ZSCALER TEMPLATE - OSSIR

Présentation à l’OSSIR14 Sept. 2010Frederic Benichou,Damien Chastrette,directeur Europe du Suddirecteur technique1Copyright © 2009-2010 Zscaler CONFIDENTIAL

Agenda• Zscaler: société• Défis du filtrage Web• Réponse Cloud / mode SaaS• Briques technologiques et Architecture Cloud Zscaler• Distribuée et Multi-tenant• Fonctionnalités• Sécurité• Contrôle d’usage• DLP• Reporting et analyse de logs2Copyright © 2009-2010 Zscaler CONFIDENTIAL

Zscaler, la sociétéFocusUnique• Fondée en 2007 dans la Silicon Valley. Equipe de très forte expérience• Focus unique: Services de Sécurité “in-the-Cloud”ServicesIntégrés• Services intégrés web et email “security-as-a-service (SaaS)”• Permet d’éliminer les produits ponctuels et de réduire les coûtsTechnologiesRevolutionairesClientsCouvertureGlobale• Conçu pour le SaaS – pas une techno standard dans des data centers• Architecture multi-tenant; latence quasi-zero, support des nomades• Protège plus d’1 million d’utilisateurs depuis 140 pays• Plus de 300 entreprises, dont des noms prestigieux et Fortune 500• Le plus grand client: 300,000 utilisateurs• Equipes commerciales et support dans 15 pays• Réseau global – plus de 40 data centers dans le mondeReconnaissancesMost Visionary3Copyright © 2009-2010 Zscaler CONFIDENTIAL

Zscaler: Sécurité Cloud pour Web et EmailPermet d’imposer des politiques de sécurité et de contrôle d’usagepour l’accès à Internet (Web et Email)UsersMobile, various devicesInternetMission-critical for businessOfficeHomeInternet Access &CommunicationWebZscaler ServiceHotelAirportMobilephoneEmailEnforce businesspolicyTout utilisateur, toutterminal, partoutFourni commeservice Cloud, global4Pas de hardware, pas de software! Pas d’investissement initial;Déploiement facileCopyright © 2009-2010 Zscaler CONFIDENTIAL

Zscaler – Expertise sécurité• Equipe de recherche en Sécurité• 9 personnes – en Californie et en Inde• Sous la direction de Michael Sutton, expert reconnu de l’industrie• Voir blog de sécurité: http://research.zscaler.com• Exemples de protection « zero-day »:http://www.zscaler.com/security-advisories.html• Partenariat avec une douzaine de sociétés de sécurité pour les feedsen temps réel et échange d’informations de vulnérabilité, notammentMicrosoft (programme MAPPS)5Copyright © 2009-2010 Zscaler CONFIDENTIAL

Quelques références dans le mondeTrusted By The World’sMost Respected CompaniesAwarded & Recognized By TheWorld’s Most Respected AnalystsGerman InsuranceFrench FashionFrench FinanceUS BeveragesUK/AU MediaJapanese AutomotiveMost VisionaryUS HealthcareIndian Services6Copyright © 2009-2010 Zscaler CONFIDENTIAL

Zscaler dans l’analyse Magic Quadrant de GartnerZscaler: jugé comme le plus “Visionnaire” dans l’analyse MQ de Jan. 2010sur les “SWG” (“Secure Web Gateways”)http://www.gartner.com/technology/media-products/reprints/zscaler/172783.html“All reports are based on live data andallow drill down into detailed log.”“The policy manager is very easy touse ….. follows roaming users, allowsservice at the nearest node.”“*Zscaler+ offering already has the largestglobal footprint of data centers.”“Zscaler is a very strong choice for any organization interested in a Secure Web Gateway.”Source: Gartner7Copyright © 2009-2010 Zscaler CONFIDENTIAL

Défis des entreprisesliés aux flux Web8Copyright © 2009-2010 Zscaler CONFIDENTIAL

