COMPANY NEWS: Zscaler, the leader in cloud security, today announced its new Posture Control solution, designed to provide organizations with a bespoke Cloud-Native Application Protection Platform (CNAPP) unified functionality to secure cloud workloads. Integrated with Zscaler Zero Trust Exchange, the Posture Control solution enables DevOps and security teams to effectively prioritize and remediate risks in cloud-native applications earlier in the development lifecycle. The completely agentless solution correlates and prioritizes risks, such as unpatched vulnerabilities in containers and virtual machines, excessive rights and permissions, and misconfigurations of cloud services.
“The cybersecurity landscape continues to evolve as more and more applications reside on multi-cloud footprints, making it harder than ever for security, IT, and DevOps teams to keep up with new types of threats. ‘attacks and effectively prioritize and then remediate cloud risks,’ said Z-scale President Amit Sinha. “Unlike point cloud security tools, which lack context and overwhelm operators with alerts while missing the full picture, Zscaler’s new posture monitoring solution correlates signals across multiple cloud security disciplines to identify and prioritize real risk factors and high-priority security incidents.Additionally, by extending security directly into developer workflows, infosec teams can collaborate more effectively with DevOps teams to proactively secure applications earlier. in the development life cycle.
Today, most organizations are forced to implement and manage dozens of one-time security tools to achieve comprehensive security coverage. These tools work in silos and aren’t integrated, leading to visibility issues, security gaps, and friction between cross-functional teams. However, due to the dynamic nature of the cloud, security risks are made up of a combination of several complex issues interconnected at multiple layers. To address this, security teams need a consolidated platform that prioritizes risk across all of their cloud environments.
To meet the scale and speed required for developing cloud-native applications, organizations need a unified approach that encompasses the entire continuous integration and continuous delivery (CI /CD), integrating seamlessly into development and DevOps workflows. They also need a simplified architecture that correlates issues across multi-cloud environments to better identify high-priority security risks and deliver remediation through each stakeholder’s preferred workflows earlier in the remediation process. development.
“As organizations increasingly move their applications to the cloud, security teams are struggling to keep up with cloud-native development as multiple siled tools create too many alerts that are difficult to manage and prioritize,” said Melinda Marks, senior analyst at Enterprise Strategy Group (ESG). . “With its integrated approach, Zscaler’s Posture Control solution can help security and DevOps teams better identify, prioritize, and remediate risks. With solutions like this, organizations can focus on key issues to reduce considerably their overall risk.”
Zscaler’s new Posture Control solution builds on the security capabilities of Zscaler’s proven Workload Communications solution, which is designed to secure cloud applications at runtime. Integrated with the Zscaler for Workloads service, Posture Control and Workload Communications are combined to unify the development and runtime security of cloud-native and VM-based applications running on any service in any cloud. The Posture Control solution provides comprehensive coverage of all cloud environments in a single view and unified data model to enable security, IT, and DevOps teams to secure cloud applications without disrupting development processes. Here are the main features of the Posture Control solution.
• Advanced Threat and Risk Correlation: Identify and assess the combination of multiple security issues that may appear to be low risk individually, but have the potential to create larger and more malicious risks in cloud environments when combined. These correlated risks are unified in a single view, giving security teams the context they need to properly explore and prioritize risks in the cloud.
• Agentless workload analysis: Avoid developer friction and eliminate blind spots due to incomplete security tool coverage with a 100% agentless, API-based approach. Virtual machines and containers are scanned both in registries and in production environments, correlating vulnerabilities with other cloud weaknesses to prioritize actions based on risk rather than CVSS score alone.
• Cloud security throughout the lifecycle: Detect and resolve security issues early in the development phase before they become production incidents with left-hand security. Zscaler monitors automated deployment processes and sends alerts when critical security issues are detected.
• Risk and compliance visualizations across the entire cloud: Gain 360-degree visibility into risk across the entire multicloud footprint, including VMs, containers, and serverless workloads. Zscaler integrates with development platforms like VS Code, DevOps tools like GitHub and Jenkins, and all major cloud providers to enable “build-to-run” visibility and control.
• Simplified and rapid deployment and operation: Zscaler and HashiCorp, a leader in multi-cloud infrastructure automation, have extended their integrations to secure cloud-native workloads in multi-cloud environments. The Posture Control solution can now easily analyze infrastructure models as code written in Terraform in the development environment. This left-shifted approach offers the opportunity to strengthen security in the CI/CD process, reducing friction between development and security teams, and providing rapid deployment of applications and a better security posture of workloads. cloud.
For more details on Zscaler’s posture control solution, please see here.
Z-scale (NASDAQ: ZS) is accelerating digital transformation so customers can be more agile, efficient, resilient and secure. Zscaler Zero Trust Exchange protects thousands of customers from cyberattacks and data loss by securely connecting users, devices, and applications wherever they are. Distributed in more than 150 data centers worldwide, the SSE-based Zero Trust Exchange is the world’s largest online cloud security platform.