Zscaler today announced the introduction of several new zero trust network access (ZTNA) capabilities, including enhanced detection of lateral movement and new functionality for blocking compromised users from exploiting a vulnerability.
The updates are being introduced for Zscaler Private Access, which secures access to a company’s private applications. The product leverages Zscaler’s Zero Trust Exchange platform, which combines a cloud-based secure web gateway with cloud-delivered ZTNA.
With the updates, “security teams can get much higher fidelity signals to root out and contain malicious actors before they can do lasting system damage,” said Tony Paterra, senior vice president of emerging products at Zscaler, in an email to VentureBeat.
Integrated deception
The new capabilities include integrated deception, which Zscaler says is an “industry-first” when it comes to providing deception-based security, within a zero trust architecture, to detect lateral movement.
Zscaler is the first Security Service Edge (SSE) offering that is “able to intercept the most advanced adversaries and prevent lateral movement with built-in decoys and automated containment across the Zero Trust Exchange and third-party security operations platforms,” Paterra said.
Deception as a capability in SSE is a “compelling solution to address the compromised user problem, where an advanced attacker has stolen valid credentials or taken over a legitimate system,” he said.
In ransomware attacks, for example, a common technique is to spread laterally across the organization to encrypt file shares, before demanding payment. With deception, “we can create an ‘early warning system’ by inserting decoys that can be used to cut off access to private applications for a compromised user, thus preventing the attack and stopping the compromised user from causing further harm,” Paterra said.
The integrated deception capability also helps to reduce alert fatigue with “high-confidence” alerts generated by the system’s decoys, Zscaler says.
Private app protection
A second new capability being unveiled is private app protection, which focuses on stopping attackers from exploiting private apps that are vulnerable. A key feature included in the solution is in-line inspection of private app traffic, according to Zscaler.
Zscaler Private Access has already “shrunk the attack surface” by making vulnerable services invisible to the internet, Paterra noted. But the addition of private app protection means that “we are now able to take that one step further and block a compromised user from exploiting that vulnerability,” he said.
Additionally, Zscaler announced that it’s introducing privileged remote access for industrial IoT and OT systems, expanding beyond users and workloads.
“In light of heightened geopolitical tensions, we want to ensure that governments and private businesses can keep these types of IIoT/OT systems safe and are responding to customer demand for remote access management options built on a zero trust architecture,” Paterra said.
True zero trust
While zero trust has become a “buzzword” and has been misapplied by some vendors, true zero trust involves connecting users directly to applications without going over the network at all, Zscaler founder and CEO Jay Chaudhry said in a recent interview with VentureBeat.
An illustration of Zscaler’s approach can be seen in how it’s protected customers from exploits of the remote code execution vulnerability in Apache Log4j, Chaudhry said.
The flaw is the “most dangerous vulnerability” imaginable – but Zscaler customers have benefited from keeping their applications hidden by the Zero Trust Exchange, Chaudhry said.
“I had a number of customers who reached out to me and said, ‘Thank God I am hidden behind Zscaler. I need to patch my systems, but I’m not sweating. I have time to patch them, because they can’t be discovered and seen from the internet,’” he said. “So the faster the market embraces zero trust, the safer we will get.”
In February, research firm Gartner positioned Zscaler in the “leaders” quadrant inaugural Magic Quadrant for Security Service Edge. Only two other vendors, McAfee Enterprise’s SSE business (now known as Skyhigh Security) and Netskope, landed in the SSE leaders quadrant.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn More
