Zscaler Advanced Persistent - Defense-in-depth Protection Against Zero-day and Advanced Persistent Threats.
Solution
Zscaler Internet Security
Defense-in-depth, in-line and automated
Hackers are coming after your people, systems, and data with custom-tailored zero day and advanced threat attacks designed to exploit your vulnerabilities and bypass your existing security. With Zscaler APT Protection, you can now protect your organization from these sophisticated threats with a multi-layered "protect-detect-remediate" defense framework, including advanced "signatureless" behavioral analysis and forensics capabilities.
Zscaler Advanced Persistent is unlike security appliances, Zscaler is always in-line with your Internet traffic, bi-directionally inspecting every byte, including inspecting traffic encrypted with SSL and automatically blocking malware, quarantining infected devices, preventing botnet communications and stopping data exfiltration attempts
Protect, Detect, Remediate Defense Framework
The Protect-Detect-Remediate defense framework is a best practices approach for defending against APTs. Zscaler provides the only solution that can provide a complete, integrated protect-detect-remediate defense for any IP enabled device in your organization.
Protect
In this phase, it's important to stop infections from happening by identifying and blocking inbound threats such as zero-day malware, worms, viruses, trojans, malicious URLs, infected IP addresses, etc.
Key steps Zscaler takes to protect your environment:
- Inspect and block threats with inline scanning
- Inspect ALL web traffic, including SSL
- Stop zero-day attacks with behavioural analysis
- Stop known malware threats
- Shut down browser vulnerabilities
- Stop known malicious URL threats
DETECT
Eventually either through malicious insiders or gaps in your defense, infections will invariably occur. At this phase, you need to be able to detect infections, data exfiltration attempts, and intercept communications from a botnet to its command and control (CNC) server.
Zscaler can detect outbound traffic from your environment to:
- Identify communications by compromised devices
- Identify botnet and stealth behavior
- Leverage cloud data to identify CNC servers
- Alert on suspicious port/protocol usage
Protect
Once a threat has been identified, it is critical to immediately contain further damage by blocking CNC communications and stopping all data exfiltration. Then the security team can correlate data and run forensics to identify the affected systems and do a root cause analysis and heal the infections.
Specifically, Zscaler, because it is a cloud-based service, can immediately help you remediate by:
- Blocking data exfiltration
- Stopping unauthorized communications
- Blocking communications by infected devices
- Understanding malware behaviour for remediation
- Locating infected devices and understand attack patterns
Protect Headquarters, Branch Offices and Road Warriors, All from the Cloud
APT attackers research and target the most vulnerable parts of your infrastructure, and many organizations have critical gaps in protecting IP enabled devices, remote offices, road warriors and mobile devices. Zscaler APT Protection is designed to protect all of your users and all of your Internet enabled systems, wherever on the planet they happen to be located – from the cloud. Our massive cloud-based security platform has 12 million users and sees 12 billion transactions a day, so we can deliver the fastest threat analysis and the highest catch rates coupled with the lowest false positives and the fastest time to block threats across our user network.