Skip to main content

Zscaler Zero Trust

Overview

Definition

Zero trust is a cybersecurity strategy wherein security policy is applied based on context established through least-privileged access controls and strict user authentication—not assumed trust. A well-tuned zero trust architecture leads to simpler network infrastructure, a better user experience, and improved cyberthreat defense.

Principles

  • Terminate every connection

    • Technologies like firewalls use a “passthrough” approach, inspecting files as they are delivered. If a malicious file is detected, alerts are often too late. An effective zero trust solution terminates every connection to allow an inline proxy architecture to inspect all traffic, including encrypted traffic, in real time—before it reaches its destination—to prevent ransomware, malware, and more.
  • Protect data using granular context-based policies

    • Zero trust policies verify access requests and rights based on context, including user identity, device, location, type of content, and the application being requested. Policies are adaptive, so user access privileges are continually reassessed as context changes.
  • Reduce risk by eliminating the attack surface

    • With a zero trust approach, users connect directly to the apps and resources they need, never to networks (see ZTNA). Direct user-to-app and app-to-app connections eliminate the risk of lateral movement and prevent compromised devices from infecting other resources. Plus, users and apps are invisible to the internet, so they can’t be discovered or attacked.

Architecture

Zscaler's zero trust solution centers around its Zero Trust Exchange platform, which is a cloud-native platform that powers a complete security service edge (SSE) to connect users, workloads, and devices.


At a high-level, the platform architecture has three main steps.

  • Verify identity and context

    • Verify the identity and profile of ther user, device (including IoT/OT), or workload through integrations with third-part identity and access management (IAM) providers. This process also establishes the context of the requesting entity to determine appropriate access levels and any applicable restrictions
  • Control risk

    • Once identity, context, and policy are established, the platform conducts decryption and deep content inspection of all users, workload, and device traffic to identify and block any malware as well as prevent exfiltration of sensitive data.
  • Enforce policy

    • Finally, the platform dynamically computes a risk score for the user, workload, or device that determines whether to allow or restrict it. If the entity is allowed, the platform establishes a secure connection to the internet, SaaS app, or IaaS/PaaS environment. This keeps internal applications invisible to the internet, eliminating the attack surface.

Top Resources