DNS security is important. But, in today’s world of dynamic cloud environments (AWS and Azure), content delivery networks (CDNs) and crowdsourced content and advertisements, looking only at the domain name is not a complete indicator of security. “Grey” domains are no longer the exception, they have become the norm. Join this webcast to explore the risks of relying on DNS-only based solutions and ways to add security to your DNS traffic without sacrificing performance or additional security insights.
21. 125 Total Objects requested
Personalized content from CDN
Content hidden in SSL Traffic
JavaScript, CSS, & Images loaded
125 Potential Threats
Jay Leno on NBC.com
But Are We still Vulnerable?
Trusted Sites are More Dangerous than Expected
22. It’s Not Just Compromised Trusted Websites
Cisco VNI Report
Estimated to be ~60% (or
greater) of all Internet
traffic
CDNs File Sharing
Box, Dropbox, Google
Drive, etc.
amazonaws.com,
tumblr.com,
wordpress.com etc.
Hosting Providers
DNS Only Security is also blind to…
Modern advanced persistent threats required a “Zero Trust” posture where
every possible byte is scanned to ensure clean pipes to the internet“ ”
23. SSL Inspection Matters
2018 Google Transparency report
of traffic across Google is
encrypted
91% 54%
2016 ThreatLabZ Research
of advanced threats hide
behind SSL
Ironically, increased use of SSL in attempt to make our online lives more
secure can create ‘blind spots’ that can actually reduce security…
NSS Labs
“ ”
Ignoring the issue is not an option
Sources: 1Google Transparency Report 2018
Source: 2Pirc, John W., “SSL Performance Problems: Significant SSL Performance Loss Leaves Much Room for Improvement,” NSS Labs, 2013.
32. Zscaler Internet Access
watch the video
Transform the way you
deliver internet and web
security
visit zscaler.com
Learn more about Zscaler
Secure Remote Access to AWS
Your Users Will Love
Transform your Microsoft
Office 365 and MCAS
deployments with Zscaler
Thank You!
Questions and Next Steps
Patrick Foxhoven
Chief Information Officer & Vice
President of Emerging Technologies
p@zscaler.com | @pfoxhoven
Other Webcasts
zscaler.com > resources > webcasts and live demos
Tuesday, Feb 27th, 2018
Americas - 10:00 am PST
Thursday, Feb 22nd, 2018
Americas - 10:00 am PST
And enabling SSL inspection further exasperates the problem.
Can you inspect SSL-encrypted traffic for all users? Hackers are betting you can’t.
As the overall percentage of encrypted traffic explodes to as much as 86% of traffic to Google, it is becoming vital to do SSL inspection to ensure security. Hackers are increasingly using SSL to conceal device infections, shroud data exfiltration, and hide botnet Command & Control communications. Today, as much as 54% of advanced threats hide behind SSL. Firewalls were not designed to handle decryption, and performance grinds to a halt when they try. According to NSS Labs, appliance performance drops as much as 81% when inspecting SSL. And dedicated appliances are extremely costly/require significant CapEx investment. But ignoring the issue is becoming increasingly dangerous.
And enabling SSL inspection further exasperates the problem.
Can you inspect SSL-encrypted traffic for all users? Hackers are betting you can’t.
As the overall percentage of encrypted traffic explodes to as much as 86% of traffic to Google, it is becoming vital to do SSL inspection to ensure security. Hackers are increasingly using SSL to conceal device infections, shroud data exfiltration, and hide botnet Command & Control communications. Today, as much as 54% of advanced threats hide behind SSL. Firewalls were not designed to handle decryption, and performance grinds to a halt when they try. According to NSS Labs, appliance performance drops as much as 81% when inspecting SSL. And dedicated appliances are extremely costly/require significant CapEx investment. But ignoring the issue is becoming increasingly dangerous.
Let me give you a bit more about what we mean by cloud scale and delivering the largest most reliable and available cloud. Our cloud is deployed in 100 data centers across 5 continents.
So for instance, your employees sitting in Brazil go through the Brazil data center and employees sitting in India who go to Mumbai connect to the local data center
I only talked about volume of traffic. The number of threats and level of innovation and sophistication is increasing rapidly, so you must be able to evolve your cloud to handle more frequent updates. Appliances were never designed for this frequency of updates.
