We were thrilled to welcome customers, prospective customers, journalists, and industry analysts to the opening day of our annual Zenith Live user conference in Las Vegas yesterday.
My fellow Zscaler executives and I were excited to showcase all of the hard work our product and engineering teams engaged in over the past year. These industry-redefining innovations in the arenas of AI-enabled security, data-driven business intelligence insights, and product enhancements promise to further strengthen the platform underpinned by the world’s largest security cloud.
Jay Chaudhry sets the table for disruptive innovation with his CEO keynote
Zscaler CEO, Chairman, and Founder Jay Chaudhry introduced several new Zscaler innovations by stressing that these capabilities were built on top of the existing platform. A guiding principle for the 15-year-old company has always been to help its customers consolidate vendors and eliminate point products.
"Our goal," Jay said, "is to be integrated, comprehensive so you don't have to deal with multiple point products that don't work with each other."
New offerings weren’t cobbled together from a string of acquisitions to add functionality in areas that were lacking, he pointed out. They weren’t dreamed up to extend product lines and create additional revenue streams. They were not knee-jerk attempts to capitalize on the buzz surrounding AI.
Instead, they capitalize on Zscaler’s massive cloud security data lake for training sophisticated AI models to provide advanced insights to our customers. These insights were always present in the more than 300 billion transactions and 500 trillion daily signals seen by the Zscaler Zero Trust Exchange each day. AI simply allows us to process and serve them to users in scalable, intuitive, and actionable ways.
Customers are always central to the Zenith Live agenda, and this year’s features many who were instrumental in conceiving and developing the innovations unveiled at this year’s event.
First, Jay welcomed Christopher Porter, SVP & Chief Information Security Officer at Fannie Mae, to the stage to describe how the company jumped out of the gate early to begin its transformation journey.
Christopher explained how Fannie Mae’s digital transformation began after they migrated key business applications like ServiceNow and Office 365 to the cloud. The company’s on-premise proxies could not keep up with the scale of traffic headed for the internet. That all changed when they switched to Zscaler Internet Access, allowing users faster and more secure internet access.
"[Zscaler] changed the experience to where it's the same whether you're home, whether you're at Starbucks or you're in one of our physical buildings," Christopher said.
As with many companies, the pandemic accelerated Fannie Mae’s transformation. It was the impetus for pushing out Zscaler Private Access (ZPA). Porter said it allowed him to sleep better at night since it removed the threat of lateral movement previously introduced by a VPN solution. More data protection capabilities followed: exact data match, index document matching, and integration with Microsoft information protection capabilities.
Next, Jay discussed Zscaler's first foray into hardware with Justin Dustzadeh, Chief Technology Officer at Equinix. Equinix is a global digital infrastructure platform with over 240 highly reliable data centers connected by a global software-defined backbone network.
A partner for more than a decade, Equinix had a vision of evolving its infrastructure security and interconnection consumption from box-based point solutions to a cloud-native, software-enabled, and customizable platform that could secure any-to-any capabilities for its user while enforcing policies and preserving visibility. The result, Zero Trust Branch Connectivity, is a plug-and-play appliance for securely connecting branches while reducing the cost and security risks associated with VPN-over-SDN-WAN connections.
"We are partnering to take friction away and make secure cloud-to-cloud and hybrid multi-cloud interconnection an easy and enjoyable experience for our users," Justin said.
To cap off the CEO keynote, Microsoft Chief Security Advisor James Eckart joined Jay and Zscaler EVP, Business and Corporate Development Punit Minocha onstage to explore the partnership between the two companies.
"One of the things Zscaler first did with Microsoft, very successfully, was allow us to go straight from the endpoint to Office 365 while crossing Zscaler's complete security stack," James said, "so we could get around all of the hair-pinning and latency issues we were experiencing in our data centers. That was just really a boon for everybody. It created a lot of user delight."
How the “strategic imperative” of cybersecurity aligns with Hyatt Hotels’ mission
I also had the good fortune of sitting down with my good friend and longtime Zscaler customer Ben Vaughn, SVP & CISO of Hyatt Hotels, for a fireside chat. For Ben and Hyatt, cybersecurity is integral to the company's core purpose: care.
"What an amazing purpose for a hospitality company, but what a really amazing purpose to have for a cybersecurity department," Ben remarked.
