a cookie from one website and tries to post it to a second one, a clear sign of an attempt to hijack the web session.

WHAT WE TEST Zscaler Security Preview runs a series of browser-based tests to quickly check for vulnerabilities in your current Internet security infrastructure. Eight of these tests are focused on security threats, and five of them are focused on compliance enforcement. Note that Security preview runs in your browser, won’t access any data, and won’t introduce malware or change any settings. You may see alerts in your security system.

CONTACT US

Zscaler, Inc.110 Rose Orchard WaySan Jose, CA 95134, USA+1 408.533.0288+1 866.902.7811

www.zscaler.com

FOLLOW USfacebook.com/zscaler

linkedin.com/company/zscaler

twitter.com/zscaler

youtube.com/zscaler

blog.zscaler.com

Zscaler and the Zscaler logo are trademarks of Zscaler, Inc.in the United States. All other trademarks, trade names or service marks

used or mentioned herein belong to their respective owners.

ZSCALER SECURITY PREVIEW

Compliance Tests

• Data Leaks – Stealing your customer data and intellectual property is the goal of some of the world’s most dangerous hackers. This test checks to see if your security solution can detect and block attempts to leak sensitive data including credit card numbers and social security numbers by various online methods such as posting to a website or emailing.

• Anonymizers - Employees often try to bypass company policy by using anonymizing proxies that allow them to visit blacklisted websites, or view pornography or other harmful content. This test checks to see if your security solution allows you to use an anonymizing website by trying to visit a blacklisted website through a well-known anonymizer.

• Embargoed Countries – Most companies wish to comply with US and EU trade laws and prevent users from visiting websites in countries that are under embargo. Additionally, compromised websites are often hosted in countries that are hostile to the United States and the European Union. This test checks your ability to visit a website located in North Korea, which is under US and EU Trade embargo.

THE TEST WILL:• Take less than 60 seconds

• Give you a detailed, printable report

• Not download any malicious content

• Not modify current security policies

• Not access any data on your systems

Enabling the securetransformation to the cloudIt’s no longer a question of if. It’s a question of how.

Here’s how.

Welcome to the era of cloud and mobility

Your applications are moving tothecloud—Salesforce,Office365, AWS, and Azure — but your security appliances are still sitting on-premises, protecting your corporate network. ————————————————————————————————————————————————————————————

“ It’s obvious that legacy IT security methods focused on protecting the perimeter are inadequate. Justreadanypaper.Elvishasleftthebuilding— and so have your users, devices, and applications.”

Larry Biagini Chief Technology Evangelist, Zscaler formerCIOandChiefTechnologyOfficer,GE

Outboundgateway

Inboundgateway

Outboundgateway

Inboundgateway

OPENINTERNET

SAAS PUBLICCLOUD

OPENINTERNET

SAAS

HQ / IoTHQ / IoT BranchBranchHQ BranchBranch BranchBranch

3 | CloudThe threat landscape changed and more appliances were deployed to protect the network. But the cloud was the new center of gravity and the Internet the new network — connecting users to apps.

Outboundgateway

Inboundgateway

Outboundgateway

Inboundgateway

OPENINTERNET

SAAS PUBLICCLOUD

OPENINTERNET

SAAS

HQ / IoTHQ / IoT BranchBranchHQ BranchBranch BranchBranch

2 | InternetOutbound Internet and inbound VPN gateways were built to provide Internet access and give mobile users access to the network.

The evolution of IT security

Outboundgateway

Inboundgateway

Outboundgateway

Inboundgateway

OPENINTERNET

SAAS PUBLICCLOUD

OPENINTERNET

SAAS

HQ / IoTHQ / IoT BranchBranchHQ BranchBranch BranchBranch

1 | NetworkA security perimeter was established to protect the network. The data center was the center of gravityandalltrafficwasbackhauled.

THE SECURITY PERIMETER PROTECTS THE CORPORATE NETWORK

The Internet is the new network™

If you no longer control the network, how can you protect users and applications?

To secure this new world of IT, you simply need a new approach One that transforms the way applications are accessed and security controls are enforced. ZscalerprovidesanarchitecturalapproachtosecureITtransformation,inwhichsoftware-defined policies, not networks, securely connect the right user to the right app or service.

