Zscaler Internet Security Frequently Asked Questions



Similar documents
SSL Encryption and Traffic Inspection ADDRESSING THE INCREASED 2048-BIT PERFORMANCE DEMANDS OF 2048-BIT SSL CERTIFICATES

Break Internet Bandwidth Limits Higher Speed. Extreme Reliability. Reduced Cost.

Astaro Gateway Software Applications

Networking for Caribbean Development

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

Enterprise Cloud Manager

WHAT S NEW IN WEBSENSE TRITON RELEASE 7.8

Firewall and UTM Solutions Guide

Migration Project Plan for Cisco Cloud Security

Fortigate Features & Demo

V1.4. Spambrella Continuity SaaS. August 2

Content Scanning for secure transactions using Radware s SecureFlow and AppXcel together with Aladdin s esafe Gateway

Enabling Business Beyond the Corporate Network. Secure solutions for mobility, cloud and social media

Simple security is better security Or: How complexity became the biggest security threat

Technical Note. ISP Protection against BlackListing. FORTIMAIL Deployment for Outbound Spam Filtering. Rev 2.2

Move over, TMG! Replacing TMG with Sophos UTM

Enterprise Buyer Guide

Securing Virtualization with Check Point and Consolidation with Virtualized Security

How To Get The Most Out Of Your From Your Mail Server (For A Small Business)

Configuring a VPN for Dynamic IP Address Connections

Network Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000

Unified Threat Management, Managed Security, and the Cloud Services Model

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

Security Policy JUNE 1, SalesNOW. Security Policy v v

Top 10 Reasons Enterprises are Moving Security to the Cloud

ZSCALER SECURITY CLOUD FOR LARGE AND MEDIUM ENTERPRISE

On and off premises technologies Which is best for you?

Cisco AnyConnect Secure Mobility Solution Guide

SSL Inspection Step-by-Step Guide. June 6, 2016

Cisco Cloud Security Interoperability with Microsoft Office 365

Cisco Small Business ISA500 Series Integrated Security Appliances

SiteCelerate white paper

Gateway Security at Stateful Inspection/Application Proxy

How To Configure Forefront Threat Management Gateway (Forefront) For An Server

Configuration Example

CradleCare Support Agreement The Peace of Mind Plan

McAfee. Firewall Enterprise. Application Note TrustedSource in McAfee. Firewall Enterprise. version and earlier

Cisco Cloud Web Security Key Functionality [NOTE: Place caption above figure.]

INCREASINGLY, ORGANIZATIONS ARE ASKING WHAT CAN T GO TO THE CLOUD, RATHER THAN WHAT CAN. Albin Penič Technical Team Leader Eastern Europe

Design and Implementation Guide. Apple iphone Compatibility

Evaluation Guide. eprism Messaging Security Suite V8.200

Securing the Small Business Network. Keeping up with the changing threat landscape

Installation of the On Site Server (OSS)

Fighting Advanced Threats

Guest Speaker. Michael Sutton Chief Information Security Officer Zscaler, Inc.

How To Configure A Kiwi Ip Address On A Gbk (Networking) To Be A Static Ip Address (Network) On A Ip Address From A Ipad (Netware) On An Ipad Or Ipad 2 (

Configuration Guide BES12. Version 12.1

Solution Brief. Secure and Assured Networking for Financial Services

The Secure Web Access Solution Includes:

FortiBalancer: Global Server Load Balancing WHITE PAPER

Configuration Guide. How to Configure SSL VPN Features in DSR Series. Overview

Firewall Security. Presented by: Daminda Perera

Application Description

Security Administration R77

Defend Your Network with DNS Defeat Malware and Botnet Infections with a DNS Firewall

The Hillstone and Trend Micro Joint Solution

Game changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE

Application Note Secure Enterprise Guest Access August 2004

Internet Privacy Options

Best Practices Revision A. McAfee Gateway 7.x Appliances

How To Protect Your Mobile Device From Attack

The Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know

Secure Your Mobile Workplace

Top tips for improved network security

Networking and High Availability

HTTPS Inspection with Cisco CWS

Recommended IP Telephony Architecture

Cisco Certified Security Professional (CCSP)

Configuration Guide BES12. Version 12.2

PART D NETWORK SERVICES

How To Prepare For The Second Data Center On Payware Connect For A Second Time

NEFSIS DEDICATED SERVER

Configuration Example

Applications erode the secure network How can malware be stopped?