Défis du Web 2.0: Sécurité, Contrôle, et Visibilité / reportingMenaces de SécuritéContrôle des usages / prévention des abusViruses, Worms(signature)Botnets , XSS,Active Content, PhishingCan’t be detected with signaturesURL FilteringStatic list (almost)Allow or blockWeb 2.0 – User created contentSocial Sites, Streaming, Webmail, IMEnterpriseUsersAnti-virus et catégorisation malware limitésVisibilité/ Reporting / Analyse consolidée des logsFiltrage d’URL traditionnel atteint ses limites avecle Web 2.0RoadWarriorWeb 1.0Read OnlyMobile DevicesNo DLPFuites d’informationWeb 2.0Users can send and post contentDLP: Blogs, Webmail, IMProblèmes de Bande PassanteNo bandwidthissues: HTMLpagesStreaming & P2PPublic InternetBandwidth hungry apps(last mile)Un risque réel pour l’entrepriseBesoin de prioritiser les flux Web (ex. streaming vs. pro.)9Copyright © 2009-2010 Zscaler CONFIDENTIAL9

Comment le système Cloud Zscaler fonctionneHQ UsersProxyCaching+ URL1AVBotnets +MalwareDefines company policyForward traffic to cloud4Appliances have limited functionalityCLEAN traffic to userForward Traffic: to the nearest ZEN or gateway.zscaler.netDataLeakageDirectoryWeb 2.0ControlSecureWebmail,IMWeb LogsBandwidthControlZscaler UtilityManageComplyAnalyzeInspect & enforce policyConsolidated Reporting??32Inspect pages being returnedRemote Office(s)RoadWarriorMobileUserBypass appliances & policy (VPN???)• 2 grands sujets techniques pour le déploiement:• Traffic Forwarding• Authentification des utilisateurs10Copyright © 2009-2010 Zscaler CONFIDENTIAL

Fonctionnalités ZscalerMANAGECloud WebServicesBrowserControlAdvancedThreatProtectionAnti-Virus& Anti-SpywareURLFilteringWeb 2.0ControlPolicy &ReportingBandwidthControlData LossPreventionForensics &DataMiningTechnologies10 GBPSProxyShadowPolicy TM NanoLog TM TransparentAuthenticationInfrastructure40+ DataCentersWorldwideHighReliabilityand AvailabilityNear-ZeroLatencyPrivacyand DataSecurity11Copyright © 2009-2010 Zscaler CONFIDENTIAL

Cloud Security Multi-tenantArchitecture12Copyright © 2009-2010 Zscaler CONFIDENTIAL

Zscaler Architecture: Multi-tenant, DistribuéeZscalerEnforcement Node1ZEN12 Point de passage versInternet, Filtrage destrames, exécution despolitiquesCerveau du Cloud,Politiques, Mises à jour,GUI, Authent, Santé duCloudCentral AuthorityNanoLogZEN24Les logs sont envoyés/ consolidés auNanoLog en tempsréel3ZEN3Un utilisateur va de City A àcity B: sa politique le suit, sontrafic est redirigé vers lenoeud ZEN le plus proche• Multi-tenant : les utilisateurs ne sont pas attachés à un data center en particulier• Multiples bureaux, nomades et mobiles• “FollowMe Policy”: la politique d’un utilisateur le suit et s’applique à lui partout et toujours• Mise à jour immédiate de tous les ZENs face à une menace ou pour une politique.• Technologie “NanoLog”: Logs consolidés et corrélés en temps réel, interrogeables en qq. Sec.Temps de réponse rapides, et Haute Disponibilité13Copyright © 2009-2010 Zscaler CONFIDENTIAL

Le Cloud le plus global: environ 40 Data CentersStockholmTorontoLondonFrankfurtMoscowFremontChicagoDallasMontereyMexico CityNYCWash. DCAtlantaParisBernMadridTel AvivDubaiMumbaiBeijingHong KongTokyoBogotaSingaporeData CentersComing ShortlySao PaoloAdelaideBuenos AiresJohannesburg• FollowMe policy ensures company policy is enforced no matter where you areBenefits: 1. Near-zero latency; 2. High reliability; 3. BW savings (no backhauling)14Copyright © 2009-2010 Zscaler CONFIDENTIAL

Fonctionnalités:Sécurité15Copyright © 2009-2010 Zscaler CONFIDENTIAL

Why Traditional Technologies No Longer Work• URL Categorization• Domain Control List• Virus• Spyware• Unauthorized Apps• Tunneling Protocols• Malicious ActiveContent, Botnets, XSS• User generated pagesBlack ListingSignature MatchHeader InspectionContent InspectionKnowledge ofDestinationKnowledge ofPayloadKnowledge ofApplicationKnowledge ofContent (Body)www.google.comHashHashHeaderBodyRequestResponseFull Content (page) inspection is required to detect today’s threats“AV signatures or URL filtering is obsolete for newer threats.High-speed scanning of content/pages is needed.” -- Gartner16Copyright © 2009-2010 Zscaler CONFIDENTIAL

