Zscaler’s Zero Trust Exchange Platform protects customers against threats such as malware by securely connecting users, devices, and applications in any location.
Extend unified security policy management to the Edge with Tufin integrations with leading SASE vendors including Zscaler.
Tufin is proud to offer you best-in-class integrations with Zscaler. With this integration, our customers can:
• Better protect your hybrid-cloud environments.
• Reduce the risk of security incidents and non-compliance.
• Reduce costs by matching the speed of IT operations to business needs.
Zscaler ZIA Cloud Firewall is the most comprehensive cloud-native security service edge (SSE) platform available, protecting web and non-web traffic from advanced threats and data loss in real time. The firewall improves connectivity and availability by securely directing traffic using local internet breakout without backhauling via VPNs. You can also create flexible access policies for cloud services and PaaS/IaaS with centralized policy management.
It offers integrated cloud-based next-generation firewall capabilities that enable granular control over several forms of your organization’s outbound traffic. You can configure the firewall with the following policies:
• Firewall Filtering Policy, which lets you add rules to allow or block specific traffic types from your network, and you can specify how sessions are logged.
• NAT Control Policy, which lets you add rules to perform destination NAT and to redirect traffic to specific IP addresses or ports.
• DNS Control Policy, which lets you add rules to allow or block DNS requests, redirect requests to another DNS server, or redirect DNS responses by substituting the IP address in a DNS response with a preconfigured IP address.
• IPS Control Policy, which lets you add rules for controlling and protecting your traffic over all ports and protocols using signature-based detection.
Zscaler ZIA Cloud Firewall protects your organization by enabling:
• Traffic management based on network and application services designated for the use of specific IP addresses, ports, and protocols.
• FQDN filtering so you can control network traffic based on fully qualified domain names (FQDN) and wildcard FQDN.
• Enforcement of location awareness policies so you can control traffic from known locations, sublocations, and remote users.
• Setting granular user awareness policies based on users, groups, and departments.
• Application awareness to identify and control traffic belonging to network applications using deep packet inspection (DPI).
• FTP traffic control that allows you to use configuration settings to manage native FTP traffic and FTP over HTTP traffic and configure policies permitting access to certain FTP sites.
• DNS security and control to define granular DNS filtering policies for control of DNS attributes, requests, and responses.
• Securing your traffic from DNS tunneling, malicious domains, malware, and phishing attacks for safer users and endpoints.
• Fully integrated security services in which contextual information is shared across a variety of services (DLP, sandboxing, APT, etc.) for greater protection and deeper visibility.
• Zero trust connectivity for IoT and OT devices, and secure remote access to OT systems.
• App-aware threat protection that supports application types across all network services (ports, protocols, network applications (SNI, DPI-based, application-based, UCaaS based on First Packet Identification, IP, FQDN groups, and other heuristic-based detections).
ZScaler ZIA Cloud Firewall leverages the cloud effect: any time the Zscaler cloud identifies a threat in the billions of requests it processes, that threat is blocked for all Zscaler users.
Tufin supports Zscaler ZIA Cloud Firewall for a seamless deployment experience. The partnership helps you rise to meet the challenge of distributed workforces, SaaS-based applications, and maintaining access control to keep your enterprise safe.
The Tufin Orchestration Suite (TOS) is a comprehensive solution for automatically designing, provisioning, analyzing, deploying, and auditing network security changes from the application layer down to the network layer for a more secure internet. Our unified security policy empowers your network and IT security teams to simplify workflows through a central interface for defining and enforcing policy controls over firewalls, switches, Software Defined Networking (SDN), private and public cloud platforms, and Kubernetes, down to any level of segmentation.
SSE is defined by Gartner as a convergence of cloud-based network security services delivered from a purpose-built cloud platform. It is considered a subset of the secure access service edge (SASE) framework. SSE architecture is dedicated entirely to delivering security services.
Zscaler Internet Access is a cloud-native security service edge (SSE) solution. It is a a SaaS solution to simplify network security and operations for cloud- and mobile-first enterprises. It boasts a seamless user experience.
All users, apps, devices, and locations get always-on threat protection based on identity and context. It provides inline inspection of all internet traffic, including SSL decryption, with a suite of “AI-powered” cloud security services. Zscaler claims to stop ransomware, zero-day malware, and advanced attacks leveraging threat intelligence from 300 trillion daily signals.
Zscaler applies the principles of least privilege to give users direct connection to private applications hidden from the Internet.while eliminating unauthorized access and lateral movement. A cloud native service, ZPA can be deployed in hours to replace legacy VPNs and remote access tools with a holistic zero trust platform.
It is a zero-trust, next-generation firewall that enables speedy, secure network connections for all internet traffic, including SSL encrypted traffic. This next-gen firewall (NGFW) and cloud security platform offers unlimited scalability and provides ongoing, consistent protection for users across your corporate network, no matter their device or location.
Zscaler Cloud Firewall allows teams to:
• Provide DNS security with local resolutions that maintain performance while protecting users from malicious sites and DNS tunneling.
• Proxy everything that appears to be HTTP/HTTPS, DNS, or FTP traffic with an advanced deep packet inspection engine.
• Inspect and identify advanced threats and hidden attacks, even on non-standard ports.
• Maintain security with a cloud intrusion prevention system (IPS) that runs 24/7.
• Gain cloud-delivered threat protection with presence on the global edge.
• Enact URL filtering and configure policy rules.
• Attain superior cloud security outcomes from Zscaler’s Zero-Trust Exchange, a cloud-native security service edge (SSE) platform.
• Ensure quality user experience with direct-to-cloud architecture that optimizes ever user paths.
• Obtain end-to-end visibility into app and endpoint performance.
• Configure firewall policies and define rules for firewall filtering, NAT control, DNS control, and IPS control policies.
It is Zscaler’s cloud native platform that connects workloads, devices, and users instead of putting them on the corporate network. The platform verifies the identity and profile of the user, their device (including IoT devices), for workload through third-party access management providers.
The Zero Trust Exchange helps teams to:
• Minimize attack surface, find threats hiding in encrypted traffic with SSL inspection, and protect against threats like malware.
• Overcome the pitfalls of traditional firewalls, including high false positives and attacks over encrypted traffic.
• Implement zero-trust software-defined WAN (SD-WAN) that harnesses connectivity to secure communications across branches, data centers, cloud services, SaaS, and public clouds.
• Eliminate site-to-site VPNs and enable application and network access across branch offices over the internet.
Zscaler Cloud Sandbox is a malware prevention engine that delivers inline, latency-free traffic inspection across web and file transfer protocols, including SSL/TLS.