Zero Trust

Modern enterprise security is a big data problem and it’s best solved in the cloud

Jun 16, 2021
Big data meets zero trust in the cloud

One common question we get about cloud-based zero-trust architecture is about stability and scalability. 

If you’ve seen any of our customer presentations, you may recall that the Zscaler Zero Trust Exchange processes around 150-160 billion requests on a daily basis (a number that doubles every 20 months) across 150 data centers around the world. 

How are we keeping up with the continually expanding global traffic on the enabling cloud platforms? The answer is we are a cloud-built service that leverages cloud technology as it was designed to be used. 

Zscaler runs applications on native/owned hardware and hypervisors. But since a lot of non-dataplane services do not need dedicated hardware, some applications are better incubated in IaaS and microservices infrastructures and then later migrated. This allows for more agile development.

The architecture is backed by over 100 patents and scales elastically to handle massive spikes in traffic. During the pandemic, a Zscaler customer securely hosted a company-wide global video webcast for over 70,000 employees. It went smoothly, mostly because our cloud-based services could easily cover the traffic spike by elastically ramping up resources. A legacy hardware solution with limited bandwidth might not have handled it as well.

Another key Zscaler architectural decision for  delivering an entire security stack as a cloud service is multi-tenancy. Multi-tenancy has many advantages in use cases that require massive on-demand compute resources, such as a hyperscale cloud. Cloud SaaS solutions such as Salesforce and Workday use multi-tenancy. 

For cloud-based security, a multi-tenant platform provides three powerful capabilities:

  • Scales to meet increasing demands and spikes in traffic without impacting performance. 
  • Provides “cloud effect,“ which means that as soon as any threat is detected on the Zscaler cloud, we can instantly protect all our customers against it.
  • Simplifies user onboarding, as there is no difference between onboarding 10,000 users from one company or 10 users from a 1,000 companies. 

When all cylinders are firing, the metrics speak for themselves. Consider an average enterprise user browsing the Internet and accessing cloud apps: Microsoft M365 for email and collaboration, Salesforce to update customer account information, and so on. The number of resultant daily TCP sessions will be very high. How high? Well, for companies shifting from on-prem Exchange and Sharepoint to Microsoft 365, average user sessions can be five to 10 times greater. 

Now multiply that by all the users in the enterprise, and then again by all the enterprises with the same dynamic worldwide. You are left with exponential growth in transaction volume. The Zscaler platform tracks this increase as the chart below illustrates: 

A platform architected using multi-tenancy and powered by elastic cloud resources absorbs the exploding demand without reducing performance. To the contrary, the platform’s stability has improved over time, as evidenced in the inversely proportional (to traffic growth) drop in support tickets raised by customers. 

Ensuring security for all these transactions means checking every one for malware and data loss. 80% of all internet transactions are SSL encrypted, meaning you need to crack these open and inspect the contents. And inspection decisioning must be incredibly fast so that users do not experience any added latency. 

This is only possible when you run all security engines (URL filter, IPS, content scanning, APT and Sandbox, DLP and CASB) in parallel, reading from the packets in memory and coming with their verdicts. This is called SSMA (Single Scan Multi Action), which radically improves user experience compared to engines running in a sequential, proxy-chain manner. It works by stripping the IP header off the packets before performing all scans simultaneously with minimal latency since all operations are done in memory only. This results in better speed and security. 

When you consider how much smarter cyber adversaries have become, how their tool sets have evolved (ransomware payloads, user credentials from past attacks), and their availability on the dark web, it can fill any security and networking executive with anxiety. Given the sheer volume of cyber-nefariousness, many companies are now bracing for a “when” response rather than “if” when focusing on continuously reducing threat, vulnerability, and risk exposure. 

To outsmart the adversaries, Zscaler’s cloud harvests billions of transactions (not the payload but the metadata) using Machine Learning. The resultant insights help to identify attack patterns, improves speed of detection, and lowers false positives. Some examples are auto-classification of URLs and web content or detection of malicious files meant for Zero Day attacks. This ML-driven security posture gets amplified in the multi-tenant cloud architecture to protect all customers.

Since March 2020 there has been a 500% increase in ransomware attacks over TLS. From January to October of the same year, the Zscaler platform blocked 193 million phishing attempts over encrypted channels and discovered that 30% of encrypted attacks were delivered via AWS, Google Drive, OneDrive, and Box, according to Zscaler ThreatlabZ.

Zscaler has identified and stopped 6.6 billion threats hidden inside encrypted traffic last year, a 260% increase from 2019. These staggering numbers are only possible with a stable and scalable cloud-based solution. 

What to read next 

Banking on old networks: How legacy architectures limit business growth in India