VPNの脆弱性に関する不安が広がっています。ZPAの60日間無料トライアルを利用して、VPNからの移行のメリットをお確かめください。

The NGFW Made History. Now, It May Be History.

0

Detecting and stopping today’s advanced threats requires more than traditional stateful or next-generation firewalls.​​​​​​​

Threats are lurking in encrypted traffic

The vast majority of threats now hide behind encryption, allowing threat actors to to infect users, shroud data exfiltration, and hide C2 communications. TLS/SSL inspection is simply no longer optional—it’s a must to protect your users and data.

Source: 2023 ThreatLabz State of Encrypted Attacks Report

threats-are-lurking-in-encrypted-traffic

Traditional firewalls weren’t built to inspect encrypted traffic

TLS/SSL inspection is processor-intensive, and most firewall appliances simply can’t handle it, grinding performance to a halt. As a result, supporting TLS/SSL inspection on an appliance often forces you to provision between 5x and 10x the amount of hardware you would need otherwise.

traditional-firewalls-weren’t-built-to-inspect-encrypted-traffic

Full inspection requires a cloud-based proxy architecture

Zscaler Firewall is built on a highly scalable proxy architecture that handles TLS/SSL inspection at scale. Our footprint allows us to process increasing TLS/SSL bandwidth and sessions without costly upgrades or reduced inspection. You get limitless decryption on all ports at a flat per-user cost.

Traditional firewalls have blind spots

Traditional firewalls use IPS and AV to protect against signature-based threats, which make up a fraction of the total threat landscape. But since almost 90% of signatures were written for HTTP and DNS, signature-based protection is no longer enough. To fully inspect HTTP, HTTPS, and DNS traffic, you need a proxy-based architecture.

traditional-firewalls-have-blind-spots

Protecting your most vulnerable protocols

Zscaler Firewall uses an advanced deep packet inspection engine and proxy-based architecture to proxy everything that appears to be HTTP/HTTPS, DNS, or FTP traffic, regardless of port. That means you’ll find more threats for your most vulnerable protocols, whether your users are at HQ, a branch office, or remote.