Combating APT ZSCALER WHITE PAPER LEVERAGING A CLOUD ARCHITECTURE FOR BEHAVIORAL ANALYSIS Zscaler, the cloud security leader, combines the benefits of behavioral analysis with the reach of a SaaS-based service to collect and analyze binary files from global clouds, analyze them centrally and ensure that all customers benefit when even a single malicious file is identified. Traditional Sandbox Zscaler Cloud Sandbox Alert Sandbox HQ BRANCH MOBILE MOBILE BRANCH HQ Limited Capacity with no SSL inspection Limited Capacity with no SSL inspection Unlimited Capacity with full SSL inspection Unlimited Capacity with full SSL inspection • Users off network go unprotected • Sandbox allows files to pass and infect • Threat data is often localized and not shared • Easily scale across all users/locations • Inline architecture holds file until clean • Cloud effect shares blocks to all customers Appliance-based APT approaches are limited to protecting employees in the office and are insufficient for protecting the enterprise; road warriors and home-based workers remain exposed to APTs and zero-day attacks. When sandboxing is part of a comprehensive and multi-faceted cloud security solution—as opposed to just being offered as a point product—it is not limited to simply being a detective control highlighting malicious files that were downloaded, but may not have succeeded in compromising end user machines. Zscaler’s advanced security solution provides full SSL inspection and inline blocking; firewalls and tap-mode sandbox appliances can not accomplish this. It provides continuous coverage for any user, anywhere, and Zscaler’s advanced security solution scans every packet, every byte, every time—for both inbound and outbound traffic. It scans all communications to block botnets calling home, cookie stealing and anonymizers, and it provides vulnerability shielding. Zscaler also generates dynamic risk scores based on content and behavior to block zero-day threats. Zscaler has numerous industry partnerships to ensure access to real-time feeds of known compromises, and every transaction is logged in detail for forensic analysis. © Oct 2017 Zscaler, Inc. All rights reserved. ZSCALER WHITE PAPER ADVANTAGES OF ZSCALER’S CLOUD SANDBOX Zscaler identifies and catches threats via a sandboxed analysis of binaries. Zscaler’s Cloud Sandbox includes behavioral analysis, which delivers three key differentiators in the market: Protection of ALL users, including mobile Unlike appliance-based alternatives, Zscaler’s Cloud Sandbox protects all users, including the difficult to follow mobile user, from APTs. By delivering sandboxing from the cloud, protection is alway on and placed closest to the user regardless of location or connection. On or off network, the users connects to the Zscaler Cloud Platform and Sandboxing solution first before accessing the Internet, so all traffic is always being inspected. This architecture far surpasses traditional data center sandbox approaches, as these appliances go blind once the users drops off the corporate network. Immediate Protection with the Cloud Effect Global, unified collection of samples across the Zscaler Cloud Platform ensures that even a single targeted attack against a single victim can automatically improve security protection for all customers globally. Once a threat is confirmed, all Zscaler customers receive worldwide protection from it. We call this the Cloud-effect, and it easily out-paces appliance approaches to keep users safe from new and emerging threats as they are discovered across the globe. Greater Context for Threat Protection The integration of big data, static analysis and behavioral analysis provides a fuller context for threat protection. By combining behavioral analysis and big data analysis, Zscaler enhances traditional behavioral analysis techniques. In traditional behavioral analysis, a sample is analyzed in isolation. In that scenario, while behavioral analysis would uncover the fact that a given sample requested a specific URL when executed, the behavioral analysis engine would have no way of knowing if the request was benign or malicious. Zscaler is able to further interrogate this information by comparing it to all historical transactions to ensure that the behavioral analysis engine benefits from the latest intelligence derived from mining the overall Zscaler cloud. IMPLEMENTING ZSCALER ADVANCED SECURITY With Zscaler, behavioral analysis is not a separate offering, but rather an enhancement of an already powerful advanced security suite. Zscaler Enforcement Nodes (ZENs) are continually collecting suspicious binary files and delivering them to the central behavioral analysis engine. Samples are executed and monitored in controlled environment and malicious behaviors are recorded and analyzed. Collected metadata is compared to intelligence sources, and malicious files are blocked at ZENs. This is accomplished through an automated, six-step process: 1. Fast Pre-Processing – Pre-processing ensures that files are quickly classified to identify those that will benefit from behavioral analysis. Files are divided into those that are portable executable files and those that aren’t, and the portable executable files are then parsed to ensure that they are appropriately formed. © Oct 2017 Zscaler, Inc. All rights reserved. Please complete the form to gain access to this content Access Now Related Resources Accelerating Secure Digital Transformation Busque estas diez capacidades imprescindibles Ricerca queste 10 funzionalità indispensabili Recherchez ces 10 caractéristiques indispensables Look for these 10 Must-Have Capabilities 10 unverzichtbare Merkmale einer unternehmenstauglichen ZTNA-Lösung Informe de riesgos de VPN de 2023 por Cybersecurity Insiders Report 2023 sui rischi della VPN di Cybersecurity Insiders Rapport 2023 sur les risques liés aux VPN par Cybersecurity Insiders 2023 Cybersecurity Insiders VPN Risk Report Report zu VPN-Risiken 2023 von Cybersecurity Insiders Cómo Zscaler cumple la promesa de la confianza cero en su arquitectura In che modo Zscaler onora la promessa dell’architettura Zero Trust Comment Zscaler honore la promesse de l’architecture Zero Trust How Zscaler Delivers on the Promise of the Zero Trust Architecture Zscaler: eine Lösung, die hält, was Zero Trust verspricht Ofrecer una seguridad incomparable y un valor económico superior con Zscaler Zero Trust Exchange Zscaler Zero Trust Exchange: una sicurezza ineguagliabile con un valore economico superiore Garantir une sécurité inégalée et une rentabilité optimale avec Zscaler Zero Trust Exchange Delivering Unparalleled Security with Superior Economic Value Erstklassige Sicherheit und überdurchschnittlicher wirtschaftlicher Nutzen mit der Zscaler Zero Trust Exchange
