Are Your Appliance Based Security Solutions Ready For 2048-bit SSL?

Dr. Amit SinhaExecutive Vice President of Engineering and Operations, CTO

©2012 Zscaller, Inc. All rights reserved.

Panelist

Dr. Amit Sinha is skilled entrepreneur and leader, having driven research and development of disruptive security and wireless technologies for multiple market-leading organizations, including

Zscaler, Motorola, AirDefense and Engim. He holds 27 US patents and has contributed to three books and dozens of conference and journal papers.

Amit Sinha,Executive Vice President, of Engineering and Cloud

Operations, Chief Technology Officer

Zscaler

Webcast Logistics

To send us questions during the sessions:• Type the question in the Q&A or Chat Window provided in WebEx. We

will answer questions at the end of the webcast.

Any Technical Issues?• Email: webcast@zscaler.com

Complete the survey at the end of the webcast

• The Survey will appear in your browser at the end of the session

Agenda

‣Why Security Socket Layer (SSL) Encryption

‣SSL Challenges & Trends

‣Upgrading 1024 to 2048-bit SSL: The Mandate

‣Upgrade Implications For Appliance Based Security

‣How Zscaler Secures Enterprises

‣Benefits of Direct to Cloud

‣Q & A

5

What is SSL?

• Widely used on the Internet for authenticating sites and providing encrypted traffic exchange

SSL Traffic is Exploding

‣ Internet is moving to default SSL (Google, Facebook, etc.)

‣ SSL puts lots of load on systems and security infrastructure

SSL Perfo

rmance

Requirement

Banking

Enterprise

Webmail

Social Networking

Search

SSL

on In

tern

et

Login Transactions All

App Coverage

Enterprise Attacks Shifting from Servers to Users

‣ Mobility and cloud make users vulnerable – any place, any device, direct to net

‣ Malware can be delivered over SSL

‣ Botnets call home over SSL

‣ Enterprise visibility and control is missing

Direct server attacks: RareServers: stationary, consolidated

behind FWs

Users: the BeachheadUsed to attack servers

Are your USERS SECURE EVERYWHERE?

Upgrading 1024 to 2048-bit SSL: The Mandate

▶ All existing 1024-bit certificates must be replaced with 2048-bit SSL certificates by December 31, 2013

Perf

orm

ance

Security

1024bit

2048bit

80% Performance Drop▶ Better Security ▶ 5X Performance

Degradation

9

Can Your Security Appliance Handle This?

‣How do you deal with mobile users and many distributed office locations?

‣Are your cloud applications like Office365, Box, Google Apps, etc. bottlenecked?

‣Are you scanning SSL traffic?– If NOT, you have a BIG security/visibility GAP

‣Do you use appliance based proxy servers?

‣Can your appliance handle SSL interception with 2048-bit?

The Zscaler Direct-to-Cloud Network

Secure access to leading cloud, mobile and social applications

Branch Offices

RegionalOffices

On-the-go

Home or Hotspot

Headquarters

What Does Zscaler Do?

Block the bad, protect the good

Global check post Enforces business policy

NO HARDWARE | NO SOFTWARE

Mobile & Distributed Workforce

Regional Office

Home or Hotspot

HQ

On-the-go

Cloud Services

Social Media

Cloud Apps

Mobile Apps

Botnet

Exploits

Zscaler’s Global Network of 100+ Datacenters

Active Data Centers

October 2013

Amsterdam

Los Angeles

Mexico City

Chicago I, IIToronto

New YorkWashington DC I, II

Atlanta I, IIMiami

Sao PauloJohannesburg

Oslo

Frankfurt I, IIGdansk

StockholmMoscow

Mumbai

Singapore

Sydney

Hong Kong

TokyoMadrid

TaipeiDubaiKuwait City

Cape Town

San FranciscoSunnyvale

Santiago

AmmanDallas I, II

DenverParis

LondonBern

Chennai

RiyadhCairo

Lima

Kuala Lumpur

©2013 Zscaler, Inc. All rights reserved.12

How Zscaler Works

‣ Easy to deploy and manage – no hardware, no software.‣ Zscaler provides global infrastructure. You retain full control.‣ Comprehensive security and control of Internet access

including SSL.

