Zscaler Zero Trust Segmentation prevents lateral movement from ransomware attacks
Zscaler announced a Zero Trust Segmentation solution to provide a more secure, agile and cost-effective means to connect users, devices, and workloads across and within globally distributed branches, factories, campuses, data centers, and public clouds.
While traditional networks, including SD-WAN and site-to-site VPN, have extended enterprise connectivity to branches and clouds, they have also inadvertently accelerated the spread of ransomware. Although firewalls are used to do segmentation on networks, they add complexity, increase costs, and fail to provide adequate security.
Zero Trust Segmentation for branch and cloud is an innovative solution that prevents ransomware attacks, turns branches into simplified café-like environments and in the process eliminates the need for firewalls, network access control (NAC), SD-WAN and site-to-site VPNs.
With a Zero Trust architecture, organizations are no longer required to extend the corporate network from the data center to distributed locations and public clouds. Each branch, factory and public cloud becomes a virtual island that communicates directly with the Zscaler cloud security platform over any broadband connection. The Zscaler Zero Trust Exchange platform then applies business policies to securely connect users, workloads and devices.
As a result, Zscaler minimizes the attack surface associated with public IPs, prevents ransomware from spreading between locations, and eliminates firewalls, SD-WAN and the reliance on Direct Connect and ExpressRoute.
“Traditional network and security architectures enable the spread of ransomware,” said Dhawal Sharma, EVP of Product Management at Zscaler. “Using firewalls to segment business networks is extremely complex, turning into a never-ending initiative for many organizations. Integrating advanced technology from the recent AirGap acquisition, Zscaler Zero Trust Segmentation now offers the most advanced, robust protection against ransomware attacks, which can be implemented in days. Additionally, it delivers up to 50% cost savings by eliminating the need for legacy firewalls and complex infrastructures.”
Zero Trust Segmentation for branches and factories
With the increasing prevalence of IoT devices and operational technology (OT) systems in today’s branch offices and factories, security leaders are urgently working to protect their environments from sophisticated attacks.
A recent Zscaler ThreatLabz report revealed that over 50% of OT devices rely on legacy, end-of-life operating systems with known vulnerabilities, leaving them highly susceptible to attacks. Zscaler’s solution securely segments every device—including legacy OT— within hours, without north-south firewalls.
“As OT devices are becoming increasingly common in our environment, ensuring their security is a top priority,” said Brian Morris, VP, CISO, Gray Television. “Zscaler Zero Trust Branch has been nothing short of transformative. It has not only helped us reduce network costs, but has significantly reduced cyber risk and helped accelerate M&A integration.”
Zero Trust Segmentation for data center and public clouds
Relying on firewalls to secure workload communications in hybrid and multi-cloud environments increases business risk and complexity. Each internet-facing firewall presents a discoverable attack surface and can lead to inconsistent cyber threat and data protection, as each public cloud service provider operates differently.
Zscaler Zero Trust Segmentation standardizes multi-cloud workload security for internet-bound traffic, communication between clouds and data centers, between Virtual Private Clouds (VPCs), and between workloads and processes. This scalable approach eliminates the need for firewalls, site-to-site VPNs, Direct Connect, or ExpressRoute, simplifying and strengthening security across diverse cloud environments.
“Cloud is a critical component of our infrastructure, and we depend on Zscaler’s Zero Trust architecture to secure our cloud workloads,” said Shanker Ramrakhiani, CISO at IIFL. “Zscaler’s Zero Trust Cloud has empowered us to enforce consistent security across our data centers and multiple clouds, simplifying operations and significantly reducing the risk of lateral threat movement.”
Zero Trust Segmentation currently supports AWS and Azure, with GCP support slated for February 2025.