sb-au logo
Story image

Zscaler rolls out new Cloud Protection solution

10 Dec 2020

Cloud security company Zscaler has today announced Cloud Protection, its new solution which automates protection for workloads on and between cloud platforms.

The solution, which implements a zero trust approach to cloud workloads, aims to minimise attack surfaces and enforces security across multi-cloud footprints. 

In the announcement, Zscaler singled out four specific components of the solution that users can leverage:

  • Continuously ensure secure configuration and compliance of cloud platforms
  • Eliminate lateral threat movement with identity-based micro-segmentation
  • Simplify and secure app-to-app connectivity within and across clouds
  • Secure access to cloud applications without exposing them to the internet.

“The cloud continues to accelerate digital transformation in every industry, but legacy security paired with cloud speed and agility have dramatically increased risk resulting in far too many security exposures,” says Zscaler senior vice president for cloud protection Rich Campagna.

“The same zero trust principles that allowed Zscaler to revolutionise secure access for users with our platform will transform protection for cloud workloads, tightening security while reducing cost and complexity.”

In large part due to the pandemic, cloud adoption is predicted to grow by over 65% in the next two years. This explosion of growth will come at the expense of adequate cloud security, Zscaler says, with priorities set on rapid digital transformation and cybersecurity an afterthought.

In fact, Zscaler’s ThreatLabZ found the following issues with organisations’ cloud security:

  • Fundamental platform security is lacking, with 63% not using multi-factor authentication, 78% not disabling public access of cloud storage, and 92% not logging events sufficiently for forensic investigation
  • Network security groups are too permissive, with 26%  publicly exposing management interfaces, and 5% of all workloads completely open to the internet
  • Open, flat networks unnecessarily expose organisations to lateral threat movement, with 87% of allowed network paths never used in large segments.

And, according to another Zscaler report published last month, 30% of SSL-based attacks were delivered through trusted cloud providers, with Microsoft being the most targeted brand for SSL-based phishing attacks.

Cyber-criminals continue to become more sophisticated in avoiding detection, the report says, taking advantage of the reputations of other trusted cloud providers such as Dropbox, Google, and Amazon to deliver malware over encrypted channels.

“Cyber-criminals are shamelessly attacking critical industries like healthcare, government and finance during the pandemic, and this research shows how risky encrypted traffic can be if not inspected,” says Zscaler CISO and vice president of security research, Deepen Desai.

“Attackers have significantly advanced the methods they use to deliver ransomware, for example, inside of an organisation utilising encrypted traffic.

“The report shows a 500% increase in ransomware attacks over SSL, and this is just one example to why SSL inspection is so important to an organisation’s defence.”

Story image
CompTIA forms Cybersecurity Advisory Council, led by 16 security execs
The new body will be co-chaired by Tech Data director of security solutions Tracy Holtz, and Alvaka Networks chief operating officer and chief information security officer Kevin McDonald.More
Story image
BackupAssist partners with Wasabi for greater cyber-resilience
This partnership provides customers with an up to 80% less expensive solution that is faster than the competition for achieving enterprise-grade cyber-resilience, the company states. More
Story image
IronNet expands Asia Pacific presence with new strategic partnership
“The combination of M.Tech’s extensive network in Asia Pacific and our unparalleled expertise in threat intelligence and detection will help more enterprises across the region to proactively identify and take down known and unknown threats before they happen.”More
Story image
Entrust acquires HyTrust, with aim to improve data encryption solutions
Entrust says the acquisition will bolster its effort to deliver data protection and compliance solutions to its customers, while accelerating their digital transformations.More
Story image
Emotet remains leading malware in global threat index
The malware has impacted 7% of organisations globally, following a spam campaign which targeted more than 100,000 users per day during the holiday season.More
Story image
Cybersecurity strategies must involve every part of the organisation - study
In the past year, a third of the breaches incorporated social engineering techniques and the cost of a breach caused by a human error averaged to $3.33 million. More