Zscaler Cloud Security
Policy-based, secure internet access for any device, anywhere

Overview:

	Secure Users
	Organizations are able to effectively secure their users against today's dynamic email and web threats with Zscaler's services. Browser control and dynamic inspection of content is necessary to protect against more complex threats.
	Manage Email and Web
	The Web and email have become the preferred channels of communication for businesses. Maintaining control over mail flow and access to web resources is critical. Zscaler offers the ability to granularly control access to websites and applications as mandated by corporate policy.
	Protect Data
	Users may accidentally or maliciously leak sensitive corporate data using a number of methods including email, webmail, social networks, blogs, or instant messaging. Zscaler can prevent organizations from incurring liabilities due to data loss by scanning all outbound traffic against predefined engines.
	Centralize Policy and Reporting
	Traditional log consolidation from multiple locations and correlation of data is cumbersome. Zscaler's centralized policy and reporting simplifies administration and reduces IT operational costs for organizations.
	Zscaler Infrastructure
	Zscaler's fundamental innovation is in functionally distributing components of a standard proxy to create a giant global network that acts as a single virtual proxy so that any user can go to any gateway at any time for policy-based, secure internet access.  Zscaler infrastructure comprises three key components; Zscaler Enforcement Nodes (ZEN), Central Authority (CA) and Nanolog™ (Transaction Log) Servers.
	Forwarding Traffic to Zscaler
	Zscaler is unique in its Security-as-a-Service offering by allowing administrators to enforce user level policies without requiring any software or hardware deployment. It supports a diverse set of traffic forwarding mechanisms that include GRE tunnels, firewall port forwarding, proxy chaining, or PAC files.

Secure Users :

Organizations are able to effectively secure their users against today's dynamic email and web threats with Zscaler's services. Browser control and dynamic inspection of content is necessary to protect against more complex threats.

	Anti-virus and Anti-spyware
	Zscaler provides an inline, ultralow latency anti-virus and anti-spyware solution that dynamically protects users from threats embedded in emails, web pages, and files. Blocking malware in the cloud is instantaneous and universal, saves bandwidth costs, and obviates the need to patch endpoints or multiple appliances to effectively protect users.
Secure Web Users
	Advanced Threats
	Zscaler's advanced security uses ByteScan technology to scan every byte of all requests and responses. This data is correlated with other factors such as web page reputation and location information in order to produce a PageRisk index. Zscaler's dynamic classification of content enables detection of hidden iframes, cross site scripts, phishing attempts, cookie stealing, and botnet command and control activity.
	Browser Security
	Zscaler enables administrators to safeguard their users against old browsers and plug-ins with known vulnerabilities. This is becoming increasingly critical as Advanced Persistent Threats (APT) target end users through such attack vectors.
Secure Email Users
	Anti-spam
	A world-class reputation engine front-ends Zscaler's anti-spam solution. Reputation and spam updates are sent out to the cloud every 30 seconds to block the latest spam outbreaks. The anti-spam engine detects image spam, malicious URLs, and mutations in real-time.  Each user gets their individual quarantine portal where they can release or drop suspect spam emails.
	Availability
	Zscaler simplifies disaster recovery measures with a highly reliable cloud architecture. The service receives and holds emails if the organization's exchange server is unavailable. It also mitigates all attacks and denial of service attempts in the cloud keeping your network, exchange server, and firewalls free from excessive unwanted traffic. Cloud based directory harvest attack prevention ensures your servers as well as your information is protected.

Manage Email and Web:

The Web and email have become the preferred channels of communication for businesses. Maintaining control over mail flow and access to web resources is critical. Zscaler offers the ability to granularly control access to websites and applications as mandated by corporate policy.

Manage Web
	URL Filtering
	Zscaler enables organizations to limit their exposure to liability by managing access to web content based on a site's reputation. URLs are filtered against multiple global databases consisting of 90 categories, 30 super categories, and 6 classes. Policy may be granularly enforced for specific users, groups, and locations.
	Web 2.0 Control
	Organizations can configure policies by users or groups to leverage the latest Web 2.0 platforms without compromising productivity or security of critical data. Zscaler provides granular control over applications like webmail, streaming media, social networking, and instant messaging.
	Bandwidth Control
	Zscaler enables organizations to efficiently allocate bandwidth to promote web applications used for business purposes rather than recreation. Transactions are assigned to bandwidth classes and policies are enforced without dropping any packets due to Zscaler's patented technology.
Manage Email
	Mail Flow Policy
	Through simple and intuitive policy rules, Zscaler offers very granular mail flow rules that allow any email to be routed based on sender, receiver, and attachment file types. In addition alias management, mail routing, and creating copies is simplified through the alias and masquerading policies. Organizations that have multiple email domains can ensure that consistent email addresses are presented for any emails external to the organization.
	Encryption
	Zscaler always attempts secure delivery of email messages when connecting to a remote Mail Transfer Appliance (MTA). Based on combination of sender, receiver, or content of an email administrators can enforce delivery of emails over an encrypted channel.

