Extend zero trust inside your branch, factory, and campus—in hours
Agentless zero trust segmentation eliminates the risk of lateral movement inside your network by isolating every endpoint into a secure "network of one."
Easily segment IoT and OT
Eliminate east-west firewalls and NAC
Deploy in hours with no outages, agents, or VLAN changes
The Problem
Traditional network segmentation projects are never-ending
Your operations rely on your critical OT/IoT endpoints, and in most cases, downtime is simply not an option. In addition, many OT/IoT devices are unpatchable and lack effective built-in security. Others are approaching or have already reached end-of-service, leaving you vulnerable to attackers' new techniques.
Legacy network and security architectures can't deliver zero trust for many critical devices
The massive growth of connected devices in the enterprise brings an equally massive need to reduce the attack surface. Whether your goal is compliance, risk management, or operational safety, that means ensuring you can fully segment every connected device for true zero trust.
Deploy Zero Trust Device Segmentation in hours, without east-west firewalls
The Zscaler Zero Trust Exchange™ protects thousands of organizations with zero trust segmentation for users, applications, workloads, and locations. With Zero Trust Device Segmentation, we eliminate lateral threat movement inside your network. Instantly reduce complexity and risk with seamless deployment—and no need for endpoint agents.
Stop lateral threat movement
Enforce policy on every endpoint without adding software. Segment every IP device into a network of one—no agents, no east-west firewalls, or NAC required.
Automate incident response with our Ransomware Kill Switch™
Instantly block risky protocols to reduce the blast radius of a breach with granular controls, including pre-programmed and custom policies.
Discover every device on your network
Automatically discover and classify every device with accurate, real-time auto-mapping.
What sets Zero Trust Device Segmentation apart?
No lateral movement
Stop lateral threat movement by isolating every connected endpoint without taking them offline.
No endpoint agents
Fully segment legacy servers, headless machines, and IoT/IoMT devices that can't accept agents.
No legacy firewalls or networking
Eliminate the cost and IT tickets of east-west firewalls, NAC, branch DHCP, and complex switches.
No OT downtime
Deploy in just hours, and integrate into your running network with no agents, hardware upgrades, or VLAN readdressing.
Solution Details
Stop lateral threat movement
Isolate every IP endpoint in its own network without adding agents or software. Visualize and control intra- and inter-VLAN/VPC traffic without network downtime or agents.
Automated Provisioning
Isolate every device into a segment of one (using /32).
Automated Policy Grouping
Group devices, users, and apps for policy enforcement automatically.
Policy Enforcement
Enforce dynamic policy for east-west traffic and IT/OT and Purdue layer separation.
Agentless Deployment
Eliminate east-west firewalls, NAC appliances, and agent-based software.
Ransomware Kill Switch
Automate incident response with simple, user-selectable attack surface reduction. Just choose a pre-set severity level to progressively lock down known vulnerable protocols and ports.
Pre-Set Policies
Align protection to real-time risk with four selectable policy levels based on severity.
Controlled Access
Restrict critical infrastructure access to known MAC addresses only.
SIEM/SOAR Integration
Integrate seamlessly with your existing SIEM and SOAR for automated response.
Port and Protocol Blocking
Instantly block the protocols most favored by ransomware, like RDP/SMB and SSH.
Automatically discover every device
Discover and classify all device assets in real time, with full east-west visibility and control. Take back control with no endpoint agents to deploy or manage.
Device Discovery
Automatically discover and classify devices in east-west LAN traffic.
Traffic Analysis
Baseline your traffic patterns and device behaviors as well as identify authorized and unauthorized access.
Network Insights
Gain AI-driven network insights to support performance management and threat mapping.
Real-Time Automapping
Leverage third-party integrations for querying, tagging, and alert monitoring.
Experience the power of the Zscaler Zero Trust Exchange
A comprehensive platform to secure, simplify, and transform your business
01 Risk Management
Reduce risk, and detect and contain breaches, with actionable insights from a unified platform
02 Cyberthreat Protection
Protect users, devices, and workloads against compromise and lateral threat movement
03 Data Protection
Leverage full TLS/SSL inspection at scale for complete data protection across the SSE platform
04 Zero Trust for Branch and Cloud
Connect users, devices, and workloads between and within the branch, cloud, and data center