Table of Contents
a. Zscaler 101
Zscaler is a large player in network security. It competes with Palo Alto’s next-gen suite, Cloudflare and so many others. Zscaler’s Zero Trust Exchange (ZTE) is its overarching, cloud-native security platform. It blazes a trail between users, apps and devices across eligible networks. It’s increasingly involved in agentic and autonomous asset connections too.
Zero Trust is exactly what it sounds like: never trusting anything. The exchange vets and verifies all traffic as it moves within a company’s perimeter. It doesn’t allow bad actors to breach infrastructure weak spots and gain free access to everything else thereafter. That’s called “lateral threat movement.” It constantly verifies. Zscaler uses risk scores to assess security risk for every interaction, meaning it’s only creating user friction when there’s real security concern. This Zero Trust approach routinely cuts infrastructure costs for customers by shrinking the attack surface down, removing vulnerabilities and augmenting efficacy. ZTE replaces an antiquated firewall and virtual private network (VPN) setup in which fixed rules determine entry into the firewall-protected environment. Once that entry is granted, every device & user within a perimeter gets perpetual and unconditional access.
Product & Growth Pillar #1 – Zero Trust Everywhere
Zero Trust Everywhere (can’t call it ZTE because that’s the name of Zero Trust Exchange) is made up of its core network security products, branch-level security, and Zero Trust Cloud.
Core Network Security Products:
- Zscaler Internet Access (ZIA) protects internet connections. It’s the middleman between a user and a network that ensures proper authorization & access.
- Zscaler Private Access (ZPA) offers remote access to internal apps. It can directly connect to needed resources and destinations without public exposure (unlike VPNs).
- Zscaler Digital Experience (ZDX) optimizes cloud app performance and finds issues faster. It sifts through networks to identify sources holding back productivity to be fixed.
- Zscaler for Users is the firm’s bundle that combines ZIA, ZPA and ZDX.
Branch-Level Security:
For newer, ZPA-related products, Zero Trust Segmentation separates networks to offer more localized visibility. Branch security uses this capability to treat every single company location as its own island or network to shrink the attack surface. These “islands” (not entire enterprises) connect to single apps or network subsections only when needed. That’s called micro-segmentation. This lowers the risk of lateral threat movement by minimizing access. And it’s offered through a single appliance, meaning there’s one console for campuses, factories and retail shops. That reduces complexity and friction.
Zero Trust for branches upgrades legacy Software-Defined Wide Area Network (SD-Wan) functionality. As a reminder, SD-Wan is a digital manager of network connectivity. It splits network hardware and software-based control. This cuts costs, streamlines management & augments protection. SD-WAN is great for network optimization and can handle significant traffic routing needs. But? This requires direct appliance installation and does run into security concerns. Zscaler Branch Security doesn’t require hefty hardware installation. Just a cloud-native branch connector and a virtual machine (VM) to seamlessly turn on.
Zero Trust Cloud:
Zero Trust Cloud is Zscaler’s name for cloud app and workload use cases within its core network security products. It also offers configuration analysis and cloud workload protection products.
Product & Growth Pillar #2 – Data Security Everywhere:
Zscaler Data Fabric is the term it uses for openly integrating with a long list of needed data sources. It handles ingestion, organization, “harmonization” and the unleashing of this lucrative context. Zscaler offers data security across endpoints, email, web, GenAI apps and legacy software. That makes sense. If it’s already protecting so much of the world’s network traffic… and if it already leverages all of this data (structured and unstructured) … that gives it a head start on using this insight to offer more products.
- Data security posture management (DSPM) granularly tags, organizes and protects cloud-native data.
- Data Loss Prevention (DLP) guards clients against data leakage or theft for emails, endpoints and more.
- It also offers encryption tools.
- Data Security Everywhere is the name of the unified suite.
Product & Growth Pillar #3 – “Agentic Operations:”
This category includes security operations (SecOps), IT Operations (ITOps) and all other AI product innovation.
ITOps includes products like its AI Copilot for ZDX (GenAI assistant) and ZDX Network Intelligence. This tracks internet service provider (ISP) performance. It readily uses outage data to refine Zscaler’s zero trust exchange efficacy, which helps performance and up-time.
Within SecOps:
- Unified Vulnerability Management (UVM) offers a bird's-eye view across 150+ data sources to tag, assess and remediate vulnerabilities across all identities as well as cloud and on-premise environments. It ranks all issues, prioritizes pressing items and offers the best course of action for remediation.
- Risk360 leverages UVM’s holistic view of vulnerabilities and enhances it with Zscaler and 3P signals. It then maps potential cyber risks and ranks them by potential financial damage. It also gives the best next steps of remediation.
- Business Insights: Broad visibility into app usage, costs, needs and engagement. This helps minimize unneeded apps and licenses.
- The aforementioned Data Fabric tool is also a big part of this product suite.
- This also includes its Managed Detection and Response (MDR) product acquired via Red Canary M&A. This blends AI-based and expert security analyst protection.
For AI, it has a well-established GenAI Security business in safeguarding companies from sensitive data leakage associated with 1st and 3rd-party AI apps. It’s also now directly protecting these AI assets (public and private) with AI Guard and is building on this presence with M&A and product expansion. More on that later.