GLOBAL SERVER LOAD BALANCING WITH SERVERIRON

Cloud Management. Overview. Cloud Managed Networks

Configuring the Edgewater 4550 for use with the Bluestone Hosted PBX

MANAGED EXCHANGE SOLUTIONS Secure, Scalable and Compliant Hosted Environments

Protecting Your Organisation from Targeted Cyber Intrusion

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training

ZyWALL USG ZLD 3.0 Support Notes

Solution Brief FortiMail for Service Providers. Nathalie Rivat

Web Caching and CDNs. Aditya Akella

Deploying F5 to Replace Microsoft TMG or ISA Server

White Paper Copyright 2011 Nomadix, Inc. All Rights Reserved. Thursday, January 05, 2012

Networking and High Availability

How Traditional Firewalls Fail Today s Networks And Why Next-Generation Firewalls Will Prevail

Deploying Firewalls Throughout Your Organization

Global Network Pandemic The Silent Threat Darren Grabowski, Manager NTT America Global IP Network Security & Abuse Team

SSL-VPN 200 Getting Started Guide

We license by the total # of users with Internet access. No, but you may contact us anytime you need to increase your license count.

Reduce Your Network's Attack Surface

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers

Transcription:

Zscaler Internet Security Frequently Asked Questions 1

Technical FAQ PRODUCT LICENSING & PRICING How is Zscaler Internet Security Zscaler Internet Security is licensed on number of Cradlepoint devices forwarding DNS queries. Organizations should purchase one license per router forwarding the traffic to licensed? Zscaler. How many users can I have at a location? The service license per router allows for as many users as you need at the location, including GUEST WiFi filtering & security. Should we contact Cradlepoint every time we add a new device? YES. Every device requires a license. Although, once you purchase the Zscaler Internet Security license, your admin can add/create the new location on the Zscaler portal without any involvement from Cradlepoint. Should we contact Cradlepoint if we add more users to the location? No. We do not price or license based on number of users from each location. Although we do monitor the number of DNS queries coming for each licensed device forwarding DNS queries to Zscaler Internet Security. DEVICE CONFIGURATION AND PROVISIONING How do I forward traffic to Cradlepoint recommends using router firmware 5.3 or higher with Zscaler Internet Security. With firmware 5.3 or higher, you simply; Zscaler Internet Security?! Edit the routers configuration using Enterprise Cloud Manager or the local router UI, go to Network Settings>Content Filtering and select Cloud Based Filtering/Security to setup Zscaler Internet Security.! Detailed instructions are on the Cradlepoint Knowledgebase at http://knowledgebase.cradlepoint.com/articles/support/configuring- Zscaler- Internet- Security How does my Cradlepoint router connect to the Zscaler Internet Security service? Supported options for Cradlepoint routers with FW5.3 and higher include; If they are public anycast DNS servers, anyone can use them. What is different? Fixed IP address: For locations with a fixed public IP address DNS over TLS tunnel: For locations with dynamic IP addresses on the WAN side, (e.g. 4G cellular connections that are NAT ed or ISPs that intercept DNS traffic to redirect to their DNS servers). Dyn DNS Service: for locations with dynamic IP address if the customer prefers to use DynDNS YES, they are public global DNS servers. We are not restricting end- users from using our DNS service and configuring Zscaler Internet Security servers for look- ups. Although, without registering with Zscaler as a customer, no security policies will be applied to the end user. It s ONLY when the DNS queries are coming from a known customer, location &/or user, the company security policies will be applied. Otherwise, it is like any other DNS service the end user chooses to configure (similar to Google DNS) 2

