3. Webcast Logistics
To send us questions during the sessions:
âą Type the question in the Q&A or Chat Window provided in WebEx. We
will answer questions at the end of the webcast.
Any Technical Issues?
âą Email: webcast@zscaler.com
Complete the survey at the end of the webcast
âą The Survey will appear in your browser at the end of the session
4. Agenda
⣠Why Security Socket Layer (SSL) Encryption
⣠SSL Challenges & Trends
⣠Upgrading 1024 to 2048-bit SSL: The Mandate
⣠Upgrade Implications For Appliance Based Security
⣠How Zscaler Secures Enterprises
⣠Benefits of Direct to Cloud
âŁQ & A
5. What is SSL?
âą Widely used on the Internet for authenticating sites and
providing encrypted traffic exchange
5
6. SSL Traffic is Exploding
SSL on Internet
Search
Social Networking
Webmail
Enterprise
Banking
Login
Transactions All
App Coverage
⣠Internet is moving to default SSL (Google, Facebook, etc.)
⣠SSL puts lots of load on systems and security infrastructure
7. Enterprise Attacks Shifting from Servers to Users
Direct server attacks: Rare
Servers: stationary, consolidated
behind FWs
⣠Mobility and cloud make
users vulnerable â any
place, any device, direct to
net
⣠Malware can be delivered
over SSL
⣠Botnets call home over SSL
⣠Enterprise visibility and
control is missing
Users: the Beachhead
Used to attack servers
Are your USERS
SECURE EVERYWHERE?
8. â¶
All existing 1024-bit
certificates must be
replaced with 2048bit SSL certificates by
December 31, 2013
â¶
Better Security
â¶
Performance
Upgrading 1024 to 2048-bit SSL: The Mandate
1024
bit
5X Performance
Degradation
80% Performance Drop
2048
bit
Security
9. Can Your Security Appliance Handle This?
⣠How do you deal with mobile users and many
distributed office locations?
⣠Are your cloud applications like Office365, Box,
Google Apps, etc. bottlenecked?
⣠Are you scanning SSL traffic?
â If NOT, you have a BIG security/visibility GAP
⣠Do you use appliance based proxy servers?
⣠Can your appliance handle SSL interception with
2048-bit?
9
10. The Zscaler Direct-to-Cloud Network
Regional
Offices
Home or Hotspot
Branch
Offices
On-the-go
Headquarters
Secure access to leading cloud, mobile and social applications
11. What Does Zscaler Do?
Mobile & Distributed Workforce
Global check post
Enforces business policy
Cloud Services
Regional
Office
Botnet
Cloud Apps
HQ
Mobile Apps
Home
or Hotspot
Exploits
On-the-go
NO HARDWARE | NO SOFTWARE
Block the bad, protect the good
Social Media
14. Zscaler Inspects Full Web Transactions
âą Most vendors analyze only
domain and block based on a
black list
âą Domain represents < 5% of a
total URL
Request
Domain
Parameters
Cookies
Body
https://facebook.com/profile.php?id=x
Response
HTML
âą URL represents < 1% of a
total page
âą Most newer threats are
hidden in the pages being
served and require full
page inspection
Path
Images
ActiveX
Controls &
Browser
Helper Objects
Windows
Executables
& Dynamic Link
Libraries
Scripts
Java
Applets &
Applications
JavaScript
(HTML, PDF,
stand-alone).
Visual Basic Script
XML
RIA
Visual Basic for
Apps. Macros
in Office
documents
HTML
15. Zscaler Provides Full SSL Scanning Capabilities
Content
Inspection
Engine
Users
Internet
6
5
1
7
2
ï
4
Web Servers
3
1. Client/Proxy Handshake
Zscaler SSL Controls
2. Proxy/Server Handshake
⣠Option to enable SSL Interception
3. Certificate check
4. Website sends encrypted (SSL) content
5. Decrypted content sent to the Content Engine
6. Filtered content sent to proxy
7. Re-encrypted content sent to user
⣠Bypass SSL Interception for Sites/Categories (e.g.
