Z Services Secure Web
Gateway Cloud

Z Services [Internet Security Cloud] is an physical extension of the Global Zscaler Cloud forming the Zscaler Middle East Cloud,
built physically within the Middle East boundaries at multiple highly available secure data centres in the United Arab Emirates,
Kingdom of Saudi Arabia, State of Qatar, State of Kuwait, Kingdom of Jordan and Republic Arab of Egypt.

Zscaler architecture, built on a foundation of almost 50 patented technologies, enables the Zscaler security-as-a-service,
which is unlike anything else available today.

Architecture—five key game changing technologies

The answer was a cloud-based firewall proxy architecture, designed to examine web traffic over all ports and protocols including the growing segment that was SSL encrypted. Policies must follow the user, regardless of their location or device. Security functionality must interoperate, combining findings from different approaches to deliver a holistic perspective.

The platform must be capable of recognizing threats independent of signature feeds, and should be able to propagate threat information across the cloud in real-time.Visibility must be available on demand, and go from an at-a-glance view to the user/device level in a few clicks.

Realizing this vision included design of almost fifty new, patented technologies, including:

  • Distributed, multi-tenant architecture, built from the ground up for elastic scale while maintaining security and data privacy.
  • 10 Gbps platform, based on a next-gen TCP stack and drivers as well as revolutionary Single Scan Multiple Action technology that enables inspection of every byte of traffic by every service.
  • ByteScan, which provides ultrafast content scanning as well as detection of malicious sites, content, and data loss, removing dependency on signatures.
  • Page Risk Index, which delivers dynamically computed information based on real-time web activities instead of relying on reputation alone.
  • Nanolog, which encrypts and compresses web logs in a 50:1 ratio to enable complete visibility and drill-down in seconds.

ByteScan

  • Ultrafast (body) scanning
  • Detect malicious content, data leakage, classify URLs

Page Risk Index

  • Dynamically computed
  • Better fraud prevention

Nanolog

  • 50:1 Log reduction
  • Real-time consolidation
  • Trans-level drill-down

10 Gbps Platform Latency in Micro-secs

64-bit Architecture, Next Gen TCP stack, Drivers; SSMA (Single Scan Multi Action)

How Zscaler works

Zscaler’s architecture was created from scratch as a pure cloud provider.

We deliver a truly multi-tenant and highly scalable platform by functionally distributing components of a standard proxy to create a giant global network that acts as a single virtual proxy.

Any user can go to any gateway at any time for policy-based secure Internet access. Zscaler infrastructure comprises three key components: Zscaler Enforcement Nodes (ZENs), Central Authority (CA), and Nanolog Servers.

Central Authority (CA)

The Central Authority complex is the brain of the Zscaler cloud. The CA manages and monitors all nodes and ensures that they are always up-to-date with the latest real-time feeds and software, and that they are synchronized to propagate threat intelligence cloud-wide.

The CA directs users to the closest Zscaler Enforcement Node, ensuring that policy follows the user with minimum latency. The Central Authorities are a globally distributed peer-to-peer cluster with an automatically elected master. This ensures all cloud components can always talk to a CA even if there are major Internet outages that isolate an entire region.

Through its multi-tenant architecture, the CA provides each organization with its own secure portal to administer policy. Any change to the policy is communicated to the ZENs within seconds. The CA provides an end-user authentication framework through integration with Secure LDAP or ID Federation systems.

Central Authority (CA)

Zscaler Enforcement Node (ZEN)

An enterprise forwards all web traffic to the nearest ZEN, where security, management, and compliance policies served by the CA are enforced. Powered by over thirty patents, each ZEN is a fully featured inline proxy that enforces policies with user-level granularity.

The ZEN incorporates a hardened custom-built OS and a custom TCP/IP stack to deliver 90% of transactions in less than 90 microseconds. Zscaler’s ByteScan technology enables each ZEN to scan every byte of the web request, content, responses, and all related data for inline blocking of threats like viruses, cross site scripting (XSS), and botnets. This capability also enables Dynamic Content Classification (DCC) of unknown sites. By scanning each page, the ZEN computes a PageRisk index for every page loaded and enables administrators to control content served to their users based on acceptable risk.

The ZEN also incorporates Zscaler’s unique authentication and policy distribution mechanism that enables any user to connect to any ZEN at any time. This enables enterprises to simply point traffic to any ZEN and ensure full policy enforcement, while getting all reports back in realtime.

Zscaler Enforcement Node (ZEN)

Nanolog servers

Backed with multiple patents, Zscaler’s Nanolog technology on every ZEN performs lossless compression of logs by a factor of 50:1, enabling administrators to access any transaction log almost instantly.

Logs are transmitted every second to the Nanolog servers over secure connections, and multicast to multiple servers for redundancy. Through an innovative reporting and database framework created specifically for web logs, the Nanolog server can support 15 million logs per second.

This technology provides an administrator with real-time reports and the capability to query complete transaction-level details for any user, department or location at any time in seconds. Each server has over 16 Terabytes of capacity, enabling Zscaler to provide multiyear data retention.

Nanolog servers

Security and data privacy

Data privacy and security are fundamental to any multitenant architecture. Zscaler ensures these principles in the following ways:

  • Z Services never store any transaction content
  • Transaction content is never written to disk, all inspection takes place in memory
  • Logs are stored and transferred in an encrypted format
  • Logs are only viewable via the Zscaler UI with Admin privileges
  • Z Services never store any transaction content
  • Transaction content is never written to disk, all inspection takes place in memory
  • Logs are stored and transferred in an encrypted format
  • Logs are only viewable via the Zscaler UI with Admin privileges
  • Z Services never store any transaction content
  • Transaction content is never written to disk, all inspection takes place in memory
  • Logs are stored and transferred in an encrypted format
  • Logs are only viewable via the Zscaler UI with Admin privileges

Z Services Middle East Security Cloud

Built physically within the Middle East boundaries at multiple highly available secure data centers in the United Arab Emirates, Kingdom of Saudi Arabia, State of Qatar, State of Kuwait, Kingdom of Jordan and Republic Arab of Egypt, offering:

  • Largest, and the only Middle East based internet Security-as-a-Service cloud infrastructures;
  • Spanning across 17 Middle East highly available and most secure Data Centers, including 5 data centres for logging and reporting processing;
  • Offering the Middle East region over 65Gbps and growing of full http and https deep packet inspection, protection, security analytic in a highly redundant internet security-as-a-service capacity;
  • Operating Zscaler Middle East as local cloud security platform while transparently connected to the Global Zscaler Cloud 100+ global Data Centers, forming the largest cloud security ever existed;
  • Supporting intra Middle East as well global Internet Security user policy roaming;
  • Direct to the net security and protection across the entire middle east region;
  • Single Security UI per corporate in respective of number of branches, locations and mobile users across the middle east region or world-wide;
  • In region unique SLA’s for faster internet response, end user security experiences; security protection and per country customer logging retention and reporting;
  • In country enterprise level cloud Sandboxing for https and https security check;

Internet Cloud Security

Internet Security

Web Security
Mobile Security
Bandwidth Qos
Cloud Firewall
Antivirus

Advance Threat Prevention

Ransomware Protection
SSL Inspection
Advanced Protection
Cloud Sandboxing

Data & Access Protection

Office 365 Deployment
SIEM Integration
Guest Wi-Fi Security
DLP Internal Data
DLP Cloud Data
11
Cyber Security Processing Data Centers
04
Logging Data Centers
10
Largest Middle East Service provider
Regulatory Compliance
Learn how Zscaler can protect your organization Request A Demo