Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?
Upcoming SlideShare
Loading in...5

Like this? Share it with your network

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads


Total Views
On Slideshare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide
  • The alternative we propose is with Zscaler’s Direct to Cloud Network. If you can imagine the advantages of directing all of your internet and cloud bound traffic through a globally deployed Cloud infrastructure without having to manage all of the costly hardware and software – it offers compelling flexibility, economics and simplicity without compromising any of the security capabilities and requirements.In fact, in our security “deep dive” presentation we can share how Zscaler actually provides better security to address advanced threats given the volume of transactions we scan across our Cloud Network each day.So all of a sudden you have an infrastructure available anywhere in the world, that can manage your employee internet and cloud activities with uniform policies… available instantly – and do this regardless of what device employees may be using to access the cloud and internet
  • In a more simplistic picture – the best way to think of Zscaler, is as a global check-post sitting between your employees and the Cloud. In a more technical term some of you might view Zscaler as a Massively scalable and fast Proxy available anytime, globally from any device.
  • We have talked much about the global nature of the Zscaler Direct to Cloud Network. It is worth while to share the extent to which we have deployed infrastructure to offer you comparable access – and in many cases better access – than you would receive using your current method of accessing the Cloud and Internet.
  • I’ll take a moment to explain how Zscaler works – we think you will see the simplicity in what we do and how you can quickly deploy on the Zscaler Direct to Cloud Network.Your administrator sets up policy and launches it on our cloud through a simple but comprehensive web interface – these policies are made available instantly across our global networkCloud and Internet bound traffic is forwarded from your employees using a number of techniques – which we can discuss more in our technical discussionAll employee web and email traffic goes through our global cloud network where policy is applied – traffic that is allowed goes through to its destination - - - traffic that is denied will return a notice to the userOnce the cloud and internet is accessed – the Zscaler network scans all traffic for threats and Advanced threats and protects your business network from malicious intentAt any time – your admin or C-level executives have access to instant reporting that can be customized for summary or detailed investigation or review
  • Align the left boxesAlign the cloudsAlign the textAlign the horizontal dotted lines between 1 and 2 & between 2&3


