Zscalerのブログ
Zscalerの最新ブログ情報を受信
購読するIntroducing Zero Trust Segmentation: Zero Lateral Threat Movement With Zero Firewalls
We're thrilled to unveil Zscaler's Zero Trust Segmentation solution, offering a simpler, more secure, and cost-effective way for users, devices, and workloads to communicate—across and within branch, factory, and cloud environments. Say goodbye to MPLS, traditional SD-WAN, ExpressRoute, Direct Connect, and complex East-West firewalls.
Why Do Companies Need Zero Trust Segmentation?
Companies are increasingly distributed and adopting IoT, OT, and cloud technologies to enhance efficiency, agility, and innovation. By 2030, connected devices will exceed 29 billion, and over 90% of businesses already use multiple cloud platforms.
However, traditional networks and security pose significant challenges:
- Lateral Threat Movement: Extending connectivity to branches and clouds through traditional SD-WAN and expensive connectivity services like Direct Connect, and ExpressRoute increases the attack surface, facilitating the spread of ransomware and malware.
- Vulnerable OT Systems: Connecting once-isolated OT devices to IT and cloud environments exposes them to cyberattacks, as many rely on outdated, unpatchable platforms.
- Firewall Cost and Complexity: Firewalls and VPNs expand the attack surface, fail to stop all lateral threat movement, are complex to manage, and lead to substantial costs. Within sites and factories, East-West firewalls and NAC solutions are expensive and disruptive to deploy. In the cloud, each internet-facing firewall presents a discoverable attack surface and can lead to inconsistent cyber threat and data protection, as each public cloud service provider operates differently.
Introducing Zero Trust Segmentation Without Firewalls
Zero Trust Segmentation for Branch and Cloud is an innovative solution that prevents ransomware attacks, stops lateral threat movement, turns branches into simplified café-like environments, and eliminates the need for firewalls, network access control (NAC), SD-WAN, site-to-site VPNs, and reliance on Direct Connect and ExpressRoute.
Secure Communications Across Branches, Factories, and Clouds
Companies no longer need to extend the corporate network from the data center to distributed locations and public clouds. Each branch, factory and public cloud communicates directly with the Zscaler Zero Trust Exchange over any broadband connection. The Zero Trust Exchange applies business policies to securely connect users, workloads and devices, minimizing the attack surface associated with public IPs, preventing ransomware spread, and eliminating firewalls, SD-WAN and reliance on Direct Connect and ExpressRoute.
Learn more in our blog on Zero Trust SD-WAN.
Secure Devices Inside Branches, and Factories
Our solution eliminates lateral threat movement inside branches, factories, and campuses by isolating every endpoint into a secure “network of one.” To get you started faster, it automatically discovers and classifies every asset in your critical infrastructure to provide east-west visibility and control over all communication between endpoints in the campus, branch, and factory. Our solution’s agentless technology deploys in hours without forced upgrades or VLAN re-addressing, and easily isolates legacy controllers, IoT devices, and headless machines.
Learn more in our blog on Zero Trust Device Segmentation.
Secure and Segment Workloads Across Multicloud
Zscaler Zero Trust Segmentation standardizes multi-cloud workload security for internet-bound traffic, communication between clouds and data centers, between Virtual Private Clouds (VPCs), and between workloads and processes. This scalable approach eliminates the need for firewalls, site-to-site VPNs, Direct Connect, or ExpressRoute, simplifying and strengthening security across diverse cloud environments.
Learn more in our blog on Zero Trust Cloud.
Your Next Steps
With Zero Trust for Branch and Cloud, you can now rapidly deploy zero trust segmentation across your entire enterprise to:
- Stop lateral movement of ransomware - Segment users, devices, and workloads in days—not months or years.
- Deliver a café-like branch experience - Enable access without extending your network to every branch.
- Cut firewall and infrastructure spend by 50% - Eliminate N/S and E/W firewalls, NAC switches, traditional SD-WAN, ExpressRoute, and Direct Connect.
Learn more about these innovations, and schedule a demo and architectural workshop with our experts today!