TO

Cloud-enabled architecture •Software-definedpoliciesconnect users to apps, not networks

• Access policies determine which apps are visible and which are dark

•On-netoroff-net,theprotection is identical

• Secure local Internet breakouts

FROM

Hub & spoke architecture • Secure the network to protect users and apps

• Internal app access requires network access

• All users must be on the network for protection • Internettrafficmustbe backhauled for protection

Outboundgateway

Inboundgateway

HQ / IoT BranchBranchHQ / IoT

Z-Cloud

BranchMobile

Outboundgateway

Inboundgateway

HQ / IoT BranchBranchHQ / IoT

Z-Cloud

BranchMobile

SAAS OPEN INTERNET PUBLIC CLOUD DATA CENTER

The Zscaler platform: a new approach to application access and securityFast and secure policy-based access that connects the right user to the right service or application. The Zscaler platform is designed to replace your appliances at the inbound and outbound gateways.

Zscaler Internet Access provides secure access to the open Internet and SaaS apps, no matter where users connect. It provides inline inspectionofalltraffictoensurethatnothing bad comes in and nothing good leaves.

Zscaler Private Access delivers a completely new way to provide access to internal applications, whether they reside in the data center or cloud, without a VPN. It enables secure application access without network access — and without exposing apps to the Internet.

Mobile BranchHQ/IoT

INBOUND GATEWAY

OUTBOUND GATEWAY

SAAS

OPEN INTERNET

PUBLIC CLOUD

DATA CENTER

The notion of protecting the network is no longer relevant. You need to protect your users and your apps.

Enabling secure network transformationBy making Zscaler Internet Access your default route to the Internet, you will provide all users, everywhere, with identical protection. ZscalersitsbetweenyourusersandtheInternet,inspectingeverybyteoftrafficinline,applyingmultiplesecuritytechniquesforthehighest level of protection.

Zscaler Internet Access: fast, secure access to the Internet and SaaS apps

TheZscalercloudoptimizestrafficflowsbyallowingsecure,directconnectionstotheInternetoverbroadbandandreservingMPLSfordatacentertraffic.

What sets Zscaler security apart?• Full inline content inspection

• Native SSL inspection

• Cloud intelligence

• Real-time threat correlation

• 60+ industry threat feeds

The Zscaler architecture is the best approach for secure SD-WAN and Office365deploymentsZscaler App / PAC File GRE / IPsec

Default route to the Internet;Block the bad, protect the good

HQ/IoT

Global Policy EngineDefine by user, location,

and AD group; policies follow users for identical

protection in all locations

Global VisibilityAll users, all locations, all applications, and botnet-infected machines

Data Center

THE SECURE INTERNET ANDWEBGATEWAYDELIVEREDASASERVICE

Eliminates the appliance mess and provides the highest level of securityZscaler Internet Access moves the entire security stack to the cloud with integrated security services that correlate data instantly for the highest level of protection. The Zscaler cloud was built from the ground up for comprehensive security and low latency. And due to its elastic scale, customers can add users and activate services almost instantly.

Purpose-built, multi-tenant cloud security platform

Data Protection

Data Loss Prevention

Cloud Apps (CASB)

File Type Controls

Access Control

Cloud Firewall

URL Filtering

Bandwidth Control

DNS Filtering

Threat Prevention

Advanced Protection

Cloud Sandbox

Antivirus

DNS Security

SSMA™

Allsecurityenginesfirewith each content scan; only microsecond delay

PageRisk™

Risk of each web page element computed

dynamically

Nanolog™

50:1compressionoflogs with real-time global

log consolidation

ByteScan™

Each outbound and inbound byte scanned;

native SSL scanning

PolicyNow™

Policies follow the user for the same on-net, off-netprotection

Powered by patented technologies

Built on a global, multi-tenant cloud architecture

Zscaler purpose-built cloud security platformGlobalvisibilityZscaleroffersglobalvisibility,innear

real time, into all users, locations,

services, and applications, as well

as threats blocked and attempted

communications to C&Cs from any

botnet-infected machines.

Enabling secure application transformationApplication access has traditionally required network access — and bringing users on the network always introduces risk. Zscaler has introduced a new approach to internal application access that connects a named user to a named app.