ZSCALER WHITE PAPER LEVERAGING A CLOUD ARCHITECTURE FOR BEHAVIORAL ANALYSIS Zscaler, the cloud security leader, combines the benefits of behavioral analysis with the reach of a SaaS-based service to collect and analyze binary files from global clouds, analyze them centrally and ensure that all customers benefit when even a single malicious file is identified. Traditional Sandbox Zscaler Cloud Sandbox Alert Sandbox HQ BRANCH MOBILE MOBILE BRANCH HQ Limited Capacity with no SSL inspection Limited Capacity with no SSL inspection Unlimited Capacity with full SSL inspection Unlimited Capacity with full SSL inspection • Users off network go unprotected • Sandbox allows files to pass and infect • Threat data is often localized and not shared • Easily scale across all users/locations • Inline architecture holds file until clean • Cloud effect shares blocks to all customers Appliance-based APT approaches are limited to protecting employees in the office and are insufficient for protecting the enterprise; road warriors and home-based workers remain exposed to APTs and zero-day attacks. When sandboxing is part of a comprehensive and multi-faceted cloud security solution—as opposed to just being offered as a point product—it is not limited to simply being a detective control highlighting malicious files that were downloaded, but may not have succeeded in compromising end user machines. Zscaler’s advanced security solution provides full SSL inspection and inline blocking; firewalls and tap-mode sandbox appliances can not accomplish this. It provides continuous coverage for any user, anywhere, and Zscaler’s advanced security solution scans every packet, every byte, every time—for both inbound and outbound traffic. It scans all communications to block botnets calling home, cookie stealing and anonymizers, and it provides vulnerability shielding. Zscaler also generates dynamic risk scores based on content and behavior to block zero-day threats. Zscaler has numerous industry partnerships to ensure access to real-time feeds of known compromises, and every transaction is logged in detail for forensic analysis. © Oct 2017 Zscaler, Inc. All rights reserved. ZSCALER WHITE PAPER ADVANTAGES OF ZSCALER’S CLOUD SANDBOX Zscaler identifies and catches threats via a sandboxed analysis of binaries. Zscaler’s Cloud Sandbox includes behavioral analysis, which delivers three key differentiators in the market: Protection of ALL users, including mobile Unlike appliance-based alternatives, Zscaler’s Cloud Sandbox protects all users, including the difficult to follow mobile user, from APTs. By delivering sandboxing from the cloud, protection is alway on and placed closest to the user regardless of location or connection. On or off network, the users connects to the Zscaler Cloud Platform and Sandboxing solution first before accessing the Internet, so all traffic is always being inspected. This architecture far surpasses traditional data center sandbox approaches, as these appliances go blind once the users drops off the corporate network. Immediate Protection with the Cloud Effect Global, unified collection of samples across the Zscaler Cloud Platform ensures that even a single targeted attack against a single victim can automatically improve security protection for all customers globally. Once a threat is confirmed, all Zscaler customers receive worldwide protection from it. We call this the Cloud-effect, and it easily out-paces appliance approaches to keep users safe from new and emerging threats as they are discovered across the globe. Greater Context for Threat Protection The integration of big data, static analysis and behavioral analysis provides a fuller context for threat protection. By combining behavioral analysis and big data analysis, Zscaler enhances traditional behavioral analysis techniques. In traditional behavioral analysis, a sample is analyzed in isolation. In that scenario, while behavioral analysis would uncover the fact that a given sample requested a specific URL when executed, the behavioral analysis engine would have no way of knowing if the request was benign or malicious. Zscaler is able to further interrogate this information by comparing it to all historical transactions to ensure that the behavioral analysis engine benefits from the latest intelligence derived from mining the overall Zscaler cloud. IMPLEMENTING ZSCALER ADVANCED SECURITY With Zscaler, behavioral analysis is not a separate offering, but rather an enhancement of an already powerful advanced security suite. Zscaler Enforcement Nodes (ZENs) are continually collecting suspicious binary files and delivering them to the central behavioral analysis engine. Samples are executed and monitored in controlled environment and malicious behaviors are recorded and analyzed. Collected metadata is compared to intelligence sources, and malicious files are blocked at ZENs. This is accomplished through an automated, six-step process: 1. Fast Pre-Processing – Pre-processing ensures that files are quickly classified to identify those that will benefit from behavioral analysis. Files are divided into those that are portable executable files and those that aren’t, and the portable executable files are then parsed to ensure that they are appropriately formed. © Oct 2017 Zscaler, Inc. All rights reserved.
