Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION1 ©2017 Zscaler, Inc. All rights reserved.
Cloud-First Branch Transformation withSD-WAN and Cloud Security Riverbed Zscaler solution
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION2
SecureOngoing third-party testing
CertifiedReliableRedundancy within and
failover across DCs
TransparentTrust portal for service availability monitoring
Zscaler – the largest security cloud. Reliable. Available. Fast.
35B+Requests/day
125M+Threats
blocked/day
120K+Unique security
updates/day
100 data centers across 5 continents
Peering in Internet exchanges
150+Vendors peered
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION3
PROTECTIONACROSS COUNTRIES
190
130
125
113
70
LOCATIONSPROTECTED
30,000
12,000
6,000
900
500
EMPLOYEESPROTECTED
400K
125K
120K
80K
1.6M
1.3M
OFFICE 365MONTHLY TRAFFIC
83 TB
44 TB
38 TB
37 TB
35 TB
Unparalleled cloud scale
All users – All traffic
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION4
Leader – 7 years in a row
Leading industry analysts agree…
Zscaler is a very strong choice for any organization interested in a cloud gateway.
…On-premises web content security can’t protect digital business…
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION55 ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION
Cloud and mobility require a fundamental change in network and security architectures
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION6
HQBranch
Branch
Branch
Branch
Branch Branch BranchBranch
Home, Coffee Shop Airport, Hotel
SaaS Open Internet IaaS
Cloud and mobility break network security
The Internet is Your New Corporate Network
“GE will run 70 percent of its workload in the cloud by 2020”
Jim Fowler, CIO
“The Internet will be our new corporate network by 2020” Frederik Janssen, Head of Infrastructure
“Office 365 was built to be accessed via direct Internet connection”
How do you secure a network (Internet) you don’t control?
EMEAAPJ
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION7
Cloud and mobility break network security
HQEMEA
Branch
APJ
Branch
Branch
Branch
Branch Branch BranchBranch
Zscaler enables secure network and application transformation
NEW SECURITY MODELSecure the Network
Securely connect users to apps
Direct to InternetBroadband / Wi-Fi / LTE / 5G
NEW NETWORK MODEL
OLD SECURITY MODEL
Hub-and-SpokeMPLS / VPN
OLD NETWORK MODEL
Secure the Corporate Network
SaaS Open Internet IaaS
Home, Coffee Shop Airport, Hotel
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION8
Internet Gateway: Complex, expensive, and poor user experience
Aggregation Firewall Load Balancers
& VPNs
Web Filter
Sandbox
Flow Management
Edge Next-Gen Firewall
DLP
SSL
11
9
8
7
6
5
4
3
21
12
10
13
14
16
17
18
19
20
21
22 2324
25
26
2728
https://
15
Content Inspection
A simple web request takes 28 hops
Despite this massive investment, breaches are on the rise
Internet
HQ
WHAT’S YOUR RISK SCORE? FIND OUT AT SECURITYPREVIEW.ZSCALER.COM/RIVERBED
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION9
Building a cloud with single-tenant appliances Zscaler built from scratch a highly scalable and ultra-fast multitenant cloud security architecture
THE ZSCALER CLOUD
• Disparate redundant control, logging, and enforcement policies• Multiple appliances, multiple hops — slow user experience• Expensive and complex to scale and manage
• Integrated control, logging, and enforcement • Single pass architecture — performance SLA and security efficacy • Infinitely scalable — cost effective
Would you build a power plant with home generators?
