Adam Geller, CPO of Zscaler discusses more about the role of ML in threat intelligence, AI and automation must-dos, the latest innovations at Zscaler, and more about the elements of a hybrid security strategy in this interview:
—————
Hi Adam, please tell us a bit about your journey and what inspired you to focus on cybersecurity and cloud-first solutions.
My journey in cybersecurity has been driven by a passion for leveraging technology to solve complex problems. My experiences at Exabeam, where I focused on AI-driven security operations, and other roles I’ve had where I launched and grew multiple product lines centered on virtualization and cloud, have shown me the importance of securing digital environments. Managing security services and identity and authentication, as I did at NTT Communications and VeriSign/Symantec further solidified and fueled my passion for cybersecurity.
Recently joining Zscaler, I’m constantly inspired by the entire team and the opportunity to advance our product vision and innovation, ensuring that we continue to lead in zero trust and cloud security for all of our global customers. The evolving threat landscape and increasing reliance on the cloud makes it imperative to develop cutting-edge solutions that not only make the attack surface invisible but also anticipate, secure, and simplify the business experience for organizations worldwide. Furthermore, any advanced cybersecurity solution must leverage and harness the power of AI to fight AI with AI.
Also Read: CIO Influence Interview with Stuart Strickland, Wireless Chief Technology Officer, HPE Aruba Networking
How does Zscaler leverage threat intelligence across its platform to proactively protect users and organizations from cyberattacks, and what role does machine learning play in this process?
Zscaler proactively protects users and organizations by leveraging its cloud-native platform powered by advanced AI and machine learning. The Zscaler Zero Trust Exchange processes over half-a-trillion transactions daily, integrating real-time global threat intelligence to identify and block threats like ransomware.
Zscaler’s machine learning algorithms play a crucial role by continuously learning from the data, identifying new and evolving threats efficiently and effectively. They enhance threat intelligence by correlating data, identifying patterns, and predicting potential attack vectors, which then update security policies and defenses automatically.
The Zero Trust Exchange ensures every connection is authenticated and inspected, minimizing the attack surface and ensuring threats are mitigated before causing harm. It dynamically enforces security policies based on real-time intelligence, automatically taking action to contain and remediate threats.
Zscaler’s combination of global threat intelligence, AI and machine learning, and real-time analytics ensures swift and effective identification and mitigation of cyber threats, keeping users and organizations secure. And that’s why 45% of the Fortune 500 and 50 million users choose Zscaler for their cybersecurity needs.
Given your background in AI-driven security, how do you think artificial intelligence is transforming the cybersecurity landscape, particularly in the context of cloud security?
AI is having a transformative impact on cybersecurity, especially cloud security. At Zscaler, we’re leveraging AI and machine learning for real-time threat detection and response, significantly reducing the workload for security teams while providing best-in-class protection against attacks. The Zscaler Zero Trust Exchange was built with AI in mind from day one, powering our incredibly powerful AI engine.
AI is also transforming the cybersecurity landscape in unprecedented ways; for example, AI is significantly increasing ransomware attacks. Protection methods must employ robust security measures including data protection, thorough testing, and advanced detection methods. Here at Zscaler, we’re committed to harnessing AI’s potential while addressing the challenges of ensuring the best protection in today’s increasingly complicated cybersecurity landscape.
Also Read: How CIOs Can Take Control of Cloud Costs
How does Zscaler incorporate AI and automation into its platform, and what future developments do you foresee in these areas to enhance threat detection and response capabilities?
Zscaler offers a set of advanced security solutions designed for IT and security teams to leverage the full potential of generative AI while preserving the safety of enterprises’ intellectual property and their customers’ data. By employing our vast data pool consisting of over half-a-trillion transactions a day powering our security cloud – the largest cloud security platform in the world – Zscaler utilizes AI/ML and generative AI to not only predict breaches but also recommend policies to deliver superior threat detection, prevention and response.
Through the integration of AI/ML, last summer we introduced new AI-based security controls to combat the latest attacks and further enhance data protection, ensuring secure usage of generative AI within the enterprise. With AI-powered root cause analysis, inventory metrics, deep integrations, and ISP insights, Zscaler aids IT teams in quickly identifying and troubleshooting problems.
