During Zenith Live 25 in Prague, Enterprise IT News sat down with Adam Geller, Chief Product Officer at Zscaler, to discuss the company’s evolving product strategy, the impact of recent acquisitions, and how artificial intelligence is reshaping the cybersecurity landscape. 

He provided a clear and comprehensive overview of where Zscaler used to be and the very exciting future it is headed towards, as the organisation continues to secure their customers’ environments and data. 

Network constructs versus the business policy construct

The main thing that makes Zscaler stand apart from other companies that offer Zero Trust capability is how they approach networking. “I think many companies subscribe to zero trust as an approach and so the principles are similar.

“It’s a question of how well you can do it, and how you define it,” said Adam. 

For example, a solution may be connecting the right business users to the right business applications, but they could be defining it via IP addresses or other network constructs.

“So, you wind up being overly permissive in what you connect together,” Adam pointed out.

He explained that, the organisation’s unique differentiator lies in its ability to enforce business policy at a granular level – connecting the right users to the right applications, regardless of network and location because it is able to move beyond network constructs like IP addresses and instead leverage identity and context to minimise unnecessary permissions and reduce risk.

Crystallising the Zscaler mission to the market

Adam had joined the company nine months ago, excited about the company’s mission of enabling any-to-any communication via business policies and leveraging networks only as transport. “So I’ve spent a fair amount of time with Jay Chaudhry, our founder and CEO, talking to him before I joined about what his vision was for the company and where he thought it could evolve to.”

According to Adam, the zero trust concept means not ever trusting anything to connect to anything else until validation is done. “And the way you validate is you have to understand the identity of who or what that is asking to communicate or connect.”

Earlier in his career, this CPO confessed he had found satisfaction in installing firewalls and working with network infrastructure.  

Those days are long gone, and currently he emphasises that Zscaler makes zero trust achievable and implementable at scale in a way that’s difficult with the network-based policy constructs of firewalls and VPNs.

This is due to the solution’s ability to secure and simplify network access without relying on complex network-based policies, effectively replacing the need for complex firewall configurations.

“We recognise that we are more and more mission-critical for our customers. So we have and will continue to make substantial investments in all of our capabilities around zero trust everywhere, including expanding our footprint for global coverage.”

Synergistic acquisitions

According to Zscaler CEO Jay Chaudhry, the company processes over 500 billion transactions daily, a figure which is 50 times what Google Search processes every day. This translates to 500 trillion security signals across Zscaler’s global security cloud, which is derived from analysing hundreds of billions of transactions and requests.

Calling this wealth of information a data asset, Jay also shared about customers who have asked Zscaler to do more with logs and the telemetry data which it collects. 

Recognising the potential this data asset has in enabling better security operations or SecOps, the company had acquired Avalor and Red Canary with the objective of accelerating its vision of an agentic-based security operations centre (SOC).

Agentic security operations

Avalor’s capability entails building a data fabric that serves multiple applications, and it does this by taking transaction level info and telemetry, synthesising and deduplicating data, adding context, and creating entity relationships.

Now, this foundational data intelligence layer is anticipated to power up Red Canary’s automation and investigation capabilities as an MDR (managed detection and response) solution, and ultimately enable different agent-based security operations like data collection, investigation, policy enforcement, and so on.

There is potential to significantly reduce task execution from 40 minutes all the way down to 3 minutes.

Jay explained, “We aren’t becoming an MDR company. We are fundamentally a technology company. This acquisition allows us to get to the market with a more comprehensive solution. 

“Again, we will work with all the partners to make this technology available for you.”