We do about a120,000 unique security updates every day. Imagine trying to update an appliance 120,000 times day. How often do you upgrade your appliances and how do you manage change control?
The next thing I want to mention is appearing with Internet exchanges. We peer with all leading Internet exchanges and leading apps, ranging from Office 365, to Azure, AWS, Box and Salesforce. This helps you get the fastest performance because our data center sitting in Chicago and New York are peered with the content, giving you fastest connection from our cloud.
We made sure that our cloud is very secure. We do ongoing internal testing and third-party testing and we are very good with redundancy — our cloud is built in from day 1 within our own infrastructure and across data centers where they can fail over. We have nothing to hide and have a Trust Portal which provides full monitoring for full transparency of both Zscaler and third-party partners. We are proud of our cloud and like to show how it’s performing.
Thanks to many of our early large enterprise customers, we’ve received a number of certifications for our cloud, including ISO 7001. These certifications are very important to us and we go through regular audits to maintain compliance. We’ve also received certification from EU-US Privacy Shield (the new agreement between the EU and US for transatlantic exchanges of personal data for commercial purposes).
Zscaler scans 35K+ potential unknown threats daily
Two Tier Report
High level: why is it malicious
Forensics details: what happened – i.e. registry keys were changed/created, network connections initiated, files read/created, etc.
Metadata
Download the list of files created on the system
Packet capture of all network traffic generated
Screenshots during program execution
APT Protection will scan a range of file types including: EXE, DLL, Office, Flash, PDF, and JAR (Java)
Once a file is tagged as malicious, Zscaler generates an MD5 and then that signature is deployed across the cloud. This then ensures the same file does not have to be scanned again.
Send all suspicious files to our cloud-based sandboxes
All files supported by standard behavioral analysis
plus Microsoft Office documents, Adobe PDF files and Flash files, Java apps and applets, ZIP and RAR archives, and Android APK files
Malicious files can be instantly blocked, quarantined or flagged based on your policy
===
Specific Zscaler features include:
Outbound scanning
Anonymizers/P2P
Suspect country/destinations
Botnet call home
Abnormal traffic analysis
Data mining (across 10B daily transactions)
DNS Analysis (eg. Fastflux)
Suspect country/destinations
Botnet call home
Forensic analysis
Specific details of analysis including:
Security Bypass techniques (evading)
Networking activity
Persistence techniques (to evade destruction attempts)
Detection evading techniques
System and file configuration changes
Memory and process analysis
Packet captures for detailed analysis
Origin and destination analysis for suspect locations
Screen captures as malware is being executed
Reporting to summarize information required for remediation
APT Protection will scan a range of file types including: EXE, DLL, Office, Flash, PDF, and JAR (Java)
Once a file is tagged as malicious, Zscaler generates an MD5 and then that signature is deployed across the cloud. This then ensures the same file does not have to be scanned again.
Send all suspicious files to our cloud-based sandboxes
All files supported by standard behavioral analysis
plus Microsoft Office documents, Adobe PDF files and Flash files, Java apps and applets, ZIP and RAR archives, and Android APK files
Malicious files can be instantly blocked, quarantined or flagged based on your policy
===
Specific Zscaler features include:
Outbound scanning
Anonymizers/P2P
Suspect country/destinations
Botnet call home
Abnormal traffic analysis
Data mining (across 10B daily transactions)
DNS Analysis (eg. Fastflux)
Suspect country/destinations
Botnet call home
Forensic analysis
Specific details of analysis including:
Security Bypass techniques (evading)
Networking activity
Persistence techniques (to evade destruction attempts)
Detection evading techniques
System and file configuration changes
Memory and process analysis
Packet captures for detailed analysis
Origin and destination analysis for suspect locations
Screen captures as malware is being executed
Reporting to summarize information required for remediation
ENGAGE
in an open forum with Zscaler engineers and product managers, partners, and customers
SHARE
your knowledge and learn from experts in cloud security
JOIN
the conversation at community.zscaler.com