©2013 Zscaler, Inc. All rights reserved.13

Regional Office

HQ

Internet

EMAIL

WEB

Define Policy at a central portal Admin

Forward traffic(Configure FW or router)

Enforce policy bi-directionally

Home or Hotel

Same policy for mobile users

Real-time Visibility

Admin

Zscaler Inspects Full Web Transactions

Domain Path Parameters

HTML Images Scripts XML

Cookies Body

RIA

https://facebook.com/profile.php?id=x

Response

• Most vendors analyze only domain and block based on a black list

• Domain represents < 5% of a total URL

Request

ActiveX Controls & Browser Helper Objects

Windows Executables& Dynamic LinkLibraries

Java Applets &Applications

JavaScript (HTML, PDF, stand-alone).

Visual Basic forApps. Macros in Office documents

Visual Basic Script

HTML

• URL represents < 1% of a total page

• Most newer threats are hidden in the pages being served and require full page inspection

Zscaler Provides Full SSL Scanning Capabilities

1. Client/Proxy Handshake

2. Proxy/Server Handshake

3. Certificate check

4. Website sends encrypted (SSL) content

5. Decrypted content sent to the Content Engine

6. Filtered content sent to proxy

7. Re-encrypted content sent to user

Users

Web Servers

1 2

47

3

56

Content Inspection Engine

Internet

Zscaler SSL Controls ‣ Option to enable SSL Interception‣ Bypass SSL Interception for Sites/Categories (e.g.

banking)‣ Block Sites/Categories when SSL is not decrypted‣ Allow/Deny untrusted certificates‣ Option to use custom root certificates

Zscaler Security Cloud is Already Upgraded to 2048-bit

Most proxy vendors don’t do SSL interception –performance overhead

Moving from 1024 to 2048 bit is an additional 5X performance drop

Zscaler seamlessly enabled 2048-bit SSL across its cloud using hardware acceleration which improved SSL performance 25X

Customers did not have to upgrade hardware or software

Cloud Running 1024-bit SSLNo Hardware Acceleration

Cloud Running 2048-bit SSLAfter Upgrade with Hardware Acceleration

SSL

Upg

rade

SSL

Upg

rade

17

Zscaler Solution Benefits

Antivirus

Advanced Threats

Unified Policy

Global, Real-time Analytics

URL Filtering

Social Media & cloud Apps

BW control

Local Internet breakout

Regulatory Compliance

IP Protection

Can It Scale?

18

The name Zscaler stands for the Zenith of Scalability

Every day Zscaler processes more than 12 billion transactions through our cloud from 12 million users across 4,500 customers in 180 countries

Zscaler cloud operates in 100+ datacenters across 12 world class service providers

400M Tweets Per Day

5B Searches Per Day

4.7B Likes Per Day < 12B Transactions Per Day

* October 2013 Statistics

Summary

▶ Cloud, Mobile and Social Networking are powerful trends transforming Enterprises

▶ Internet is moving to SSL, everything is over HTTP(S) ▶ Attacks have shifted from servers to users▶ New standards mandate shift from 1024 to 2048-bit

SSL starting 1st Jan, 2014 (80% performance drop)▶ Traditional appliance based security is ineffective▶ Zscaler is transforming enterprise security with the

world’s largest Security Cloud

20

Q & A

Thank You! Next Steps

Register for a Free Trial http://www.zscaler.com/freeevalution.php

Register for a Personalized Demohttp://www.zscaler.com/onlinedemo.php

Register for a Webinar/Live Demo http://www.zscaler.com/webinars.php

©2013 Zscaler, Inc. All rights reserved.21