banking)
⣠Block Sites/Categories when SSL is not decrypted
⣠Allow/Deny untrusted certificates
⣠Option to use custom root certificates
16. SSL Upgrade
Zscaler Security Cloud is Already Upgraded to 2048-bit
Cloud Running 1024-bit SSL
No Hardware Acceleration
SSL Upgrade
Cloud Running 2048-bit SSL
After Upgrade with Hardware Acceleration
ï§ Most proxy vendors donât
do SSL interception â
performance overhead
ï§ Moving from 1024 to 2048
bit is an additional 5X
performance drop
ï§ Zscaler seamlessly enabled
2048-bit SSL across its
cloud using hardware
acceleration which
improved SSL performance
25X
ï§ Customers did not have to
upgrade hardware or
software
17. Zscaler Solution Benefits
Advanced
Threats
Social Media
& cloud Apps
Antivirus
URL Filtering
Unified Policy
Global, Real-time
Analytics
Local Internet
breakout
BW control
17
Regulatory
Compliance
IP Protection
18. Can It Scale?
ï§ The name Zscaler stands for the Zenith of Scalability
ï§ Every day Zscaler processes more than 12 billion transactions
through our cloud from 12 million users across 4,500 customers
in 180 countries
ï§ Zscaler cloud operates in 100+ datacenters across 12 world
class service providers
5B Searches Per Day
4.7B Likes Per Day
400M Tweets Per Day
18
<
12B Transactions Per Day
* October 2013 Statistics
19. Summary
â¶
Cloud, Mobile and Social Networking are powerful
trends transforming Enterprises
â¶
Internet is moving to SSL, everything is over HTTP(S)
â¶
Attacks have shifted from servers to users
â¶
New standards mandate shift from 1024 to 2048-bit
SSL starting 1st Jan, 2014 (80% performance drop)
â¶
Traditional appliance based security is ineffective
â¶
Zscaler is transforming enterprise security with the
worldâs largest Security Cloud
The alternative we propose is with Zscalerâs Direct to Cloud Network. If you can imagine the advantages of directing all of your internet and cloud bound traffic through a globally deployed Cloud infrastructure without having to manage all of the costly hardware and software â it offers compelling flexibility, economics and simplicity without compromising any of the security capabilities and requirements.In fact, in our security âdeep diveâ presentation we can share how Zscaler actually provides better security to address advanced threats given the volume of transactions we scan across our Cloud Network each day.So all of a sudden you have an infrastructure available anywhere in the world, that can manage your employee internet and cloud activities with uniform policies⊠available instantly â and do this regardless of what device employees may be using to access the cloud and internet
In a more simplistic picture â the best way to think of Zscaler, is as a global check-post sitting between your employees and the Cloud. In a more technical term some of you might view Zscaler as a Massively scalable and fast Proxy available anytime, globally from any device.
We have talked much about the global nature of the Zscaler Direct to Cloud Network. It is worth while to share the extent to which we have deployed infrastructure to offer you comparable access â and in many cases better access â than you would receive using your current method of accessing the Cloud and Internet.
Iâll take a moment to explain how Zscaler works â we think you will see the simplicity in what we do and how you can quickly deploy on the Zscaler Direct to Cloud Network.Your administrator sets up policy and launches it on our cloud through a simple but comprehensive web interface â these policies are made available instantly across our global networkCloud and Internet bound traffic is forwarded from your employees using a number of techniques â which we can discuss more in our technical discussionAll employee web and email traffic goes through our global cloud network where policy is applied â traffic that is allowed goes through to its destination - - - traffic that is denied will return a notice to the userOnce the cloud and internet is accessed â the Zscaler network scans all traffic for threats and Advanced threats and protects your business network from malicious intentAt any time â your admin or C-level executives have access to instant reporting that can be customized for summary or detailed investigation or review
Align the left boxesAlign the cloudsAlign the textAlign the horizontal dotted lines between 1 and 2 & between 2&3