Zscaler Inspects Full Request & Response• Most vendors analyze onlydomain and block based on ablack list• Domain represents < 5% of atotal URL• URL represents < 1% of atotal page• Most newer threats arehidden in the pages beingserved and require fullpage inspectionDomain Path Parametershttps://facebook.com/profile.php?id=xCookiesHTML Images Scripts XMLActiveXControls &BrowserHelper ObjectsWindowsExecutables& Dynamic LinkLibrariesRequestResponseJavaApplets &ApplicationsJavaScript(HTML, PDF,stand-alone).Visual Basic ScriptBodyRIAVisual Basic forApps. Macrosin OfficedocumentsHTMLAnalysis of Request/Response is critical but can introduce latency17Copyright © 2009-2010 Zscaler CONFIDENTIAL

Traditional Reputation Score Ineffective for Web 2.0Page ReputationDomain ReputationWeb 2.0Identify maliciouspages (content)dynamicallyIP ReputationEmailIdentify serversknown to send orproxy spam email• Works reasonablywell• Spam sourcesrelatively staticWeb 1.0Identify domainshosting maliciouscontent• Worked well for Web1.0 when web pageswere static• With Web 2.0’s usergenerated content, itdoes not work(domain may begood, specific pagesmay be malicious)2005 2006 2007 2008 2009• Risk Index iscreated for eachpage in real time• Requiresinspection of webpages• Effective if latencycan be minimized“Site reputation is nolonger a useful measure”201018Copyright © 2009-2010 Zscaler CONFIDENTIAL

Integrated & Comprehensive Threat DetectionZscaler uses dynamic PageRisk to detect threats accuratelyReal-Time In-line AnalysisUsersKnowledge of DestinationDomain /URL MatchDestinationReputationKnowledge of PayloadSignature MatchingExecutable FilesSSLPageRiskSSLInternetHeader InspectionTunneling ProtocolsUnauthorized AppsContent Inspection ofeach objectJavaScript, ActiveXKnowledge of ApplicationKnowledge of ContentNew URLsBased upon # ofhitsNew SignaturesUsing multipleenginesNew PatternsAnomalousPatternsOffline Data Mining – The Cloud Effect19Copyright © 2009-2010 Zscaler CONFIDENTIAL

Zscaler: Comprehensive Detection TechnologiesZscaler Security TechnologiesData Mining• Network effect• Identify emergingthreatsOffline Scans• Multiple Engines• Continual Scans• URL DB updatesURL Database• Continuouslyupdated• ProprietaryPattern Match• Custom signatures• Real time• High speedMalicious Content• Real time,in-line detectionAllowBlockSafe Suspect Risky0 100Malicious URLS• Feed #1• Feed #2Phishing• Feed #3• Feed #4Botnets• Feed #5• Feed #6AV Signatures• Inline – Feed #7• Offline - Feed 8 & 9Vulnerabilities• Feed #10• Feed #11• Feed #12Third-Party TechnologiesCombination of internal research & best external feeds results in the best threat detection21Copyright © 2009-2010 Zscaler CONFIDENTIAL

Browser ControlChallenge:Hackers are exploiting browsers to infect users’ computer. Older and unpatchedbrowsers are vulnerable.“There are more browser capabilities to be exploited, more potential for vulnerabilities.”Enforce browser policy: browser versions, patches, plug-ins & applicationsSolution:IEMissing patchesZscaler Policy EnforcementFirefoxSafariOperaVulnerable Plug-inBrowser Versione.g. IE 6 & Firefox3.0.10 are vulnerablePlug-in/Extension3 rd party plug-ins arevulnerableBrowser Patchese.g. Google’s patchesto secure ChromeApplicationsBrowser becoming anapplication platform• Configurable scans frequently (daily, weekly, monthly, etc)• Warn if outdated or vulnerable• No client-side software or download requiredBenefit:Reduce security risk with least effort (centrally configured)22Copyright © 2009-2010 Zscaler CONFIDENTIAL

