SD-WAN plus cloud security

©2018 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION0 ©2018 Zscaler, Inc. All rights reserved.
SD-WAN plus Cloud Security Stack
für optimale Zweigstellen-Anbindung
Schneller Internet-Zugang für jede Zweigstelle
braucht einen Cloud Security Stack mit Firewall
Nils Ullmann – Solutions Architect, Central Europe – nullmann@zscaler.com
Jürgen Strapko – Regional Sales Manager – jstrapko@zscaler.com

Housekeeping
• Type your questions into the chat box in the
WebEx panel
• More questions? We’ll try to get to all
questions during the Q&A session. If we do not
get to your question, we’ll make sure to follow
up afterwards
• Technical issues? Email us at
webcast@zscaler.com
• Your Feedback? At the end of the webcast –
please let us know how we did!

©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION2
Our Mission
Empower organizations to realize the
full potential of the cloud and mobility by
securely connecting users to applications
from any device, anywhere

New leaders are born when megashifts take place
Data center and hardware
Applications in the data center
On-Premise security

©2017 Zscaler, Inc. All rights reserved.4
How, when, and where we work is changing

Source: Riverbed, SkyHigh Networks, Right-Scale, Cisco
CLOUD
TRANSFORMATION
IS HAPPENING
79%
of workloads now run
in the cloud
80%
of Employees Use
Shadow Cloud
Applications
98%
of IT decision makers
say next-gen
networks are required
320%
Increase in O365
Enterprise Adoption

©2017 Zscaler, Inc. All rights reserved.6 ©2017 Zscaler, Inc. All rights reserved.6
A quick recap of networking history

1990’s
private WANs
MPLS
Remote and Branch Office Remote and Branch OfficeRegional Hub and Campus
Data Center

App. teams
Disaster Recovery Site
Private
WAN
Data Center
2000’s

2010’s
App. teams IT Ops
Private
WAN
Data Center

… and now SD-WAN

2010’s
App. teams IT Ops
Private
WAN
Data Center

Bandwidth Problems Everywhere
Global Dev Ops
Disaster Recovery Site MPLS
Remote and Branch OfficeRegional Hub and Campus
Data Center
Regional Hub and Campus
Internet

Add More Links
Global Dev Ops
Data Center
Internet

MPLS + Local Internet = Overlay
Global Dev Ops
Data Center
Internet

MPLS
Remote and Branch Office
Data Center
Internet
Let’s dig into the details

Remote & Branch Offices
Data Centers
Internet
MPLS CE RouterPE RouterUnderlay - Network
BGP (OSPF)
OSPF (BGP)
The Details

What about Security …

Global Dev Ops
Data Center
Internet
SD-WAN – No Change in Security
and not in Internet Performance

UTM
Firewall
Restricted Network
Non-Compliant
users
Remediation
Servers
Firewall
Web
Scanners
NAC/NAP
Security
Policy
SIEM
Servers
Threat
Analysis
Security Management
Network
Data Center
File Servers Mainframe
DatabaseExchange
Servers
Domain
Servers
Firewall DLP
Storage
Public Key
Infrastructure
Keys
Certificate
Authority
UTM
Firewall
LDAP
Management
Console
Wireless
Access
DLP
UTM
Firewall
Wi-Fi Network
IPS
Mobile
User
UTM
Firewall
Enterprise
Users
DC/ DNS
Exchange
DHCP
AV,
Anti
Malware
Remote
Access
UTM
Firewall
Remote
Access
Gateway
CORPORATE
NETWORK
DLP
Router
Regional
Office
VPN
Mobile
Device
Management
DNS
Exchange
VPN
FtpWeb
Users
Internet
Router Outside
Firewall
Web
Server
Email
Server
WAF
Inside
Firewall
SwitchSwitch IDS / IPOS
UTM
Firewall
DLP
Analytics
/ SIEM
Networking
Security
Compute
Data Center

SD-WAN + local UTMs
Global Dev Ops
Data Center
Internet

Every Appliance Vendor’s Dream
Expensive to Deploy Security CompromisesComplex to Manage
New York
Management
Platform
Logging &
Reporting
Identity Management
Server
Additional Requirements

©2017 Zscaler, Inc. All rights reserved. Zscaler™, SHIFT™, Direct-to-Cloud™ and ZPA™ are trademarks or registered trademarks of Zscaler, Inc.
in the United States and/or other countries. All other trademarks are the property of their respective owners.
There’s a better way:
Cloud Firewall ✔

SD-WAN + Zscaler = Perfect fit

Zscaler’s Security Architecture built for Performance
SECURE ALL
PORTS & PROTOCOLS
MULTIPLE PROPRIETARY
INSPECTION METHODS
ADVANCED THREAT
PROTECTION
Behavioral
Analysis
Sandbox
Dynamic Content
Classification
Page Risk Index
Anti-Malware
XSS Protection
CVE Protection
URL Filtering
Proxy (SSL)
Block Lists
File Type Control
DNS Filtering
Cloud FW (NGFW)
Browser Control
45 Billion
Requests per Day
Full Inline and SSL inspection
60+ INDUSTRY THREAT FEEDS
Threat sharing partnerships, commercial deals, open
source, private working groups.
FULL INLINE CONTENT INSPECTION
All bytes, all ports, all protocols,
including SSL – no compromises.
REAL-TIME THREAT CORRELATION
Dynamically computes the risk of every page object
using content and domain analysis.
CLOUD INTELLIGENCE
125M+ threats blocked daily. Once detected,
immediately blocked for all users. 120K+ unique
security updates a day.