Protect Data:

Users may accidentally or maliciously leak sensitive corporate data using a number of methods including email, webmail, social networks, blogs, or instant messaging. Zscaler can prevent organizations from incurring liabilities due to data loss by scanning all outbound traffic against predefined engines.

	Integrated Data Loss Prevention for Web and Email
	Zscaler scans all email and web traffic as well as Microsoft Word documents, PDFs, and zipped files. Data templates consisting of specific numbers, content, or custom phrases are leveraged to predefine engines including PCI, HIPAA, and GLBA. Outbound permissions are enforced for users, web application types, and locations.

Centralize Policy and Reporting :

Traditional log consolidation from multiple locations and correlation of data is cumbersome. Zscaler's centralized policy and reporting simplifies administration and reduces IT operational costs for organizations.

	Centralized Policy for Email and Web
	Zscaler's easy to use, web-based interface reduces policy management burden for IT departments. All aspects of email and web communication – security, management, and data loss – can be granularly administered via a single interface for all users, regardless of their physical locations.
	Consolidated Real-time Reporting
	Real-time consolidation and correlation of log data of user email and web activity around the globe provides a clear indication of the state of security within an organization at any given time. Zscaler's patented Nanolog technology facilitates identification of anomalous usage patterns as well aides in forensic investigation of malicious user activity.

Mobile Solutions:

Enterprises are struggling with the consumerization of IT. With the proliferation of mobiledevices like iPads and iPhones within the enterprise, IT administrators can no longer ignore these devices as outside their scope of responsibility. Smartphones and tablets are now as powerful as laptops. Employees can access corporate data and the Internet through wireless networks such as Wi-Fi hotspots or cellular 3G/4G that are not controlled by IT.

With many corporate applications being hosted in the cloud, the risk is even higher. Ensuring the security of corporate data is no longer a matter of deploying adequate measures within the organization. It is imperative that security and policy travel with the employee wherever they are and whatever type of device they use.

Unlike the PC world that is dominated by a few main operating systems, the number of platforms and device form-factors for mobile devices is much higher, as is their churn rate. IT needs a solution that is easy to deploy, supports multiple mobile platforms and provides consistent user policy enforcement across PCs and mobile devices.

Infrastructure Overview:

Zscaler's fundamental innovation is in functionally distributing components of a standard proxy to create a giant global network that acts as a single virtual proxy so that any user can go to any gateway at any time for policy-based, secure internet access.  Zscaler infrastructure comprises three key components; Zscaler Enforcement Nodes (ZEN), Central Authority (CA), and Nanolog™ (Transaction Log) Servers.

	Zscaler Architecture
	An enterprise forwards all email and web traffic to the nearest ZEN. Policies governing the user's access to any email or website are served by the CA, and enforced on the ZEN. The ZEN incorporates a hardened custom-built OS and a custom TCP/IP stack to deliver 90% of transactions in less than 90 microseconds. All transaction logs are stored in a centralized Nanolog™ server for real-time retrieval. Any user can access any ZEN, and all components have multiple levels of redundancy to ensure high availability.
	Global Data Center Footprint
	Zscaler's architecture was built ground up to deliver SaaS without compromise. The cloud is deployed across over 40 data centers around the world, providing quick and easy access for employees in the office as well as when they are on the road.  As employees travel, their policy moves with them to the nearest enforcement node. Concurrently, NanoLog technology ensures all the logs are correlated and available to the administrator in real-time.
	Data Privacy and Security
	Zscaler's multi-tenant architecture was built from the ground up to ensure the highest levels of privacy and security.  The data centers are located in facilities around the world with 24/7 monitoring and physical security with redundant power, cooling, and multiple internet uplinks. The ZENs do not store any transaction data to ensure highest level of privacy and security.

Forwarding Traffic to Zscaler:

Zscaler is unique in its Security as a Service offering by allowing administrators to enforce user level policies without requiring any software, hardware, or agent deployment. It supports a diverse set of traffic forwarding mechanisms that include GRE tunnels, firewall port forwarding, proxy chaining, or PAC files.

	Web Proxies
	Zscaler enhances the functionality of existing web proxies by forwarding traffic to the cloud without incurring noticeable latencies and at a very low cost. Interoperability is certified with Blue Coat, Squid and Microsoft ISA web proxies. Learn more
	Firewalls
	Firewall functionality to manage policies by port and protocol may be extended by forwarding web traffic to the Zscaler cloud for in-depth inspection. Juniper, Check Point, SonicWALL, Cisco PIX, and Cisco ASA firewalls are supported. Learn more
	Edge Routers
	Security can be augmented to infrastructures consisting of edge routers by setting a simple rule to forward web traffic to Zscaler. Interoperability is certified with Cisco and Juniper routers.

Documentation:

Download the Zscaler Web Security Cloud Technical Overview Datasheet  (PDF).