sb-nz logo
Story image

Zscaler rolls out new Cloud Protection solution

10 Dec 2020

Cloud security company Zscaler has today announced Cloud Protection, its new solution which automates protection for workloads on and between cloud platforms.

The solution, which implements a zero trust approach to cloud workloads, aims to minimise attack surfaces and enforces security across multi-cloud footprints. 

In the announcement, Zscaler singled out four specific components of the solution that users can leverage:

  • Continuously ensure secure configuration and compliance of cloud platforms
  • Eliminate lateral threat movement with identity-based micro-segmentation
  • Simplify and secure app-to-app connectivity within and across clouds
  • Secure access to cloud applications without exposing them to the internet.

“The cloud continues to accelerate digital transformation in every industry, but legacy security paired with cloud speed and agility have dramatically increased risk resulting in far too many security exposures,” says Zscaler senior vice president for cloud protection Rich Campagna.

“The same zero trust principles that allowed Zscaler to revolutionise secure access for users with our platform will transform protection for cloud workloads, tightening security while reducing cost and complexity.”

In large part due to the pandemic, cloud adoption is predicted to grow by over 65% in the next two years. This explosion of growth will come at the expense of adequate cloud security, Zscaler says, with priorities set on rapid digital transformation and cybersecurity an afterthought.

In fact, Zscaler’s ThreatLabZ found the following issues with organisations’ cloud security:

  • Fundamental platform security is lacking, with 63% not using multi-factor authentication, 78% not disabling public access of cloud storage, and 92% not logging events sufficiently for forensic investigation
  • Network security groups are too permissive, with 26%  publicly exposing management interfaces, and 5% of all workloads completely open to the internet
  • Open, flat networks unnecessarily expose organisations to lateral threat movement, with 87% of allowed network paths never used in large segments.

And, according to another Zscaler report published last month, 30% of SSL-based attacks were delivered through trusted cloud providers, with Microsoft being the most targeted brand for SSL-based phishing attacks.

Cyber-criminals continue to become more sophisticated in avoiding detection, the report says, taking advantage of the reputations of other trusted cloud providers such as Dropbox, Google, and Amazon to deliver malware over encrypted channels.

“Cyber-criminals are shamelessly attacking critical industries like healthcare, government and finance during the pandemic, and this research shows how risky encrypted traffic can be if not inspected,” says Zscaler CISO and vice president of security research, Deepen Desai.

“Attackers have significantly advanced the methods they use to deliver ransomware, for example, inside of an organisation utilising encrypted traffic.

“The report shows a 500% increase in ransomware attacks over SSL, and this is just one example to why SSL inspection is so important to an organisation’s defence.”

Story image
rhipe acquires emt Distribution, with aim to expand into enterprise market
The acquisition will enable rhipe to deliver a comprehensive portfolio of end-to-end security capabilities to its partners, the company says.More
Story image
Attivo Networks expands Active Directory suite for greater protection
"We see Active Directory exploitation used in the majority of ransomware, insider and advanced attacks. We are pleased to now offer our customers early and efficient solutions for preventing the misuse of Active Directory.”More
Story image
Why a more secure organisation is a collective responsibility
With vast volumes of data moving to the cloud, many IT professionals are frequently challenged to protect their enterprise environment, and there is a greater focus being placed on advancing cybersecurity strategies.More
Story image
Over a third of New Zealanders fell victim to cybercrime in the last year
"As we connected to the internet for everything from work and school to entertainment, social connection and even groceries, cybercriminals took advantage and launched coordinated attacks and convincing scams."More
Story image
Hybrid IAM solutions are the way of the future, study states
“As this first-of-its-kind research shows, while IT leaders are faced with unique criteria and conditions that shape their IT strategy, hybrid IAM has emerged as a necessity."More
Story image
Imperva unveils new data security platform built for cloud
"The cloud has revolutionised IT, offering organisations a strategic opportunity to rapidly pursue new market initiatives and adapt their operations in the face of new business challenges."More