Data Sheet

Zscaler Internet Access

AI-powered protection for
all users, all apps, all locations

Zscaler Internet Access™ defines safe, fast internet and SaaS access with the
industry’s first and only AI-powered security service edge (SSE) platform.

Legacy network security has become ineffective

in a cloud- and mobile-first world
Legacy hub-and-spoke architectures were effective Benefits:
when users were located primarily at headquarters
• Prevent cyberthreats and data loss with AI: Protect
or in a branch office, applications resided solely in your organization against advanced threats with a
the corporate data center, and your attack surface suite of AI-powered cyberthreat and data protection
was limited to what your organization sanctioned. services, enriched by real-time updates sourced

Today, we live in a drastically different world, with from 300 trillion daily threat signals from the world’s
largest security cloud.
a threat landscape in which ransomware, encrypted
threats, supply chain attacks, and other advanced • Get an unmatched user experience: Get the world’s
threats break through legacy network defenses. fastest internet and SaaS experience (up to 40%
It’s time to find a cloud native security solution faster than legacy security architectures) to boost

that holistically reduces risk and complexity while productivity and increase business agility.

enabling flexibility to help drive business • Modernize your security architecture: Realize 139%
initiatives forward. ROI with Zscaler by replacing 90% of your costly,
complex, and slow appliances with a fully
cloud-native zero trust platform.
Zscaler Internet Access

Securing today’s cloud- and mobile-first enterprise

requires a fundamentally different approach built
on zero trust. Zscaler Internet Access, part of the
Zscaler Zero Trust Exchange™, is the world’s most
deployed security service edge (SSE) platform, built
on a decade of secure web gateway leadership.

© 2022 Zscaler, Inc. All rights reserved.

Delivered as a scalable SaaS platform from Integrated, AI-powered security
the world’s largest security cloud, it eliminates and data protection services
legacy network security solutions to stop
Zscaler Internet Access includes a comprehensive
advanced attacks and prevent data loss with a
suite of AI-powered security and data protection
comprehensive zero trust approach, offering:
services to help you stop cyberattacks and data
Best-in-class, consistent security for today’s loss. As a fully cloud-delivered SaaS solution, you
hybrid workforce: When you move security to can add new capabilities without any additional
the cloud, all users, apps, devices, and locations hardware or lengthy deployment cycles. The
get always-on threat protection based on identity modules available as part of Zscaler Internet
and context. Your security policy goes everywhere Access are:
your users go.
• Cloud Secure Web Gateway (SWG): Deliver
Lightning-fast access with zero infrastructure: a safe, fast web experience that eliminates
Direct-to-cloud architecture ensures a fast, ransomware, malware, and other advanced
seamless user experience. This eliminates attacks with real-time, AI-powered analysis
backhauling, improves performance and and URL filtering from the only leader in the
user experience, and simplifies network 2020 Gartner MQ for SWGs.
administration—with no physical • Cloud Access Security Broker (CASB): Secure
infrastructure, ever. cloud apps with integrated CASB to protect
data, stop threats, and ensure compliance
AI-powered protection from the world’s largest
across your SaaS and IaaS environments.
security cloud: Inline inspection of all internet
and SaaS traffic, including SSL decryption, with • Cloud Data Loss Prevention (DLP): Protect
a suite of AI-powered cloud security services to data in motion with full inline inspection and
stop ransomware, phishing, zero-day malware, advanced measures like exact data match
and advanced attacks based on threat intelligence (EDM), optical character recognition (OCR),
from 300 trillion daily signals. and machine learning.

Simplified management: Using a cloud native

security solution infused with AI, no hardware to
manage, streamlined workflows, and business-
focused policy creation frees up valuable time
Zscaler named a Leader
for your team to focus on strategic goals.
in the Gartner Magic
Quadrant for SSE
Learn More long-arrow-alt-right

© 2022 Zscaler, Inc. All rights reserved. Data Sheet 2

• Cloud Firewall & IPS: Extend industry-leading • AI-Powered Cloud Browser Isolation: Make
protection to all ports and protocols, and web-based attacks obsolete and prevent data
replace edge and branch firewalls with a cloud loss by creating a virtual air gap between users,
native platform. the web, and SaaS.

