9May2019 Avantec Internet Access Webinar€¦ · Office 365 Faster User Experience Secure SD-WAN...
Transcript of 9May2019 Avantec Internet Access Webinar€¦ · Office 365 Faster User Experience Secure SD-WAN...
1
Zscaler Internet Access Webinar 9. Mai 2019
Zscaler Internet Access Webinar
Securing your Cloud Transformation
Steffen Probst9 May 2019
2 Securing your cloud transformation
Zscaler: Securely transform IT for a cloud world
RELIABLE.FAST. SECURE.
Business policies connect users to apps from anywhere, over any network
100+ data centers across 6 continents
60B+ transactionsprocessed daily
300 of the Forbes Global 2000
Nasdaq: ZS
Market Leader
GlobalPresence
Proven Scale
2
Zscaler Internet Access Webinar 9. Mai 2019
3 Securing your cloud transformation
Leading experts agree
1 Gartner Zero Trust Is an Initial Step on the Roadmap to CARTA, Nov. 2018
Zscaler named a LEADERin the Gartner SWG MQ
“Legacy perimeter security simply won’t work and won’t scale for the requirements of digital business and digital government.”1
We do a lot more than SWG(SWG is only 10% of use cases)
8Years in a Row!
4 Securing your cloud transformation
How customers use Zscaler
Reduce Business Risk
Mobile Protection
Zero-Day Protection (SSL/Sandbox)
Proxy Replacement
Data Protection (DLP-EDM)
Multi-Cloud Access
Secure Partner Access
VPN Replacement
Zero Trust / Segmentation
M&A / Divestiture
Private App Access
Office 365
Faster User Experience
Secure SD-WAN
Local Internet Breakouts
3
Zscaler Internet Access Webinar 9. Mai 2019
5 Securing your cloud transformation
A proven and trusted partner of global brands Zscaler = Zenith of Scalability
UsersProtected
1.3M
400K
200K
120k
Office 365Monthly traffic
83 TB
60 TB
44 TB
35 TB
CONGLOMERATES
2OF THE
TOP 3OIL & GAS OPERATIONS
4OF THE
TOP 8BEVERAGES
5OF THE
TOP 7APPAREL & ACCESSORIES
3OF THE
TOP 4FOOD RETAIL
6OF THE
TOP 12
ProtectionAcross countries
185
150
113
70
LocationsProtected
11,000
1,200
30,000
1,500
All traffic - All users - All locations
6 Securing your cloud transformation
Cloud and mobility: enablers, but disrupt networking and security
Old World New World
It started with cloud app adoption…
And that drives Network Transformation…
Which disrupts network security
DC Cloud + DC
+
?Network Security
Hub-and-Spoke to DC Direct-to-Cloud
4
Zscaler Internet Access Webinar 9. Mai 2019
7 Securing your cloud transformation
Legacy Datacenter Legacy Network
The data center was the center of gravity
Remote Access (VPN)
DC Hub
BranchRegional office
Trusted network
INTERNET
Internal networks were built and optimized to connect users to apps in the datacenter
VPN to connects mobile workforce (50%)
MPLS connects 100’s of offices worldwide
3 – 6 DCs with a few internet gateways
8 Securing your cloud transformation
FW / IPS
URL Filter
Antivirus
DLP
SSL
Sandbox
Global LB
DDoS
Ext. FW/IPS
RAS (VPN)
Internal FW
Internal LB
Outbound Gateway
Inbound Gateway
Mobile
DNS
Trusted Network
Legacy castle and moat network security
You controlled: network, apps/data, users
Perimeter (moat) of appliances to protect the network
Network security = secure the network to protect users and apps
And serve as gateways (drawbridges) to go in and out
5
Zscaler Internet Access Webinar 9. Mai 2019
9 Securing your cloud transformation
Cloud breaks legacy networks and security
NotPetya
The cloud is the new data center
Backhaul TrafficBranch: MPLS / Mobile: VPN Poor user experience
Natural path Direct-to-Cloud
MPLS backhaul costs
Security riskBut, security is still
sitting in the DC
10 Securing your cloud transformation
Can you do network security in the world of cloud?
How do you secure a network you don’t control?
Trusted Network
Untrusted Network (Internet)
A new approach to security is needed
AgnosticCloud
NetworkDevice
How do you protect your users and apps?
