Zero Trust Branch: Say Goodbye to Lateral Threat Movement

With a Zero Trust Branch architecture, you don't need to extend your network everywhere - your branches become like cafés. Users, devices and apps communicate through the Zero Trust Exchange over any broadband or cellular connection. There are no open ports listening for VPN connections that attackers can exploit. A device in one location cannot scan the network to find devices and apps in other locations. With no flat routable network, you don't need firewalls at each branch.

Zero Trust Branch is made possible by three key Zscaler innovations. Firstly, Zscaler Zero Trust SD-WAN replaces your traditional SD-WAN, MPLS or site-to-site VPNs and facilitates secure inbound and outbound communications from your branch. Using a Zscaler Edge appliance that directly terminates and manages your ISP connections, Zero Trust SD-WAN optimizes app performance and provides full cyber threat and data protection for all user, device and server traffic from the branch. With three physical appliances (ZT 400, ZT 600 and ZT 800) and a virtual appliance (ZT VM), organizations can connect a variety of branches, campuses, factories and data centers to the Zero Trust Exchange.

We are pleased to announce new Zsaler Edge appliances with 5G cellular support, as a primary or backup ISP connection, to secure additional locations such as ATM machines, field offices and retail stores. In addition, we are also announcing higher throughput appliances that will support up to 5 Gbps encrypted throughput to enable multiple gigabit fiber connections operating in active-active mode.

Zero Trust SD-WAN ensures threats cannot move laterally between sites. Within the sites, Zscaler innovations in Zero Trust Device Segmentation help you further segment each device down to a network of one - eliminating the need for east-west firewalls, NAC and expensive proprietary switches. Deployable in hours, this innovative solution discovers, identifies and segments every device - even legacy OT systems - and eliminates all lateral movement within the site.

Another significant risk factor for lateral threat movement is third-party vendors and contractors accessing OT systems and servers. Traditionally this has required a network connection or a VPN which would bring unmanaged/unknown devices onto your network with direct access to your critical assets. Zscaler Privileged Remote Access provides a safer approach that does not require a network connection between third-parties and your infrastructure. Using clientless browser-based access and pixel streaming technology with keyboard and mouse control, you can enable remote technicians to safely access your OT systems, with full supervision, session recording and file sandboxing controls, to help minimize risk to your factories and ensure personnel safety.