• Cloud Sandbox: Stop never-before-seen and • Digital Experience Monitoring: Reduce IT

elusive malware across web and file transfer operational overhead and speed up ticket
protocols with AI-driven quarantine, sharing resolution with a unified view of application,
consistent and global protection across all cloud path, and endpoint performance metrics
users in real time. for analysis and troubleshooting.

Zscaler Internet Access for Users and Workloads

Eliminate risk for cloud workloads accessing any internet or SaaS destination with Zscaler Internet Access.
By removing the need for workloads to access the internet through legacy, network-centric tools such as
VPNs, firewalls (including virtual firewalls), or WAN technologies, you can prevent compromise and stop
lateral movement without requiring a patchwork of security tools. By applying ZIA’s comprehensive suite
of security and data protection capabilities to workloads, you can unify zero trust security for your users
and workloads with a single, integrated platform.

By pairing ZIA with Zscaler Private Access, you can extend protection to your private apps and workloads,
whether they reside in the public cloud or a private data center.

External Apps ZPA App Protection

ZIA for Users and Workloads ZPA for Users and Workloads
Secure internet/SaaS access Secure private app access

Cyberthreat Protection Remote App Access Without VPN

AI-driven inline content inspection (SSL/TLS) Workforce, third parties, B2B customers
Block the bad, Connect to apps,
protect the good not the network
Data Protection Direct App Access (No Backhaul)
Inline DLP and CASB, API CASB Hybrid and multicloud environments

Zscaler Internet Access Zscaler Private Access

Local Internet Breakouts Workload-to-Workload Communication
Microsoft 365, SD-WAN (ZIA) (ZPA) Zero trust access across apps/workloads

Zscaler Digital Experience (ZDX)

Ensure a great user experience

Any user, any devices, any app, any location

Figure 1: The Zero Trust Exchange

© 2022 Zscaler, Inc. All rights reserved. Data Sheet 3

Use cases

Cyberthreat and Secure hybrid workforce

ransomware protection Empower employees, partners, customers,
Move from legacy network security to and suppliers to securely access web
Zscaler’s revolutionary zero trust architecture applications and cloud services from
that prevents compromise, eliminates the anywhere, on any device—and ensure
attack surface, stops lateral movement, a great digital experience.
and keeps data safe.
Learn More long-arrow-alt-right
Learn More long-arrow-alt-right

Infrastructure modernization
Data protection
Eliminate costly, complex networks
Stop data loss from users, SaaS apps,
with fast, secure, direct-to-cloud
and public cloud infrastructure from
access that removes the need for
accidental exposure, data theft, or
edge and branch firewalls.
double-extortion ransomware.
Learn More long-arrow-alt-right
Learn More long-arrow-alt-right

The Zscaler Zero Trust Exchange Ecosystem

Cloud Providers Data Center SaaS

API
API API

Identity Management Security Operations

API
Zero Trust API
Exchange

API API

Endpoint Protection and Mangement Branch Router / SD-WAN

Figure 2: Zscaler Internet Access partner ecosystem

© 2022 Zscaler, Inc. All rights reserved. Data Sheet 4

 TABLE 1: ZSCALER INTERNET ACCESS FEATURES AND CAPABILITIES

FEATURE DETAILS

Capabilities

URL filtering Allow, block, caution, or isolate user access to specified web categories or destinations
to stop web-based threats and ensure compliance with organizational policies.

SSL inspection Get unlimited TLS/SSL traffic inspection to identify threats and data loss hiding in
encrypted traffic. Specify which web categories or apps to inspect based on privacy or
regulatory requirements.

DNS security Identify and route suspicious command-and-control connections to Zscaler threat detection
engines for full content inspection.

File control Block or allow file download/upload to applications based on app, user, or user group.

Bandwidth control Enforce bandwidth policies and prioritize business-critical applications over recreational traffic.

Advanced threat Stop advanced cyberattacks like malware, ransomware, supply chain attacks, phishing, and more
protection with proprietary advanced threat protection. Set granular policies based on your organization’s
risk tolerance.

Inline data protection (data Use forward proxy and SSL inspection capabilities to control the flow of sensitive information to
in motion) risky web destinations and cloud apps in real time, stopping internal and external threats to data.
Advanced inline protection is provided whether an app is sanctioned or unmanaged without
requiring network device logs.

Out-of-band data Use API integrations to scan SaaS apps, cloud platforms, and their contents to identify sensitive
protection (data at rest) data at rest and remediate automatically by revoking risky or external shares, for example.