Fonctionnalités:Manage23Copyright © 2009-2010 Zscaler CONFIDENTIAL

Zscaler ManageChallenge:Solution:“URL Filtering is mostly reactionary. It has a fundamental flaw to bean effective security filter; it does not monitor threats in real time.”“Internet bound traffic should be inspected for more than URL”filtering. Web 2.0 applications require granular policies for control.Granular control of Web 2.0 applications. Policies by location, user, group,location, time of day, quotaURL Filtering• URL DB, multiple languages• Enforcement by URL, notdomain, Safe Search• Real-time Dynamic ContentClassification• 6 classes, 30 super categories,90 categoriesEnforce traditional URLpolicies at low TCOWeb 2.0 Control• Action-level control for Socialsites, Streaming, Webmail & IM• Allow viewing but blockpublishing• Allow webmail but not fileattachmentsEnable use of Web 2.0 withright access to right usersBandwidth Control• 40 – 50% of BW is consumed bystreaming• Enforce policies by type of webapplication• Ensure enough BW to missioncritical appsTangible savings due toproper use of BW (last mile)Right access to right resources to empower users and optimize resource use24Copyright © 2009-2010 Zscaler CONFIDENTIAL

Manage - Managed Access to Web 2.0Challenge:“ ”The advances in Web 2.0 technologies require a new generation of Web security tools thatgo well beyond traditional URL filtering.“Discerning one app from another is far from just a URL recognition game”Solution:Managed access - Granular policies by action, location, group, etc.SaaS ServiceUsersIMChat File Transfer WebmailEmail Attachment InternetStreaming SitesView/Listen UploadSocial Networks, BlogsView Publish Benefits:Provide right access to right users25Copyright © 2009-2010 Zscaler CONFIDENTIAL

Manage - Policy-based Bandwidth ControlChallenge:Solution:40% - 50% of bandwidth is consumed by streaming applicationsBandwidth allocation by application typeFinancial AppsMin.15%, Max 50%ZscalerGeneral SurfingMin 10%, Max 30%UsersInternetStreaming MediaMin 0%, Max 10%Sales AppsMin 15%, Max 50%Benefits:Right applications get the right bandwidth; cost saving26Copyright © 2009-2010 Zscaler CONFIDENTIAL

Fonctionnalités:Data Leakage Prevention27Copyright © 2009-2010 Zscaler CONFIDENTIAL

Comply - Data Leakage Prevention (DLP)ChallengeSocial networks, Blogs, Webmail/IM are easily accessible from any browser and aredangerous backdoors. May lead to accidental or intentional leakage of proprietaryand private information.SolutionDefine Policy - IP Leakageor regulatory complianceDetect violations - DLPdictionaries and enginesUserswebmailblogfile uploadSales dataDefinePolicyEngineDetectIMCredit cardsEnforceEnforce by location, user, appAllow or block. NotifyBenefitsRapid deployment. Highly accurate, Ultra-low latency, Complete inlineinspection (not a tap node)28Copyright © 2009-2010 Zscaler CONFIDENTIAL

Fonctionnalités:Reporting & log analysis29Copyright © 2009-2010 Zscaler CONFIDENTIAL

Reporting interactif: 5 Avantages uniques1Real-time log consolidationacross the globeInternet usage by LocationUsage trend by department2Top Internet UsersReal-time interactive analysisOverall usage for Social NetworksWebmails sent and viewedSocial Networks usedTop applications for: guest3Real-time correlation across apps– email, web, DLP, security, etc.5NanoLogTechnologyQuery Response time4Full drill-down from any view totransaction level within SECONDS2hours2secsOthers ZscalerResponse Time30Analyse interactive du reporting et des logsCopyright © 2009-2010 Zscaler CONFIDENTIAL

Multiple and Easy Traffic Forwarding OptionsGRE TunnelingPrimary TunnelSecondary TunnelTertiary TunnelCreate a GRE tunnel to forward Port80/443 traffic our SaaS ServiceForward ProxyChainingWebproxyForward port 80/443 traffic fromSquid, ISA, Bluecoat, etc.Proxy / PAC FilePAC File/Explicit Browser to SaaS ServiceBrowser based PAC file or explicit proxysetting support Road Warriors31No device needed on customer premise, no software to deploy.Simply forward the traffic from each location to ZscalerCopyright © 2009-2010 Zscaler CONFIDENTIAL

Questions / Réponsesdamien@zscaler.comfbenichou@zscaler.com32Copyright © 2009-2010 Zscaler CONFIDENTIAL