Zscaler (NASDAQ: ZS) accelerates digital transformation so customers can be more agile, efficient, resilient, and secure. The Zscaler Zero Trust Exchange protects thousands of customers from cyberattacks and data loss by securely connecting users, devices, and applications in any location. Distributed across more than 150 data centers globally, the SASE-based Zero Trust Exchange is the world’s largest in-line cloud security platform.
I really dont understand the /32 and how this connects. If the host needs to get somewhere, and it is not seen as the same segment, then it needs to look at its routing table, will arp for the next hop and send the traffic. In this case, the zscaler is not on the same segment, so how does this work? What does it arp for? how does it send the packet there through the OSI stack? It still needs some kind of reachability. My only guess is that there is some proxying or tunneling of the traffic and the /32 is not really a /32, but isolated through some mechanism from talking to anything but the zscaler device. Would be nice to not have to guess, and actually, you know, have it explained, would take less than a minute. Also since someone else was nitpicking, I might as well do it too. If you are going to draw networking symbols, drawing a core with a traditional router picture, that implies L3, that firewall hanging off is all but useless
I don't understand this solution, isn't Microsoft defender for cloud and M365 already providing posture score. And what does Zscalar actually provide cloud based control for segmentation?
So it appears to be a router on a stick, but still sharing the same broadcast domain? There aren't really details here but I'm trying to understand how you are truly isolating the clients on a same VLAN from each other, it can't just be at a layer 3 level, you blocking ARP's etc? They running clients? Just changing a host to a /32 would certainly contain that host but what about misconfiguration or bad actors also attached to that VLAN?
I mean. Zscaler pretends it's not just vpn/firewalling but in the end... Everyone relies on the same basic tech :p private vlans have been a thing for aaaaaages
A few comments: 1. You did not provide any real details here. You imply that the ZScaler Airgap ‘client’ locks down each individual host, and the Airgap box (physical or virtual) manages the policy to lock down each host. But you didn’t provide enough details here. 2. Unlike NSX, which applies policy to the virtual NIC shim that is not part of the VM, Airgap looks to be installed on the hosts. So, what would stop a bad actor from disabling or removing Airgap from that host? 3. Nitpick. You started out by drawing the Core of what you said was a Data Center, and the first thing you drew was a User VLAN. Generally, user VLANs are out in the campus, or branch locations, and NOT in the Data Center. So, does the Airgap solution ONLY apply to Data Centers (as a replacement for functionality provided by NSX or similar), or is it also something that could/would be deployed on a campus or branch network as well? 4. If this IS a solution for Data Center, Campus and Branch/Remote Office networks, does each location need a LOCAL ZScaler Airgap “policy box” to manage policy? Or would a smaller number of distributed or centralized “policy boxes” be deployed to manage policy for remote networks? And if the “policy boxes” are remote, what happens to policy enforcement and application if the Airgap-equipped hosts lose communication with the “policy boxes”?
I had a genuine laugh more than once, this guy should make more videos like this! Also I think the camera was slightly out of focus, the lines were not sharp. Neverthless, great video 😄
Hello sir, I am a fresh graduate who is currently doing a research project on zero trust across multicloud ERPs. If you aa someone who is well experienced in the field would be generous enough to please help in my google survey to understand current and future market trends in it, it would be life saving. Please please respond back. Consider it as a request from a younger version of you.
Can Zscaler ZPA/ZIA access policies be based on IOT device types that were detected by ML not only seeing the IOT device types and their network patterns in a Report? For example allowing specific camera models to talk only to the camera vendor's cloud server through ZIA or allowing internal access to the cameras using ZPA to specific specific AD user or AD groups ?
I was hoping this video would show competitive info. Maybe a battle card that would distinguish setting you apart from products like Prisma Access from Palo Alto Networks and other competitors. If you want to be set apart then consider being more specific about how you do that exactly in comparison.
So maybe rudimentary question - when you say VM is that essentially just a server running on the site that needs provisioned to run the Zscaler software?
Basically yes, it is a lightweight VM which runs a sort of communicator which talks to the ZTE (Zero trust Exchange). Only outbound which reduce security risk compared to VPN
I have a doubt in zscaler If am in office network do I need to connect ZIA/ZPA? If am in public network, I can resolve my application urls with private ip, If am in public network, Can I connect both ZPA & ZIA in same time ? so that I can connect private applications and I can connect public networks securely.
Do I need to prepare my network (VNet and Subnet level in Azure) to bring this segmentation into action? Looks like I can apply it without having to create a ton of /28 subnets.
Great demo Dhawal! ZDX provides such a granular look into user workflows, that enables the Network/Application teams to be more precise in ticket resolution.