How do you identify what company security policies to apply? Can I create custom filtering and security policies? What if I have multiple WAN providers at the same location? The customer s Zscaler Administrator sets up a location through the Zscaler Portal, and then can assign content filtering and security polies to each individual location or groups of locations. Administrators can define as many policies as required, including custom policies, and manage these policies by location. Yes. Administrators can define any number of custom filtering and security policies. Administrators can select from 90+ categories for content filtering/classification. Administrators can also import custom URL categories and define as whitelist or blacklist policy. All security rules apply automatically to each Administrator defined Policy. Administrator can add multiple Public, TLS, or DynDNS) IP addresses per location in the Zscaler Portal. This will associate those providers IPs to the same location and will receive the same location policies during active/active or fail- over scenarios. SECURITY & PRIVACY CONCERNS Is DNS based filtering secure? Zscaler Internet Security is configured by setting DNS to 8.34.34.34 and 8.35.35.35 but it s much more than traditional domain filtering. It combines the simplicity of DNS and the powerful functionality of proxy technology in an intelligent and transparent way. Network traffic is redirected using anycast technology to the nearest Zscaler Internet Security datacenter. Real- time threat intelligence and corporate policies are applied to route the traffic:! Known malicious or unauthorized sites are blocked! Access to reputable or permissible sites are allowed! Potentially malicious or suspicious traffic that require deeper functionality and control such as Google safe search, is routed through Zscaler s proxy transparently. This dynamic inline inspection or traffic steering is called Intelligent Routing. Can a user by- pass Zscaler Internet Security security policy by going directly to the website s IP address? Can a user bypass the DNS settings on the router? Possible, but very rare. Although Zscaler does not protect against direct IP to IP communication, most internet sites redirect IP connections back to DNS host names for various reasons., (e.g. most sites have many frames that load from several different services requiring DNS lookups, malicious sites don t use fixed IP addresses, etc) Once the initial connection is attempted based on IP address, several additional DNS requests are made from the user s browser, on behalf of the server, to various other destinations, which will then be enforced as normal through Zscaler Internet Security. Cradlepoint router supports force DNS to Zscaler DNS in the setup of Zscaler Internet Security (Enterprise Cloud Manager or locally). An administrator can have Enterprise Cloud Manager lockdown the local router config so that no local users can change the configuration. 3

Does Cradlepoint or Zscaler have access to any private data within our organization? What information is stored within the Zscaler cloud? No. We do not have access to any user data or information. DNS requests, responses along with the time stamps and the requesting locations identity for all requests sent to Zscaler Internet Security. Zscaler Internet Security PERFORMANCE Will this security service add No. For any user or device, on- premise or roaming, Zscaler Internet Security security latency for end users? service will add no noticeable latency (and it is possible that an end users performance will actually improve because Zscaler s distributed service is peered with the top internet providers). You are already using a cloud- delivered/isp- offered external DNS service (such as Google or Level 3 DNS IPs), but your ISP does not offer any security policy or threat protection. With Zscaler Internet Security setup on your Cradlepoint router, it will use Zscaler DNS 8.34.34.34 and 8.35.35.35 to get the additional reliability and security. What happens when Zscaler That does not happen. Internet Security service is down? Zscaler Internet Security service is a cloud- based offering, is always available and is fully redundant and reliable. The Zscaler platform is physically running on thousands of processors in more than 100 of the highest quality data centers around the world. Each location has massive bandwidth, huge processing power and complete redundancy at every level. We provision our data centers so they have massive excess capacity even during the largest global events like the world cup or the Olympics we see a blip in traffic but little more. In the rare case something fails, we have automatic failover within an individual data center, and then if an entire data center fails, we have additional automatic failover to the next nearest data center. This is totally seamless to your company and to your users. Zscaler is such a large and distributed and inherently resilient system it has literally never gone down even during major disasters like hurricanes, earthquakes and typhoons that knock out individual data centers or even regions the system as a whole always continues to run, and your users are automatically re- routed. How scalable is the Zscaler Zscaler is a Security as a Service platform. With more than 5000 customers across all size solution? enterprises and all vertical markets, Zscaler Cloud processes over 13 Billion internet transactions every day making it the single largest collection place for malware samples. This provides us a unique opportunity to analyze, identify and stop the most sophisticated 4