Our innovations include
-
Data Protection for AI: Zscaler Data Loss Prevention (DLP) prevents potential data leakage and enables organizations to record and retain content, including prompts to generative AI queries and outputs of publicly available LLMs and AI applications, for security and audit purposes in their environments.
-
AI Total: A comprehensive risk scoring system for an exploding number of AI applications, taking into account the applications’ risk profiles and privacy policies.
-
AI Visibility and Access Control: A new URL category and cloud application specifically tailored for monitoring AI application usage. This innovative solution offers the versatility to establish a variety of disparate policies for different user sets and groups, granting organizations precise control over access to AI applications. By implementing cloud-based remote browser isolation, Zscaler provides an additional layer of security while restricting potentially hazardous actions, such as uploads, downloads, and cut-and-paste functions when accessing AI applications.
Delivering impactful AI-powered outcomes requires large volumes of diverse, high-quality data and a sophisticated AI engine to precisely train AI models to produce meaningful and accurate results. Zscaler’s AI advantage is the result of 18 years of expertise and leadership in developing and operating the Zscaler Zero Trust Exchange. The platform’s proxy-based architecture and cloud security data lake combined with Zscaler’s large language models (LLM) for secure connectivity provide one of the most comprehensive views of an organization’s security posture while also delivering large volumes of valuable anonymized training data to continuously improve the AI models and intelligently predict breaches with precision at an unprecedented pace.
What do you believe are the critical elements of a hybrid security strategy that can ensure smooth operations and strong protection?
A robust hybrid security strategy hinges on a few critical elements to ensure smooth operations and strong protection. First, implementing a zero-trust architecture is essential, as it continuously verifies users and devices before granting access to resources, regardless of their location. Second, seamless integration between on-premises and cloud environments is crucial to maintaining consistent security policies and visibility across the entire network. Third, leveraging advanced threat intelligence and real-time analytics helps identify and mitigate threats swiftly. Additionally, incorporating automation and AI and ML can enhance threat detection and response, reducing the burden on security teams. Finally, regular training and awareness programs for employees are vital to minimize human error and ensure everyone understands their role in maintaining security. By combining these elements, organizations can effectively protect their hybrid environments while ensuring uninterrupted operations.
Finally, with data privacy regulations becoming more stringent worldwide, how does Zscaler help enterprises comply with laws like GDPR and CCPA while maintaining high standards of security?
At Zscaler, we dedicate a lot of time and resources to ensuring that our platform is fully compliant with the latest privacy standards. First and foremost, we help our customers address the foundational obstacles that often hinder compliance efforts. This includes providing in-depth visibility into their traffic, identifying where sensitive data resides within their environment, and understanding how it flows. This clarity empowers organizations to fully assess their infrastructure, detect potential gaps or risks, and take directed actions to minimize exposure. For organizations with large attack surfaces, a mix of point products, and complex configurations, demonstrating compliance with both internal stakeholders and external auditors can become a formidable task. By consolidating these elements into a unified, centralized platform, we not only simplify compliance but also drive operational efficiencies and minimize the risk of human error or configuration gaps.
In addition to these capabilities, innovative tools such as Risk 360 further elevate this process by mapping risks to established security frameworks and helping organizations act with confidence. This allows our customers to navigate their compliance requirements with precision and superior risk management.
Looking ahead, the rapidly evolving landscape of privacy in the context of AI and machine learning solutions presents exciting new opportunities and challenges. Initiatives like the forthcoming EU AI Act are expected to introduce additional compliance and privacy complexities for organizations. Our goal is to stay ahead of these developments and continue to empower our customers by providing solutions that simplify compliance with these emerging frameworks.
[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]
Adam Geller is responsible for advancing Zscaler’s product vision, innovation, design and development. Prior to Zscaler, Adam served as Chief Executive Officer of Exabeam, a cybersecurity company specializing in SIEM solutions. With his strong background in technology and business leadership, Adam was instrumental in driving Exabeam’s vision to be the AI-driven security operations platform for organizations worldwide.
Zscaler accelerates digital transformation so customers can be more agile, efficient, resilient, and secure. The Zscaler Zero Trust Exchange™ platform protects thousands of customers from cyberattacks and data loss by securely connecting users, devices, and applications in any location. Distributed across more than 150 data centers globally, the SSE-based Zero Trust Exchange™ is the world’s largest in-line cloud security platform.