  • 1. Are Your Appliance Based Security Solutions Ready For 2048-bit SSL? Dr. Amit Sinha Executive Vice President of Engineering and Operations, CTO
  • 2. Panelist Dr. Amit Sinha is skilled entrepreneur and leader, having driven research and development of disruptive security and wireless technologies for multiple market-leading organizations, including Amit Sinha, Executive Vice President, of Engineering and Cloud Operations, Chief Technology Officer Zscaler Zscaler, Motorola, AirDefense and Engim. He holds 27 US patents and has contributed to three books and dozens of conference and journal papers. ©2012 Zscaller,
  • 3. Webcast Logistics To send us questions during the sessions: • Type the question in the Q&A or Chat Window provided in WebEx. We will answer questions at the end of the webcast. Any Technical Issues? • Email: Complete the survey at the end of the webcast • The Survey will appear in your browser at the end of the session
  • 4. Agenda ‣ Why Security Socket Layer (SSL) Encryption ‣ SSL Challenges & Trends ‣ Upgrading 1024 to 2048-bit SSL: The Mandate ‣ Upgrade Implications For Appliance Based Security ‣ How Zscaler Secures Enterprises ‣ Benefits of Direct to Cloud ‣Q & A
  • 5. What is SSL? • Widely used on the Internet for authenticating sites and providing encrypted traffic exchange 5
  • 6. SSL Traffic is Exploding SSL on Internet Search Social Networking Webmail Enterprise Banking Login Transactions All App Coverage ‣ Internet is moving to default SSL (Google, Facebook, etc.) ‣ SSL puts lots of load on systems and security infrastructure
  • 7. Enterprise Attacks Shifting from Servers to Users Direct server attacks: Rare Servers: stationary, consolidated behind FWs ‣ Mobility and cloud make users vulnerable – any place, any device, direct to net ‣ Malware can be delivered over SSL ‣ Botnets call home over SSL ‣ Enterprise visibility and control is missing Users: the Beachhead Used to attack servers Are your USERS SECURE EVERYWHERE?
  • 8. ▶ All existing 1024-bit certificates must be replaced with 2048bit SSL certificates by December 31, 2013 ▶ Better Security ▶ Performance Upgrading 1024 to 2048-bit SSL: The Mandate 1024 bit 5X Performance Degradation 80% Performance Drop 2048 bit Security
  • 9. Can Your Security Appliance Handle This? ‣ How do you deal with mobile users and many distributed office locations? ‣ Are your cloud applications like Office365, Box, Google Apps, etc. bottlenecked? ‣ Are you scanning SSL traffic? – If NOT, you have a BIG security/visibility GAP ‣ Do you use appliance based proxy servers? ‣ Can your appliance handle SSL interception with 2048-bit? 9
  • 10. The Zscaler Direct-to-Cloud Network Regional Offices Home or Hotspot Branch Offices On-the-go Headquarters Secure access to leading cloud, mobile and social applications
  • 11. What Does Zscaler Do? Mobile & Distributed Workforce Global check post Enforces business policy Cloud Services Regional Office Botnet Cloud Apps HQ Mobile Apps Home or Hotspot Exploits On-the-go NO HARDWARE | NO SOFTWARE Block the bad, protect the good Social Media
  • 12. Zscaler’s Global Network of 100+ Datacenters Oslo Chicago I, II Toronto Moscow Gdansk Amsterdam London Frankfurt I, II Paris Bern New York Washington DC I, II Madrid Atlanta I, II Dallas I, II Miami Mexico City San Francisco Sunnyvale Los Angeles Stockholm Denver Amman Cairo Riyadh Tokyo Kuwait City Dubai Hong Kong Taipei Mumbai Chennai Kuala Lumpur Singapore Lima Sao Paulo Santiago Johannesburg Cape Town Sydney October 2013 Active Data Centers 12 ©2013 Zscaler, Inc. All rights reserved.
  • 13. How Zscaler Works Define Policy at a central portal Regional Office Admin Forward traffic WEB (Configure FW or router) Enforce policy bidirectionally Internet HQ EMAIL Real-time Visibility Same policy for mobile users Home or Hotel Admin ‣ Easy to deploy and manage – no hardware, no software. ‣ Zscaler provides global infrastructure. You retain full control. ‣ Comprehensive security and control of Internet access including SSL. 13 ©2013 Zscaler, Inc. All rights reserved.
  • 14. Zscaler Inspects Full Web Transactions • Most vendors analyze only domain and block based on a black list • Domain represents < 5% of a total URL Request Domain Parameters Cookies Body Response HTML • URL represents < 1% of a total page • Most newer threats are hidden in the pages being served and require full page inspection Path Images ActiveX Controls & Browser Helper Objects Windows Executables & Dynamic Link Libraries Scripts Java Applets & Applications JavaScript (HTML, PDF, stand-alone). Visual Basic Script XML RIA Visual Basic for Apps. Macros in Office documents HTML
  • 15. Zscaler Provides Full SSL Scanning Capabilities Content Inspection Engine Users Internet 6 5 1 7 2  4 Web Servers 3 1. Client/Proxy Handshake Zscaler SSL Controls 2. Proxy/Server Handshake ‣ Option to enable SSL Interception 3. Certificate check 4. Website sends encrypted (SSL) content 5. Decrypted content sent to the Content Engine 6. Filtered content sent to proxy 7. Re-encrypted content sent to user ‣ Bypass SSL Interception for Sites/Categories (e.g. banking) ‣ Block Sites/Categories when SSL is not decrypted ‣ Allow/Deny untrusted certificates ‣ Option to use custom root certificates
  • 16. SSL Upgrade Zscaler Security Cloud is Already Upgraded to 2048-bit Cloud Running 1024-bit SSL No Hardware Acceleration SSL Upgrade Cloud Running 2048-bit SSL After Upgrade with Hardware Acceleration  Most proxy vendors don’t do SSL interception – performance overhead  Moving from 1024 to 2048 bit is an additional 5X performance drop  Zscaler seamlessly enabled 2048-bit SSL across its cloud using hardware acceleration which improved SSL performance 25X  Customers did not have to upgrade hardware or software
  • 17. Zscaler Solution Benefits Advanced Threats Social Media & cloud Apps Antivirus URL Filtering Unified Policy Global, Real-time Analytics Local Internet breakout BW control 17 Regulatory Compliance IP Protection
  • 18. Can It Scale?  The name Zscaler stands for the Zenith of Scalability  Every day Zscaler processes more than 12 billion transactions through our cloud from 12 million users across 4,500 customers in 180 countries  Zscaler cloud operates in 100+ datacenters across 12 world class service providers 5B Searches Per Day 4.7B Likes Per Day 400M Tweets Per Day 18 < 12B Transactions Per Day * October 2013 Statistics
  • 19. Summary ▶ Cloud, Mobile and Social Networking are powerful trends transforming Enterprises ▶ Internet is moving to SSL, everything is over HTTP(S) ▶ Attacks have shifted from servers to users ▶ New standards mandate shift from 1024 to 2048-bit SSL starting 1st Jan, 2014 (80% performance drop) ▶ Traditional appliance based security is ineffective ▶ Zscaler is transforming enterprise security with the world’s largest Security Cloud
  • 20. Q&A
  • 21. Thank You! Next Steps Register for a Free Trial Register for a Personalized Demo Register for a Webinar/Live Demo 21 ©2013 Zscaler, Inc. All rights reserved.