Extensive Cloud Security Platform: Born in the cloud for the cloud
Differentiated IP with 100+ broad and deep issued and pending patents
Extensible through API for layering of additional services by Zscaler and partners
Built as proxy-based platform that enables full inspection
Access Control
Cloud Firewall
URL Filtering
Bandwidth Control
DNS Filtering
Threat Prevention
Advanced Protection
Cloud Sandbox
Anti-Virus
DNS Security
Data Protection
Data Loss Protection
Cloud App Controls
File Type Controls
Access Controls
User to App
App Micro
Segmentation
Device Posture
App Security
Invisible Apps
DDoS Prevention
Private Certificates
Visibility
App Discovery
App Monitoring
User Monitoring
Zscaler Internet Access
Externally Managed Apps
Zscaler Private Access
Internally Managed Apps
Zscaler Multitenant Cloud Security Platform

Zscaler peers with Office 365 in major DCs
Denver
Toronto
New York Paris
London
Amsterdam
Brussels
Stockholm
Moscow
Mumbai
Singapore
SydneyCape Town
Madrid
Riyadh
Johannesburg
San Francisco
Atlanta
Dallas
Frankfurt
Sao Paulo
Lagos
Kuala Lumpur
Tel Aviv
Washington DC
Chicago
Los Angeles
Copenhagen
Melbourne
Milan
Hong Kong Taipei
Zurich
Chennai
Tianjin
Tokyo
Doha
Dubai
Abu Dhabi
Miami
Jeddah
Al Khobar
Warsaw
Seattle
Oslo
Shanghai
45B+
Requests
processed/day
100M+
Threats
blocked/day
120K+
Unique security
updates/day
100 data centers
across 6 continents
Secure
Ongoing third-
party testing
CertifiedReliable
Redundancy within and
failover across DCs
Transparent
Trust portal for service
availability monitoring
Egress O365 close to user
Avoid network hairpins
Internet Peering
across 150 Vendors
O365 Peering Data Center
Deliver a fast connection
regardless of location!
4 Peta Bytes per Month!

New York
Zscaler enables secure local Internet breakouts without appliances
Eliminate Appliances No Security CompromisesSingle Management Console
New York
Management
Platform
Logging &
Reporting
Identity Management
Server
Additional Requirements
Global visibility - cloud apps and usage
Identify botnet-infected machines that need
to be remediated
SLA backed session-by-session logs for
6 months with no rollovers
Real-life analytics –
Actionable info
You retain full control – policy and admin
Policies by user, locations, AD groups
Follow-the-user policy for the same
protection at any location, any device
Global real-time
policy engine

SD-WAN + Cloud Security
Global Dev Ops
Data Center
Internet

SD-WAN + Zscaler
Global Dev Ops
MPLS
Data Center
Internet

Perfect Fit
Global Dev Ops
MPLS
Data Center
Internet

Why Cloud Firewall?
On-Premise NGFW/UTM Appliances vs. Zscaler Cloud Firewall
Security Policy Only Enforced
On-Premise or via VPN
Short Logs, Multiple Log Sources =
Difficult Correlation
Supersized Appliances or Refresh
Required for Traffic Growth
Limited Inspection Capabilities
Inspects Only First 200-500kB
SSL requires additional hardware
Not Designed for Frequent Updates
or to Manage Policy for Models
with Different Features/Capacities
On-Premise Security
Infrastructure
Global Unified Access and
Security Service
To this..
Anywhere Policy
Enforcement
Full Log Analysis – Single
Pane of Glass
Scales Elastically
No hardware or software
Inspects ALL Traffic,
Including Native SSL
Inspection
120K Unique Security
Updates Daily
From this..
HQ/IOT All BRANCHESAll BRANCHES

©2017 Zscaler, Inc. All rights reserved.32 ©2018 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION32
A three-step journey to secure IT transformation: Land & Expand
Enable local Internet breakouts (SD-WAN)
Enable direct access to internal apps
Security + User Experience + ROI
SIMPLIFY
Remove multiple point products
SaaS
Open
internet
Private cloud /
Data center
Public
cloud
SECURE
Up-level security
Replace proxy or VPN in days
Little infrastructure change
Enhance Security
SaaS
Open
internet
Private cloud /
Data center
Public
cloud
TRANSFORM
Cloud-enable hybrid network, app
access
Open
internet
SaaS Public
cloud
Private
cloud / Data
center
Reduces sale cycles and accelerates deployments
Phase out gateway appliances
Outbound or inbound gateway
Reduce cost and complexity

Thank You - Questions
Mehr über Zscaler für die Zweigstellen-Transformation
Branch Transformation – deutsche Webseite
https://info.zscaler.com/Branch-Transformation-Campaign_Branch-transformation-germany.html
Nils Ullmann
Solution Architect
Central Europe
nullmann@zscaler.com
linkedin.com/in/nullmann
Branch Transformation Whitepaper
https://info.zscaler.com/WP-the-definitive-guide-to-branch-transformation

©2017 Zscaler, Inc. All rights reserved. Zscaler™, SHIFT™, Direct-to-Cloud™ and ZPA™ are trademarks or registered trademarks of Zscaler, Inc.
in the United States and/or other countries. All other trademarks are the property of their respective owners.

SD-WAN plus cloud security

More Related Content

What's hot

Similar to SD-WAN plus cloud security

More from Zscaler

Recently uploaded

SD-WAN plus cloud security

Editor's Notes