HOME POWER GENERATORS
POWER PLANT
NY
USER A (policy
follows)
USAEU
USER A
Private
London Sydney
ENFORCE
LOG
CONTROLSandbox
DLP
LB
Full AV
SSL Proxy
IPS
NGFW
DNS
Increased latencyX
X
X
Inefficiency
Impaired performance
Legacy technology cannot be repurposed for the cloud
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION1010 ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION
Cloud-First transformation from hub-and-spoke to local internet breakouts with SD-WAN
Nothing bad comes in, nothing good leaks out
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION11
Direct to InternetBlock the bad, protect the good
The best approach for SD-WAN
Zscaler Internet Access – Fast, secure access to the Internet and SaaS
Data CenterAPPSMPLS
HQMOBILEBRANCHIOT
Your security stack as a service
Data Loss PreventionCloud Apps (CASB)File Type Controls
Data Protection
Cloud FirewallURL FilteringBandwidth ControlDNS Filtering
Access ControlAdv. ProtectionCloud SandboxAnti-VirusDNS Security
Threat PreventionReal-time policy enginePolices follow the userChanges are immediately enforced, worldwide
Business analyticsGlobal visibility into apps and threats blockedIdentify botnet infected machines for remediation
Real-time policy and analytics
SaaS Open Internet
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION12
Cutting edge security capabilities in the cloud
CONTROLBANDWIDTH
SECURE ALLPORTS & PROTOCOLS
MULTIPLE PROPRIETARY INSPECTION METHODS
ADVANCED THREAT PROTECTION
BehavioralAnalysis
Sandbox
CLOUDEFFECT
SSMA™All security engines fire with
each content scan – only microsecond delay
ByteScan™Each outbound/inbound byte scanned, native SSL scanning
PageRisk™Risk of each object computed
inline, dynamically
NanoLog™50:1 compression, real-time
global log consolidation
PolicyNow™Polices follow the user for Same
on-premise, off-premise protection™
120,000Unique updates per day
125 MillionThreats blocked per Day
Dynamic Content Classification
ProprietaryRisk Index
Anti-Malware
XSS Protection
CVE ProtectionBandwidth
Control
QoSURL Filtering
Proxy (SSL)
Block ListsFile Type Control
DNS Filtering
Cloud FW (NGFW)
Browser Control
Full Inline Inspection & Correlation of Threat Indicators
60+ threat feeds
Find once, block everywhere
35 BillionRequests per Day
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION13
Secure SD-WAN
1. Reduces cost and complexity (no hardware or backhauling)
2. Enables a fast user experience (fast response times)
3. Simplifies operations (local breakouts, single console, all ports)
4. Security and scale (no compromises, full inline inspection, SSL)
5. Rapid deployment of new services (no upgrades, configuration changes)
Zscaler to Secure SD-WAN: Five Reasons why
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION14
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION15
Enterprise Networking for the Cloud EraSteelConnect Components
SteelConnect ManagerA centralized and multi-tenant management portal that provides an intuitive and simplified workflow for designing, deploying and managing distributed and hybrid networks
SteelConnect GatewayA line of physical and virtual secure WAN gateways that provide unified connectivity and enforcement of global policy across on-premises and cloud network environments, zero-touch provisioning, automated VPN management and firewall and threat protection capabilities.
SteelConnect Switches & Access PointsA line of LAN switches and Wi-Fi access points that support zero-touch provisioning, automate global enforcement of access control policies and provide complete visibility into connected users and devices.
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION16
A cloud-first architecture for cloud-first businessesRiverbed SD-WAN + Zscaler Cloud Security
• Securely transform to a cloud-first enterprise
• Increase IT agility and responsiveness
• Simplify branch operations and reduce costs
• Provide fast, secure user experiences
• Enforce security policies that follow users, no matter where they connect
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION17
Riverbed + Zscaler: Best-of-Breed Joint Solution
Riverbed ZscalerRi
verb
edSt
eelC
onne
ct WAN optimization and visibilityTraffic steering & Network path control
Application and User Identification
Centralized Policy
Local Network Services (DNS, DHCP)
Basic Perimeter Firewall (with VPN, NAT capabilities)
Zsca
lerC
loud
Sec
urity
Pl
atfo
rm
Threat Prevention – Malware Detection, Sandbox, Content Scrubbing
Access Control – Next Gen Firewall, URL/DNS Filtering, Bandwidth control
Inline Data Protection – Data Loss Prevention (DLP), Cloud Access Security Broker (CASB)
Acceptable Use Policy Enforcement, Other InfoSec Compliance Requirements
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION18
Solution Architecture
SD-WAN
SDI-GWClient
The Cloud
IPSEC
SH
SHClientGRE
HQ
BRANCH Zscaler Cloud
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION19
SD-WAN solution integrated with Zscaler to seamlessly provide
protection for employees directly connected to Internet for web or cloud applications / resources.