WITHZSCALERPRIVATEACCESSUsers are never on the corporate networkwhich minimizes your attack surface Apps are invisible, never exposed to the Internetand internal apps cannot be discovered or exploited TheInternetbecomesasecurenetworkwithoutaVPNand third parties can’t intercept data You can segment apps without network segmentationlateral movement is impossible Internal apps can easily be moved to Azure or AWSprivate apps are accessible without VPN infrastructure

Zscaler Private Access : fast, secure access to internal apps

Policy determines if access is permitted (SAP)

2

User requests access to an app (SAP)

1

Connections are stitched together in

the Zscaler cloud

4

Z - A P P

If authorized, the Zscaler

cloud initiates outbound

connections between

Z-App and Z-Connector

3

Z - C O N N E C T O R

HOW ZPA™ WORKS INFOUR SIMPLE STEPS

SECURE PARTNER ACCESSGrant partners access to only a server in the data center, not the network

M&As / DIVESTITURESProvide named users access to named apps without merging networks

ACCESS TO INTERNAL APPSProvide secure access to private apps without deploying appliances

VPN REPLACEMENTPolicies connect users to specific apps; they’re never brought on the network and apps are never exposed to the Internet

HOW LEADING ORGANIZATIONS ARE USING ZSCALER PRIVATE ACCESS

THE CLOUD EFFECT If a threat is detected anywhere, customers are protected everywhere. Our volume and our threat-sharing partnerships contribute to 120,000+ unique security updates every day. Can your appliance do that?

The Zscaler platform was built in the cloud, for the cloud. We knew that service-chaining boxes together could never serve customers on a global scale, so we designed our platform and security services from scratch. Zscaler and its engineering team have been granted scores of patents for architectural innovations.

The world’s largest security cloud

100 DATA CENTERS 5 CONTINENTS

The Zscaler cloud encompasses data centers around the world, with peering in the major exchanges that make up the Internet backbone.

Z S C A L E R : Z E N I T H O F S C A L A B I L I T Y

30 BILLION+ REQUESTS PER DAY

125 MILLION+ THREATS BLOCKED PER DAY

BANDWIDTH USAGE53 Gbps

USERS PROTECTED 1.6 MILLION

OFFICE365TRAFFIC83TB per MONTH

TRAFFIC SECURED192 COUNTRIES

ZscaleristrustedbyG2000leaders

How a bank weathered a CryptoLocker run

AfterZscaler•5,405infectedemailsarrivedover six hours

•169blockedbylegacycontrols•11employeesclickedthelink

•0infections

Before Zscaler•1,352CryptoLockeremailsarrivedover six hours

•114blockedbylegacycontrols•9employeesclickedthelink

•6,500filesharesdestroyed

“We have over 350,000employeesin192countriesin2,200officesbeingsecuredbyZscaler.”

Frederik Janssen, Global Head of IT Infrastructure

HowacustomerdeployedOffice365acrosshundredsoflocationsAhighlydistributedorganizationmigratingitsuserstoOffice365wasexperiencingsignificantWANcongestionandOffice365sessionswereoverwhelmingitsfirewalls.WithZscaler,thecompanywasabletodeliveragreatOffice365experienceacross650locations.AndZscalermadeiteasytoprioritizeOffice365trafficoverrecreationalorlesscriticaltraffic.

Secure IT transformation is hereZscaler Internet Access enables secure network transformation from hub-and-spoke to cloud-enabled with local Internet breakouts.

Zscaler Private Access enables secure application transformation, from network- based access to policy-based access, where users are never on the network.

Together, they enable you to embrace the era of productivity and agility enabled by the cloud.

Three simple steps to secure IT transformation

1 | SecureUp-level security now; make Zscaler your next hop to the Internet; no infrastructure changes

2 | SimplifyPhase out point products; reduce costs and management overhead

3 | TransformEnable local breakouts for Internettraffictodeliverabetter, more secure user experience

No matter where you are now in your journey, the transformation has begun, and it’s enabled by Zscaler.

www.zscaler.com©2017Zscaler,Inc.Allrightsreserved.Zscaler,SHIFT,Direct-to-Cloud,ZPA,ByteScan,PageRisk,Nanolog,PolicyNow,andTheInternetisthenewnetworkare

trademarks or registered trademarks of Zscaler, Inc. in the United States and/or other countries. All other trademarks are the properties of their respective owners.

About ZscalerZscaler was founded in 2008 on a simple but powerful concept: as applications move to the cloud, security needs to move there as well. Today, we are helping thousands of global organizations transform into cloud-enabled operations.

Contact Zscaler if you’re• Moving to Office 365• Securing a distributed and mobile workforce • Moving apps to Azure or AWS• Securing an SD-WAN transformation• Driving toward a cloud-first strategy