"The cybersecurity landscape continues to evolve as more applications reside across multi-cloud footprints, making it more difficult than ever for security, IT, and DevOps teams to keep up with new types of attacks and efficiently prioritise and then remediate cloud risks," said Zscaler president Amit Sinha. "Unlike point cloud security tools, which lack context and overburden operators with alerts while missing the full picture, Zscaler's new Posture Control solution correlates signals across several cloud security disciplines to identify and prioritise real risk drivers and high priority security incidents. Also, by extending security directly into developer workflows, infosec teams can collaborate more effectively with DevOps teams to proactively secure applications earlier in the development lifecycle."
Today, most enterprises are forced to implement and manage dozens of point security tools to achieve complete security coverage. These tools operate in silos and are not integrated, leading to visibility challenges, security gaps, and friction among cross-functional teams. However, due to the dynamic nature of the cloud, security risks are made up of a combination of several complex issues that are interconnected across multiple layers. To address them, security teams need a consolidated platform that prioritises risk across all their cloud environments.
To meet the scale and speed required for cloud-native application development, organisations need a unified approach that envelops the entire continuous integration and continuous delivery (CI/CD) lifecycle, integrating seamlessly with developer and DevOps workflows. They also need a simplified architecture that correlates issues across multi-cloud environments to better identify high priority security risks and deliver remediation via each stakeholder's preferred workflows earlier in the development process.
"As organisations increasingly move their applications to the cloud, security teams struggle to keep up with cloud-native development because multiple siloed tools create too many alerts that are difficult to manage and prioritise," said Enterprise Strategy Group (ESG) senior analyst Melinda Marks. "With its integrated approach, Zscaler's Posture Control solution can help security and DevOps teams better identify, prioritise, and remediate risks. With solutions like this, organisations can focus on the top issues to greatly reduce their overall risk."
Zscaler's new Posture Control solution builds on the security capabilities of Zscaler's proven Workload Communications solution, which is designed to secure cloud applications at runtime. Integrated with the Zscaler for Workloads service, the Posture Control solution and Workload Communications are combined to unify development and runtime security of cloud-native and VM-based applications running on any service in any cloud. The Posture Control solution delivers comprehensive coverage of all cloud environments in a singular view and a unified data model to enable security, IT, and DevOps teams to secure cloud apps without disrupting the development processes. Following are key features of the Posture Control solution.
• Advanced threat and risk correlation: Identify and assess the combination of multiple security issues that may appear to be low-risk individually, but have the potential to create larger, more malicious risks across cloud environments when combined. These correlated risks are unified in a singular view, giving security teams the context they need to properly explore and prioritise risks in the cloud.
• Agentless workload scanning: Avoid developer friction and eliminate blind spots due to incomplete coverage of security tools with a 100% agentless, API-based approach. VMs and containers are scanned in both registries and in production environments, correlating vulnerabilities with other cloud weaknesses to prioritise actions based on risk rather than on CVSS score alone.
• Full lifecycle cloud security: Detect and resolve security issues early in the development phase before they become production incidents with 'shift left' security. Zscaler monitors automated deployment processes and sends alerts when critical security issues are found.
• Risk and compliance visualisations across the entire cloud: Gain 360-degree visibility into risks across the entire multi-cloud footprint, including VMs, containers, and serverless workloads. Zscaler integrates with development platforms like VS Code, DevOps tools such as GitHub and Jenkins, and all major cloud providers to enable visibility and control 'from build to run.'
• Simplified, fast deployment and operations: Zscaler and HashiCorp, a leader in multi-cloud infrastructure automation, have extended their integrations to secure cloud-native workloads in multi-cloud environments. The Posture Control solution can now easily scan infrastructure-as-a-code templates written in Terraform in the development environment. This shift-left approach provides the ability to build security in the CI/CD process, thereby reducing friction between development and security teams, and providing rapid application deployment and better security posture of cloud workloads.
For more details about Zscaler's Posture Control solution, please see here.
Zscaler (NASDAQ: ZS) accelerates digital transformation so customers can be more agile, efficient, resilient, and secure. The Zscaler Zero Trust Exchange protects thousands of customers from cyberattacks and data loss by securely connecting users, devices, and applications in any location. Distributed across more than 150 data centres globally, the SSE-based Zero Trust Exchange is the world's largest in-line cloud security platform.