Simplify Branch Operations and Improve Business Agility
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION2020 ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION
Summary
Zscaler and Riverbed make it easy to migrate to a Cloud-First branch architecture
Increase AgilityReduce Costs
Simple
SecurePowerful
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION21
Branch Transformation for the Cloud-First Enterprise
SaaS Open Internet IaaS
Better User Experience Reduced Business Risk Business Agility Lower TCO Competitive Advantage
APP ACCESS TRANSFORMATIONDATA CENTER CLOUD (SAAS/IAAS)
SECURITY TRANSFORMATIONUSER AND DATA SECURITYNETWORK SECURITY
NETWORK TRANSFORMATIONHUB AND SPOKE DIRECT-TO-CLOUD
FW / IPS
URL Filter
Antivirus
DLP
SSL
Sandbox
Global LB
DDoS
Ext. FW/IPS
RAS (VPN)
Internal FW
Internal LB
Internet & VPN Gateway
BRANCH
HQ
BRANCH
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION22
Riverbed SD-WAN and Zscaler Cloud SecurityAccelerate cloud transformation without sacrificing performance, agility, or control
Powerful
Deliver fast connectivity to apps and data, regardless of network type or
user location, by enabling local Internet breakouts. Seamless protection with
largest cloud security platform, peered with all major cloud providers.
Secure
Provide identical protection for users wherever they connect, by enforcing
advanced threat prevention, data protection, and access controls for Internet-bound traffic (incl. SSL), without performance penalties.
Simple
Simplify branch operations and improve business agility with
centralized, cloud-based management of network and
security functions.
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION23©2017 Zscaler, Inc. All rights reserved. Zscaler™, SHIFT™, Direct-to-Cloud™ and ZPA™ are trademarks or registered trademarks of Zscaler, Inc. in the United States and/or other countries. All other trademarks are the property of their respective owners. | ZSCALER CONFIDENTIAL INFORMATION
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION24
Zscaler Cloud Firewall –Security and access controls for all ports and all protocols
• Stateful firewall policies— Apply allow/block security policy based on source and destination IP address, ports, and protocols
• Standard NGFW policies — Apply granular allow/block security policies based on apps and users using a Deep Packet Inspection (DPI) engine
• Fully Qualified Domain Name policies– Easily configure and manage access policies for apps hosted on dynamic IPs (Azure/AWS) or across multiple IPs - Move apps to the cloud without changing the policy
• Real time, granular policy control and visibility — Configure policies across locations and get instant visibility into traffic usage, threats, and apps by users, groups and locations - No extra licenses and no extra cost
• Cloud security services – Get the same protections everywhere, unlimited inspection capacity, and find more threats
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION25
Allow access to
dynamic IPs
based upon
FQDN
Granular policy controlDefine and immediately enforce all policies for all locations from a single console
Allow FTP for IT
users only
Block all P2P
apps except
Skype for Bus.
HTTP/HTTPS
traffic only on
guest Wi-Fi
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION26
Real-time reporting and analytics for all users, all ports and protocolsEasily drill-down into detailed insight
Instant drill-down by
application
View top rules hit
Centralizes Visibility Instant ReportingLogs Every Session
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION27
Zscaler Bandwidth ControlEnsuring business application traffic is prioritized over YouTube
Office365 guaranteed 40%YouTube capped at 50%
• Policies are defined in a single console and immediately enforced globally
• Policies are enforced in the cloud, before the last mile bottleneck
• Window shaping and bandwidth throttling deliver a smooth user experience
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION28
• Unmatched security - all users, branches, devices
• Consistent policy & protection
• Always up-to-date
Reduced RiskCISO
• Consolidate point products & simplify IT
• Cloud-enabled network• Rapid deployment
IT SimplificationCTO / IT Head
• No Capex, elastic subscription fee
• Reduced Opex - no box management
• Reduced MPLS costs
Impressive ValueCIO / CFO
• Fast response time – local breakouts
• Prioritize business apps• Empowers users to
leverage cloud apps
ProductivityEnd-users
A Trusted & Reliable PartnerCommitment to Quality & Customer Success
Technology Innovator - Market Leader - Financially Strong
Why Zscaler?