SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Zscaler rolls out new Cloud Protection solution
Thu, 10th Dec 2020
FYI, this story is more than a year old

Cloud security company Zscaler has today announced Cloud Protection, its new solution which automates protection for workloads on and between cloud platforms.

The solution, which implements a zero trust approach to cloud workloads, aims to minimise attack surfaces and enforces security across multi-cloud footprints.

In the announcement, Zscaler singled out four specific components of the solution that users can leverage:

  • Continuously ensure secure configuration and compliance of cloud platforms
  • Eliminate lateral threat movement with identity-based micro-segmentation
  • Simplify and secure app-to-app connectivity within and across clouds
  • Secure access to cloud applications without exposing them to the internet.

“The cloud continues to accelerate digital transformation in every industry, but legacy security paired with cloud speed and agility have dramatically increased risk resulting in far too many security exposures,” says Zscaler senior vice president for cloud protection Rich Campagna.

“The same zero trust principles that allowed Zscaler to revolutionise secure access for users with our platform will transform protection for cloud workloads, tightening security while reducing cost and complexity.

In large part due to the pandemic, cloud adoption is predicted to grow by over 65% in the next two years. This explosion of growth will come at the expense of adequate cloud security, Zscaler says, with priorities set on rapid digital transformation and cybersecurity an afterthought.

In fact, Zscaler's ThreatLabZ found the following issues with organisations' cloud security:

  • Fundamental platform security is lacking, with 63% not using multi-factor authentication, 78% not disabling public access of cloud storage, and 92% not logging events sufficiently for forensic investigation
  • Network security groups are too permissive, with 26%  publicly exposing management interfaces, and 5% of all workloads completely open to the internet
  • Open, flat networks unnecessarily expose organisations to lateral threat movement, with 87% of allowed network paths never used in large segments.

And, according to another Zscaler report published last month, 30% of SSL-based attacks were delivered through trusted cloud providers, with Microsoft being the most targeted brand for SSL-based phishing attacks.

Cyber-criminals continue to become more sophisticated in avoiding detection, the report says, taking advantage of the reputations of other trusted cloud providers such as Dropbox, Google, and Amazon to deliver malware over encrypted channels.

“Cyber-criminals are shamelessly attacking critical industries like healthcare, government and finance during the pandemic, and this research shows how risky encrypted traffic can be if not inspected,” says Zscaler CISO and vice president of security research, Deepen Desai.

“Attackers have significantly advanced the methods they use to deliver ransomware, for example, inside of an organisation utilising encrypted traffic.

“The report shows a 500% increase in ransomware attacks over SSL, and this is just one example to why SSL inspection is so important to an organisation's defence.