As always when I talk to Ben, our conversation ranged from the idealistic underpinnings of a career in cybersecurity to its tactical implementations like risk transfer via cyber insurance – something for which Hyatt has a very innovative approach – to the importance of turning on SSL inspection to protect guests and employees from those who would try to do them harm online.
In talking about Hyatt's adoption of zero trust and what it means to the company, Ben acknowledged it has become a loaded term but boiled it down for his team as referring to validating traffic, identity, and security posture at multiple points within its environment.
Vaugh also discussed the challenges of securing a highly mobile workforce that often shuffles among the company's more than 1,250 properties. "When we look for security technologies like Zscaler, cloud-based security delivery mechanisms are really important to us because we just can't rely on security to only exist the moments that you're inside our hotel," he explained.
Of those 189,000 colleagues Hyatt and Ben rely on Zsclar to help secure, only roughly 40 work in cybersecurity directly. Vaugh attributes this to his team’s willingness to use the full suite of capabilities Zscaler offers to enhance Hyatt’s security posture.
"I think we owe it to Zscaler and ourselves to push the buttons you give us because those buttons are the way we seize the initiative from threat actors," he said. “We make the amount of people that are required to respond to incidents that much smaller because we push the buttons”
Ben wrapped our conversation with his advice for practitioners looking to stay in the field for the long run.
"Find a way to tie what you do every day to what the company does every day," Ben says. "I think you might find that that makes it a lot easier to get permission to push that button."
The power of Zscaler intelligence: Generative AI and a holistic view of risk
Zscaler EVP & Chief Innovation Officer Patrick Foxhoven fittingly kicked off the Zenith Live innovation deep-dives by introducing many new features and enhancements made possible by AI.
"We've been at this for a long time, so AI's not new, but I'll make a statement. We do think it has the potential to change everything," said Patrick.
But the technology is not without risk, he noted. Both deepfakes and data loss can be enabled by the same generative AI capabilities we expect will also change the world in more positive ways.
As Zscaler VP, Product Management Sanjay Kalra took over to explain, new Zscaler capabilities are focused on advancements in three key areas:
- Enabling Zscaler customers to use generative AI safely – You can’t protect against what you can’t see, so Zscaler began by adding a new URL category and cloud app for tools like Bard, ChatGPT, and others. This allows admins to finely control who is able to access these tools and enforce browser isolation to protect against sensitive data being uploaded. Zscaler also now provides risk scores for commonly used apps to determine if their AI integrations pose a threat based on the application’s security posture and data retention policies.
- Building new and enhancing existing products – Zscaler announced it is releasing its own proprietary natural language processor, dubbed Zscaler Navigator, which draws from the company’s own data lake so users can interact with products, request usage statistics, and query support in an intuitive and conversational format.
- Increasing the efficacy of everything we do – Multi-modal scanning makes data loss prevention (DLP) even more effective by scanning images, videos, and even Zoom calls for sensitive information like intellectual property and preventing them from being uploaded to third parties, assisting security teams with one of the most challenging threats to contain – insider attacks.
Zscaler Global CISO Deepen Desai also walked attendees through the typical attack chain from downloading a malicious file to data exfiltration and, eventually, ransomware delivery. He explained how AI insights generated by Zscaler’s new Risk 360 platform can help security prioritize, isolate, and implement policies for preventing future process iterations.
"In my opinion, this all ends with AI vs. AI," said Aflac VP, Security Operations & Threat Management DJ Goldsworthy, who joined Desai onstage to discuss the reduced response time necessary to compete with AI-enabled attacks and how he worked with Zscaler to limit his attack surface and automate remediation efforts.
As Darin Hurd, Chief Information Security Officer at Guaranteed Rate, who provided feedback on the platform during development, put it, "What Risk 360 does for me is three things: First, it helps me more effectively communicate to my board. Second, it helps to prioritize where we spend our limited security resources. And third, at the end of the day, it inspires confidence because security is difficult and complex."
Raj Krishna, SVP, New Initiatives, wrapped by previewing how the forthcoming Zscaler Business Insights will leverage company data to help solve business problems such as understanding licenses purchased versus those deployed or tracking employee usage patterns to understand their return-to-office journeys better.
More on that to come…
This article originally appeared on CXO REvolutionaries