TechTarget.com/searchsecurity

https://www.techtarget.com/searchsecurity/opinion/Zscaler-delivers-network-data-security-tools-at-Zenith-Live

Zscaler delivers network, data security tools at Zenith Live

By John Grady

At its annual Zenith Live user conference, Zscaler introduced several new capabilities to better address some of the top challenges IT and security teams face: securing distributed, cloud-centric environments, consistently protecting data across all channels, and simplifying and optimizing security operations.

While remaining committed to its core network security offerings, Zscaler has also heavily focused on data security as well as security operations, creating the three pillars CEO Jay Choudry focused on in his keynote: zero-trust everywhere, data security everywhere and agentic operations.

These pillars are closely intertwined. Research from Omdia's Enterprise Strategy Group found that 39% of organizations plan to enhance analytics, detection, and response capabilities over the next 12-18 months to implement or optimize their zero-trust strategies, while 28% expect to incorporate more data-centric controls. Following the shift to work from home, many zero-trust strategies have become over-focused on ZTNA and secure access as the prominent use case. As the market view has expanded, Zscaler has followed suit.

The messaging at the event felt much more direct than in past years. Rather than broadly speaking to the benefits a Zscaler-oriented approach can provide, Zscaler's leadership was blunt in their expectations around eliminating well-known technologies such as firewalls, VPNs, NAC, VDI, SD-WAN, switches, ExpressRoute, Direct Connect, and more.

In their view, these approaches do not adequately protect the modern enterprise because they rely on static, siloed, expensive tools. However, the cost savings Zscaler cited were internally calculated, so how applicable they are to any specific customer is unclear. Further, not every organization will eschew decades of established security practices, so while Zscaler continues to see strong results, it will likely take time to gain broad adoption of the firewall-free, internet café-like branch it envisions.

There were a variety of announcements and highlights across all three areas over the two days, but some of the most interesting included:

• Red Canary. With this acquisition still fresh, not a lot of time was spent on specifics. However, what was shared was that it should not be seen as a pivot to managed detection and response (MDR). Zscaler will work with partners to serve customers in the MDR space and take advantage of Red Canary's AI SecOps technology, coupled with its own data fabric capabilities from the Avalour acquisition to fully enter the security operations space and optimize the use of the data and threat signals being collected.
• Endpoint Context. Network telemetry can only provide so much context on its own. Sophisticated attacks often need additional indicators to detect. The Endpoint Context capability Zscaler has integrated into the Zscaler Client Connector helps close this gap and provide application, process, and vulnerability insights, as well as detection of living off the land attacks. This follows a trend of network-centric vendors expanding into the endpoint space and should provide value to Zscaler customers.
• Zero Trust Gateway service for cloud. Over the last 18 months, many firewall vendors have introduced cloud-native firewalls to address the complexity of virtual machine deployments in highly dynamic environments. Zscaler's Zero Trust Gateway for cloud follows this path, offering a managed services option that offloads many of the configuration, lifecycle management, scaling, and log management tasks to Zscaler. This allows customers to focus on the business policies they want to implement rather than managing infrastructure.
• Unified Appliance for Zero Trust Branch. Zscaler's key appliance, launched at Zenith, unifies control over both connectivity and north/south and east/west traffic control in a single device. This covers branches, campuses, and factories, and segments OT and IoT devices within them. It also provides disposable jump boxes that provide contractors with secure, time-bound access to critical connected systems.
• Zero Trust Exchange for B2B. Zscaler has been focused on third-party access, and merger and acquisition use cases for quite a while with its Private Access system. The B2B Exchange will augment and streamline these capabilities via tenant federation to allow customers to expose certain applications and application segments to partners that are Zscaler customers.

At first glance, it might seem that Zscaler aims to be the one-stop cyber shop for its customers. With platformization a key trend in the industry, that would not be a surprising strategy. But on the whole, Zscaler has a fairly pragmatic view of where platforms fit, believing that while it does make sense to use a variety of vendors for inline controls, it is also unrealistic to expect one vendor to be able to provide every capability an enterprise needs. For example, while introducing Endpoint Context, it does not seek to be an endpoint detection and response vendor. This aligns with what how customers view platforms -- a means to an end to reduce complexity and improve interoperability, but without sacrificing capabilities or efficacy.

John Grady is a principal analyst at Enterprise Strategy Group, now part of Omdia, who covers network security. Grady has more than 15 years of IT vendor and analyst experience.

Enterprise Strategy Group is now part of Omdia. Its analysts have business relationships with technology vendors.