Wednesday, 20 July 2016 03:07

VIDEO Interview: Zscaler's CISO Michael Sutton talks cloud security and more


Zscaler chief information security officer Michael Sutton is in Australia for a CISO Round Table and to meet customers, and he spoke to iTWire about cloud, security, ransomware, Gartner "Magic Quadrants" and plenty more.

Zscaler. The company say it offers "comprehensive security, data protection, visibility and control – 100% in the cloud", with its "Security as a Service" platform.

The company proudly boasts of being "used by more than 5000 leading organisations, including 50 of the Fortune 500", and "ensures that more than 15 million users worldwide are protected against cyber attacks and data breaches while staying fully compliant with corporate and regulatory policies".

Sutton is in Australia this week, with the focus of his message being that "we can't simply rely on signature-based technologies, as that assumes that we know what to look for and where to look for it".

In reality, Zscaler say that today's "threats are delivered from the same legitimate sites that we know and trust and traffic is often encrypted, so the historical security technologies that we rely on are often blind to the threats".

The company notes that "nabbing criminals would be so much easier if they simply wore orange jumpsuits while walking down the street. We could clearly see them, avoid them and lock them up", and that "stopping malware is no different".

Indeed, it also states that "if a webpage or a binary file had clear attributes to identify it as malicious, stopping threats wouldn’t be a challenge".

Unfortunately, Zscaler says, "that’s not the case".

"Malware authors, like criminals, know that blending in is key to not getting caught… and they’re very good at it. Despite this fact, the majority of enterprises heavily rely on security controls that are able to accurately separate good traffic from bad. This approach not only creates a significant point of failure, but the average enterprise has massive blind spots due to their network architecture, corporate policies and misplaced trust."

The company continues explaining that "for the same reasons that enterprises have adopted hosting services and cloud based platforms, so too have attackers. Malware is hosted on the same servers, domains and IP addresses as legitimate traffic. Source is no longer a reliable attribute for identifying risk, which has rendered many black/whitelisting and reputation based controls ineffective".

"To complicate matters further, even when security controls would be effective, the traffic itself often can’t be inspected. Due in large part to privacy concerns stoked by the Snowden revelations, Internet properties are racing to implement SSL by default on all sites. Most enterprises are unable to inspect SSL traffic, either because they lack the necessary infrastructure to do so, or because they have not tackled regulatory hurdles or internal perception issues that would permit inspection in the first place.

"Additionally, traffic from trusted sources often receives lesser or no scrutiny whatsoever. In the end, we’re left with a fragile and porous security framework with only a portion of traffic inspected and controls largely relying on the ability to spot orange jumpsuits."

Thus, as a cloud-based platform, Zscaler has "the luxury of observing not only the attacks targeting millions of end users, but also the policies put in place to combat these threats".

So, here’s my video interview with Michael Sutton. The article continues thereafter, please read on!

In the interview, I introduced Sutton and welcomed him, asking him to explain what Zscaler does and to talk about being CISO of a major tech company, as well as sharing some career highlights.

He then explained why he was visiting Australia, and then moved onto the focus of his message and why Zscaler’s solutions were different to competitors.

Sutton spoke about threat protection and security, and the mistakes that companies are making when it comes to the cloud. He talked about the Gartner Magic Quadrant and how Zscaler has been in the "leadership" position for five years.

We then looked at how the industry might evolve over the next few years, great advice that Sutton had received in his career and his final video interview message to iTWire viewers and readers, and to Zscaler’s current and future customers.

The quick version of Sutton’s bio is that he has "dedicated his career to conducting leading-edge security research, building world-class security teams and educating others on a variety of security topics".

As CISO at Zscaler, Sutton "drives internal security and heads Zscaler's Office of the CISO, a team engaging security executives at a peer level to drive best practices and facilitate industry wide collaboration on emerging security topics. The Office of the CISO is also responsible for providing subject matter expertise through speaking engagements, blogging and media collaboration".

Prior to Zscaler, Sutton helped build other pioneering security start-ups, including SPI Dynamics (acquired by Hewlett-Packard) and iDefense (acquired by VeriSign). Sutton is also the co-author of “Fuzzing: Brute Force Vulnerabilities,” an Addison-Wesley publication.

As for Zscaler’s inclusion in Gartner’s Magic Quadrant, it is dubbed a "leader for secure Web gateways and delivers a safe and productive Internet experience for every user, from any device and from any location – 100% in the cloud".

Boasting of a "multi-tenant, distributed cloud security platform", Zscaler says it "moves security into the Internet backbone, operating in more than 100 data centres around the world and enabling organisations to fully leverage the promise of cloud and mobile computing with unparalleled and uncompromising protection and performance".

In addition, the company says it delivers "unified, carrier-grade Internet security, next-generation firewall, web security, sandboxing/advanced persistent threat (APT) protection, data loss prevention, SSL inspection, traffic shaping, policy management and threat intelligence – all without the need for on-premise hardware, appliances or software".

Subscribe to ITWIRE UPDATE Newsletter here


The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.


Alex Zaharov-Reutt

Alex Zaharov-Reutt is iTWire's Technology Editor is one of Australia’s best-known technology journalists and consumer tech experts, Alex has appeared in his capacity as technology expert on all of Australia’s free-to-air and pay TV networks on all the major news and current affairs programs, on commercial and public radio, and technology, lifestyle and reality TV shows. Visit Alex at Twitter here.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News