Protecting users in today’s distributed, mobile-first environment requires pervasive visibility and control irrespective of the users’ location or device. Zscaler acts as a global security check post in the cloud between the user and the Internet.
By sitting in-line between the user and the internet, and inspecting all traffic bi-directionally, Zscaler provides protection across the whole range of security threats including malicious URL requests, virus, adware, spyware, botnets, cross-site scripting (XXS) and more.
Zscaler layered approach to security starts with the basics of URL filtering and anti-virus protection. URLs are filtered by global reputation—against more than 90 categories, 30 super categories, and 6 classes. Organizations can limit their exposure to liability by managing access (allow, block or limited access) in real-time by users, groups and/ or locations.
However, inspecting the URL of the page is just not enough as URL represents less than 1% of the page content. Today’s sophisticated hackers use ‘reputable’ sites to serve malicious content. User generated content is another example of a new threat vector that is growing exponentially. Zscaler does not use the concept of a ‘trusted website’. It inspects the full URL, complete request parameters, all headers, cookies, full response content and all attachments even for SSL encrypted traffic. This allows Zscaler to detect threats even when the URL or website appears benign.