Modernizing Authentication — What It Takes to Transform Secure Access
Cloud security vendor Zscaler has made a name for itself as a proxy that enterprises can use to filter traffic and provide security. The company is now augmenting its strategy with a new service that leverages DNS redirection, in a bid to minimize the amount of traffic that is sent up to the cloud while making security easier to implement.
Patrick Foxhoven, VP and CTO of Emerging Technology at Zscaler, told eSecurityPlanet his company has already filed for six patents on the new technology known as Zscaler Shift. Zscaler has 100 data centers that act as fast proxies that are protecting 4,500 companies today, he said.
With the Zscaler Shift approach, users set their DNS information to Zscaler and Web queries go through the Zscaler intelligent routing system. Based on the location or the user, the system is able to block by policy or route through the Zscaler proxies. A policy can also allow traffic to be resolved directly and not be routed through a Zscaler proxy.
The Zscaler Shift solution can provide security in multiple ways. One example cited by Foxhoven is enforcing the use of Google Safe Search, which restricts objectionable content from showing up in search results. With a check box in the Zscaler proxy interface, an administrator can set Safe Search as an enterprise policy, regardless of what the user has set on their own desktop.https://o1.qnsr.com/log/p.gif?;n=203;c=204634421;s=15939;x=7936;f=201702151714490;u=j;z=TIMESTAMP;a=20304455;e=i
"As long as DNS on the network is set to us, the user doesn't need to do anything else," Foxhoven said. "We can perform full SSL inspection as well."
Foxhoven sees the DNS approach for redirecting and inspecting traffic as being especially valuable to large distributed organizations like retailers. As opposed to a full proxy, which would require all bandwidth to go through the Zscaler system, with the Shift DNS service only an initial portion needs to go through the system to ensure security.
DNS-based security services are not an entirely new phenomenon in the marketplace. Vendors like Incapsula, CloudFlare and Akamai all leverage DNS redirection techniques to provide distributed denial of service (DDoS) protection to their users. OpenDNS has a service called Umbrella that extends the model, providing security for end users and mobile devices.
Foxhoven doesn't see any overlap with what Zscaler Shift promises and what CloudFlare, Incapsula and Akamai provide today. OpenDNS Umbella is more of a direct competitor, though Foxhoven stressed that Zscaler's proxy is a differentiating factor.
"Zscaler Shift is purely focused on protecting the user, which is just an extension of Zscaler's core space," Foxhoven said.
Sean Michael Kerner is a senior editor at eSecurity Planet and InternetNews.com. Follow him on Twitter @TechJournalist.