Zscaler’s Advanced Security Suite protects your end-users from advanced threats such as APTs. With a wide breadth of analysis and attack mitigation techniques, your end-user security can be automated without adding any hardware nor software.
Zscaler’s Advanced Security Suite provides protection for your end users against threats such as:
- Advanced Persistent Threats (APTs)
- Browser Exploits
- XSS (Cross-Site Scripting)
- Botnet communications (CNC)
Zscaler provides the world’s largest security cloud which allows us to produce the fastest response time for analysis and the fastest time to block known threats immediately throughout the Zscaler network. Some of the more sophisticated advanced threats include Advanced Persistent Threats (APTs). APTs run through a typical lifecycle of 4 components: reconnaissance, initial infection, control, exfiltration.
Stopping APT’s and other advanced threats consists of three key steps for Zscaler’s Advanced Threat Suite:
Stopping the initial attack is the most effective way of minimizing damage from an APT. Here four key elements are combined to create the most effective guard against advanced threats:
Zscaler’s Security Cloud examines inline A/V, black/white lists, various data feeds from other security vendors (eg. Microsoft MAPPS), and complete web content inspection (in and outbound transactions). All this information helps Zscaler determine a page risk index (PRI). The PRI helps determine how to handle a risky transaction: low risk means allow the transaction, medium risk elevates the inspection to more sophisticated methods (eg. behavioral analysis), and high risk immediately blocks the file/transaction.
If an infection has occurred (sometimes through non-monitored guest devices), detection is critical to contain the impact. Zscaler’s approach to detection leverages key technologies:
Full-bidirectional traffic inspection. This ensures that botnet CNC (command and control center) traffic can be detected even if in the initial infected file was not seen. This approach also allows us to ensure anonymized traffic is flagged (a common communication vehicle for malware). Zscaler also leverages its view of over 12 million users with over 12B transactions a day. This data helps create better risk models and reducing false positives.
Forensics and post-event analysis may take time. Zscaler’s products ensure you can mitigate further damage until you are ready for remediation. Features such as online analytics, alerting and event log (SIEM) correlation (through our NSS product [link to NSS]) all help in finding and stopping further damage.
Zscaler’s protection for APT’s looks at both breadth of protection and automated response capability throughout the lifecycle of an APT attack.