Zscaler. The company say it offers "comprehensive security, data protection, visibility and control – 100% in the cloud", with its "Security as a Service" platform.
The company proudly boasts of being "used by more than 5000 leading organisations, including 50 of the Fortune 500", and "ensures that more than 15 million users worldwide are protected against cyber attacks and data breaches while staying fully compliant with corporate and regulatory policies".
Sutton is in Australia this week, with the focus of his message being that "we can't simply rely on signature-based technologies, as that assumes that we know what to look for and where to look for it".
The company notes that "nabbing criminals would be so much easier if they simply wore orange jumpsuits while walking down the street. We could clearly see them, avoid them and lock them up", and that "stopping malware is no different".
Indeed, it also states that "if a webpage or a binary file had clear attributes to identify it as malicious, stopping threats wouldn’t be a challenge".
Unfortunately, Zscaler says, "that’s not the case".
"Malware authors, like criminals, know that blending in is key to not getting caught… and they’re very good at it. Despite this fact, the majority of enterprises heavily rely on security controls that are able to accurately separate good traffic from bad. This approach not only creates a significant point of failure, but the average enterprise has massive blind spots due to their network architecture, corporate policies and misplaced trust."
The company continues explaining that "for the same reasons that enterprises have adopted hosting services and cloud based platforms, so too have attackers. Malware is hosted on the same servers, domains and IP addresses as legitimate traffic. Source is no longer a reliable attribute for identifying risk, which has rendered many black/whitelisting and reputation based controls ineffective".
"To complicate matters further, even when security controls would be effective, the traffic itself often can’t be inspected. Due in large part to privacy concerns stoked by the Snowden revelations, Internet properties are racing to implement SSL by default on all sites. Most enterprises are unable to inspect SSL traffic, either because they lack the necessary infrastructure to do so, or because they have not tackled regulatory hurdles or internal perception issues that would permit inspection in the first place.
"Additionally, traffic from trusted sources often receives lesser or no scrutiny whatsoever. In the end, we’re left with a fragile and porous security framework with only a portion of traffic inspected and controls largely relying on the ability to spot orange jumpsuits."
Thus, as a cloud-based platform, Zscaler has "the luxury of observing not only the attacks targeting millions of end users, but also the policies put in place to combat these threats".
So, here’s my video interview with Michael Sutton. The article continues thereafter, please read on!
In the interview, I introduced Sutton and welcomed him, asking him to explain what Zscaler does and to talk about being CISO of a major tech company, as well as sharing some career highlights.
He then explained why he was visiting Australia, and then moved onto the focus of his message and why Zscaler’s solutions were different to competitors.
Sutton spoke about threat protection and security, and the mistakes that companies are making when it comes to the cloud. He talked about the Gartner Magic Quadrant and how Zscaler has been in the "leadership" position for five years.
We then looked at how the industry might evolve over the next few years, great advice that Sutton had received in his career and his final video interview message to iTWire viewers and readers, and to Zscaler’s current and future customers.
The quick version of Sutton’s bio is that he has "dedicated his career to conducting leading-edge security research, building world-class security teams and educating others on a variety of security topics".
As CISO at Zscaler, Sutton "drives internal security and heads Zscaler's Office of the CISO, a team engaging security executives at a peer level to drive best practices and facilitate industry wide collaboration on emerging security topics. The Office of the CISO is also responsible for providing subject matter expertise through speaking engagements, blogging and media collaboration".
Prior to Zscaler, Sutton helped build other pioneering security start-ups, including SPI Dynamics (acquired by Hewlett-Packard) and iDefense (acquired by VeriSign). Sutton is also the co-author of “Fuzzing: Brute Force Vulnerabilities,” an Addison-Wesley publication.
As for Zscaler’s inclusion in Gartner’s Magic Quadrant, it is dubbed a "leader for secure Web gateways and delivers a safe and productive Internet experience for every user, from any device and from any location – 100% in the cloud".
Boasting of a "multi-tenant, distributed cloud security platform", Zscaler says it "moves security into the Internet backbone, operating in more than 100 data centres around the world and enabling organisations to fully leverage the promise of cloud and mobile computing with unparalleled and uncompromising protection and performance".
In addition, the company says it delivers "unified, carrier-grade Internet security, next-generation firewall, web security, sandboxing/advanced persistent threat (APT) protection, data loss prevention, SSL inspection, traffic shaping, policy management and threat intelligence – all without the need for on-premise hardware, appliances or software".