and persistent threats. The Zscaler platform is physically running on thousands of processors in more than 100 of the highest quality data centers around the world. Each location has massive bandwidth, huge processing power and complete redundancy at every level. We provision our data centers so they have massive excess capacity even during the largest global events like the world cup or the Olympics we see a blip in traffic but little more. All the service is built ground up by our engineering team and was built to handle scale. Add your locations instantly on our cloud platform, without any delay or impact to the existing solution. PRODUCT FEATURES AND FUNCTIONALITY Does Zscaler Internet Security Zscaler Internet Security provides several key components of a Unified Threat replace my existing security Management solution, and when used with Cradlepoint router/firewall platforms and CP point product solution? Secure Threat Management, it delivers an effective layered security solution for the branch office. The Cradlepoint router/firewall provides firewall protection for all WAN/LAN and LAN/LAN segment traffic, and Zscaler Internet Security protects all the Internet/web traffic. Do I need Zscaler Internet Cradlepoint Threat Management (IPS) running on Cradlepoint s stateful firewall, when Security when I have combined with Zscaler Internet Security, addresses the key elements of a Unified Threat Cradlepoint Threat Management solution for branch offices. Management (IPS)? Cradlepoint s Threat Management solution provides additional layered security at the stateful firewall using Layer 4-7 Deep Packet Inspection to detect and prevent network intrusions. This enhances network security for all applications across LAN, WLAN and WAN segments. Zscaler Internet Security provides content filtering and security for all web- based applications and traffic. Does Zscaler Internet Security Yes for known viruses. Zscaler Internet Security receives the same URL and threat feeds as provide anti- virus protection? the cloud proxy platform. The Zscaler Cloud Platform processes over 13 Billion internet transactions every day making it the single largest collection place for malware samples. This provides us a unique opportunity to analyze, identify and stop the most sophisticated and persistent threats. If we identify a virus on a network once, we can then block it via Intelligent Internet Protection. Although, any first time virus (to Zscaler cloud) or file cannot be blocked using Zscaler Internet Security as it is not an in- line proxy solution. Zscaler does not look at all the content. In order to get always in- line content protection, upgrade to Zscaler Secure Web Gateway product. Cradlepoint routers also support Zscaler Secure Web Gateway (additional cost as licensed on a per- user basis). 5

Does Zscaler Internet Security block malicious attachments for web- based e- mail? Does Zscaler Internet Security provide DLP solution? Does Zscaler Internet Security provide anti- spam solution? Does Zscaler Internet Security inspect SSL traffic? What protections does Zscaler Internet Security provide for SSL traffic? When should SSL inspection be used? How does Zscaler Internet Security compare to a URL- list filtering solution running on a firewall/router? Zscaler Internet Security does not scan attachments downloaded using mail applications. However, any malicious attachments that subsequently call web services (botnets, Command- Control Networks, etc.) will be blocked by Zscaler Internet Security for all known malware. No. Zscaler Internet Security does not look at the content. In order to get full content and data loss prevention, upgrade to Zscaler Secure Web Gateway product. No. Zscaler is not an e- mail security platform. It will block and protect against any known malicious virus in the email attachment. Also block and protect against any malicious links clicked from within the email. Although it is not in- line between your exchange server and client to protect against spam. Yes. However, SSL inspection requires a certificate be installed on the end- user device in order for the SSL inspection to work. Zscaler s SSL inspection provides protection across the same threat categories as non encrypted traffic filtered content sites, safe search results, malicious content, phishing, CnC botnets, etc., are all filtered and blocked. Most often, the SSL inspection would be deployed on computers used by employees in the branch office where additional security is desired. SSL inspection is not advised for guest WiFi subnets. Zscaler s URL filtering capabilities are superior to legacy firewall and router based solutions for the following reasons: 1. Zscaler is cloud real- time security and filtering with global threat intelligence updates immediately. No need for signatures/patches to be developed, downloaded, and deployed to the router/firewall. Zscaler currently averages over 100k threat updates per day, all in real- time. As soon as a new threat is discovered, the next transaction anywhere in our cloud is protected. 2. Simple URL- based filtering on routers generally use a very static 'reputation only' list that is often out of date and incomplete. Zscaler's real- time dynamic security cloud on the other hand uses a proprietary 'Page Risk Index' that utilizes many types of threat intelligence feeds and analytics to ensure that its list of compromised domains is the most accurate and effective on the market. 3. Many of today s hackers use exotic 'fast flux' techniques (rapid DNS name changes) to keep their web resources free from simple IP/URL based security branch router based URL filtering can t keep up to date with these threats as even high quality 'reputation only' block lists are often very slow to add these new domains. 6

4. 5. Zscaler cloud uses best- of- breed intelligence and reputational scoring based on billions of global web transactions every month, which delivers the most accurate, comprehensive and up- to- date web security and content filtering. The Zscaler cloud has virtually unlimited capacity - no processor or bandwidth limits to create a bottleneck or single point of failure. Customers have no risk of outgrowing equipment, as the cloud capacity scales with them. 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information