CLOUD FIREWALL

The workforce is now distributed and mobile, and the number of applications leaving the confines of the data center for the cloud continues to grow. These cloud  applications, including Microsoft Office 365, were designed to be accessed directly via the Internet. To securely embrace cloud apps and services and deliver a fast user experience, Internet traffic needs to be routed locally.

One way to route traffic locally and secure this new world is to deploy stacks of security appliances in every branch office. But this option is simply not viable in terms of the cost and complexity of deploying and managing them all. Traditional firewalls are easily overwhelmed by cloud apps, because they cannot scale to support the high volume of long-lived connections the apps create, and they cannot handle SSL-encrypted traffic or non-standard ports and protocols. Because of these challenges, organizations are increasingly turning to SD-WAN to establish local Internet breakouts. But, these local breakouts need to be secured.

CHALLENGES:

• Cost prohibitive to deploy
• Untenable to manage
• Compromises branch security
• Creates appliance sprawl
• Performance degrades with SSL insection and cloud apps with long-lived connections

OUR SOLUTION:

Zscaler Cloud Firewall brings next-gen firewall controls and advanced security to all users in all locations — for all ports and protocols. Zscaler enables fast and secure local Internet breakouts and, because it’s 100 percent in the cloud, there’s no hardware to buy, deploy, or manage.

NEXT-GEN FIREWALL CAPABILITIES WITHOUT THE HARDWARE HEADACHES

• Stateful firewall policies — Apply allow/block security policy based on source and destination IP address, ports, and protocols
• Standard NGFW policies — Apply granular allow/block security policies based on applications using a Deep Packet Inspection (DPI) engine
• Context-aware policies — Apply access and security policy based on user identity, group, and location – (truly tied to the user)
• Application usage visibility — Get real-time visibility into traffic usage, threats, and applications by users, groups, and locations, in few clicks
• Fully integrated security services — Contextual information is shared across services to provide better protection and deeper visibility
• Cloud effect — Every time a new threat is identified in any of the 40 billion requests processed daily by our cloud, it gets blocked for all cloud users

BENEFITS:

REDUCE COSTS AND COMPLEXITY:

• Enable secure local Internet breakouts for all ports and all protocols without any appliances to deploy or manage
• Reduce MPLS backhauling costs
• Eliminate the need for costly and time-consuming patch management, coordination of outage windows, and policy management

IMPROVE SECURITY AND PERFORMANCE:

• Route Internet traffic locally to enable a fast user experience
• Provide security and access controls for Internet traffic on all ports, not just 80 and 443, to prevent advanced threats
• Deliver full, dynamic inspection of HTTP traffic traversing non-standard ports
• Fully proxy all DNS traffic to protect against vulnerabilities such as DNS cache poisoning

BENEFIT FROM THE CLOUD EFFECT:

• Bring the entire security stack close to the user, ensuring identical protection for users from wherever they connect
• Scale services elastically to handle SSL inspection and cloud application traffic requiring long-lived connections
• Log every session for complete visibility into all users, locations, applications, ports, and protocols, in near-real time