Can’t build a ’moat’ around it with firewalls and proxies
6
Zscaler Internet Access Webinar 9. Mai 2019
11 Securing your cloud transformation
ZIA: Fast, secure, and reliable access to the internet and SaaSThe best approach for Secure SD-WAN and Office 365
Access control
Cloud firewallURL filtering
Bandwidth controlDNS resolution
Threat prevention
Proxy (Native SSL)Advanced threat protection
Cloud sandboxDNS security
Data protection
CASBFile type controls
Data loss protectionExact data match
Platform Services
Logs only written in memory andforwarded to a logging cluster in
a geography of your choice
Block the bad, protect the good
3rd Party Auth
Security and Policy Enforcement
MPLS WAN
Broadband4G/5G Satellite
Mobile Internet Only and Hybrid Branches
HQ
DCZscaler App SD-WAN (GRE/IPsec tunnels)
New York London Sydney
Unprecedented Visibility
Log streaming to your SIEM / SOC
©2019 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION 12 Securing your cloud transformation
London
Hong Kong
OUTBOUND INBOUND
DLP
URL Filter
Antivirus
SSL
Sandbox
DNS
Out. NGFW
LB
New York
GSLB
DDoS
VPN
Ext. NGFW
LB
In. NGFW
In. LB
ZIA eliminates outbound gateways
SWG (Protect Users) VPN Server Protection
ZPA eliminates VPN gateways
WAF / VDI
Ext. NGFW
LB
In. NGFW
In. LB
GSLB
DDoS
Apps/ServersUsers
What we eliminateDC / Regional Hubs
London
Hong Kong
What we eliminate
OUTBOUND INBOUND
DLP
URL Filter
Antivirus
SSL
Sandbox
DNS
Out. NGFW
LB
GSLB
DDoS
VPN
Ext. NGFW
LB
In. NGFW
In. LB
ZIA eliminates outbound gateways
New York
SWG (Protect Users) VPN Server Protection
ZPA eliminates VPN gateways
WAF / VDI
Ext. NGFW
LB
In. NGFW
In. LB
GSLB
DDoS
Apps/ServersUsers
DC / Regional Hubs Secure local Internet breakouts for every office and every mobile user
What we enable
Global Network
Remote Access (VPN)
BranchRegional office
CLOUD / INTERNET
Avoided deploying firewalls in 300+ branches
7
Zscaler Internet Access Webinar 9. Mai 2019
13 Securing your cloud transformation
A three-step journey to secure IT transformation
100,000 Users / 85 Countries 80,000 Users / 48 Countries
SECUREUp-level security
Make Zscaler the next hop to the internet – no infrastructure change
Cloud
SIMPLIFYRemove multiple point products
Phase out gateway appliancesReduce cost and complexity
Cloud
Enable local Internet breakouts (SD-WAN)Better user experience / Network savings
TRANSFORMDirect-to-Cloud Architecture
Cloud
14 Securing your cloud transformation
How customers use Zscaler
Reduce Business Risk
Mobile Protection
Zero-Day Protection (SSL/Sandbox)
Proxy Replacement
Data Protection (DLP-EDM)
Multi-Cloud Access
Secure Partner Access
VPN Replacement
Zero Trust / Segmentation
M&A / Divestiture
Private App Access
Office 365
Faster User Experience
Secure SD-WAN
Local Internet Breakouts
8
Zscaler Internet Access Webinar 9. Mai 2019
Securing your cloud transformation
Thank You
NEXT STEPSTechnical Workshop / Executive Briefing | San Jose, CA
16 Securing your cloud transformation
Denver
Toronto
New York Paris
LondonAmsterdam
Brussels
StockholmMoscow
Mumbai
Singapore
SydneyCape Town
Madrid
Riyadh
Johannesburg
Atlanta Dallas
Frankfurt
Sao Paulo
LagosKuala Lumpur
Tel Aviv
Washington DC
Chicago
Los Angeles
Copenhagen
Melbourne
Milan
Hong Kong Taipei
Zurich
Chennai
Tianjin
Tokyo
Doha
DubaiAbu Dhabi
Miami
Jeddah
Al Khobar
Warsaw
Seattle
Oslo
Shanghai
Auckland
Seoul
Global data center footprint brings security close to the user
2: https://www.peeringdb.com1: https://www.zscaler.com/threatlabz/global-internet-threats-insights
Requests processed/day60B+
Threats blocked/day1100M+ 120K+
Unique security updates/dayDatacenters in six continents100
Office 365 DC Peering
2TbPeeringCapacity
Peering with content and service providers
Nestle, Siemens, and GE have users being secured by all Zscaler DCs