Intrusion prevention Get complete threat protection from botnets, advanced threats, and zero-days, along with
contextual information about the user, app, and threat. Cloud IPS works seamlessly across
Cloud Firewall, Cloud Sandbox, Cloud DLP, and CASB.

Dynamic, risk-based Automatically adapt security and access policy to user, device, application, and content risk.
access and security policy

Malware analysis Detect, prevent, and quarantine unknown threats hiding in malicious payloads inline with
advanced AI/ML to stop patient-zero attacks.

DNS filtering Control and block DNS requests against known and malicious destinations.

Web isolation Make web-based threats obsolete by delivering active content as a benign stream of pixels
to the end user’s browser.

Correlated threat insights Speed investigation and response times with contextualized and correlated alerts with insights
into threat score, affected asset, severity, and more.

Application isolation Allow safe, agentless unmanaged device access to SaaS, cloud, and private apps with granular
control over user actions like copy/paste, upload/download, and print to stop sensitive data loss.

Digital experience Get a unified view of application, cloud path, and endpoint performance metrics for analysis
monitoring and troubleshooting.

Application isolation Allow safe, agentless unmanaged device access to SaaS, cloud, and private apps with granular
control over user actions like copy/paste, upload/download, and print to stop sensitive data loss.

Workload-to-internet Prevent compromise and stop lateral movement for workload-to-internet communications.
communication protection Includes SSL inspection, IPS, URL filtering, and data protection for all communication.

© 2022 Zscaler, Inc. All rights reserved. Data Sheet 5

 FEATURE DETAILS

Platform features

Flexible connectivity • Zscaler Client Connector (ZCC): Forward traffic to the Zero Trust Exchange via a lightweight
options agent that supports Windows, macOS, iOS, iPadOS, Android, and Linux.
• GRE or IPsec tunnels: Use GRE and/or IPsec tunnels to send traffic to the Zero Trust Exchange
for devices without ZCC.
• Browser isolation: Seamlessly connect any BYOD or unmanaged devices with integrated Cloud
Browser Isolation.
• Proxy chaining: Zscaler supports forwarding traffic from one proxy server to another,
but this is not recommended in production environments.
• PAC files: Send traffic to the Zero Trust Exchange with PAC files for devices without ZCC.

Cloud-delivered 100% cloud-native platform delivered as a SaaS service. For unique use cases, private and virtual
deployment service edges are available.

Data privacy and retention When logging data, content is never written to the disk and there are granular controls to
determine where exactly logging takes place. Use role-based access control (RBAC) to provide
read-only access, username anonymization/obfuscation, and separate access rights by
department or function, in accordance with key compliance regulations.
Data is retained for a rolling period of six months or less, depending on the product.
You can purchase additional storage that retains data for as long as desired.

Key compliance Certifications include:

certifications
• FedRAMP
• ISO 27001
• SOC 2 Type II
• SOC 3
• NIST 800-63C

See the full list of our compliance certifications here.

Granular API support We maintain REST API integrations with numerous identity, networking, and security
vendors. For example, you can share logs between Zscaler and your cloud-based or
on-prem SIEM (e.g., Splunk).

Learn more

Direct peering Direct peering with major internet and SaaS providers and public cloud destinations ensures
the fastest traffic path possible.

Service level agreements (SLAs)

Availability 99.999%, measured by transactions lost

Proxy latency < 100 ms, including when threat and DLP scanning is on

Virus capture 100% of known viruses and malware

Supported platforms & systems

Client Connector Support for:

• iOS 9 or later
• Android 5 or later
• Windows 7 and later
• Mac OS X 10.10 and later
• CentOS 8
• Ubuntu 20.04

Learn more

© 2022 Zscaler, Inc. All rights reserved. Data Sheet 6

ZIA editions

ZIA EDITIONS OVERVIEW BUSINESS TRANSFORMATION UNLIMITED

Secure web gateway check check check
Full TLS/SSL inspection check check check
URL filtering check check check
Cloud application visibility and control check check check
Inline malware prevention check check check
AI-powered phishing and C2 detection check check check
Data protection essentials (DLP, visibility, and alerting;
CASB, 1 app) check check check
Standard digital experience monitoring check check check
Cloud-gen firewall and IPS Add-on check check
Cloud-gen sandbox with AI-powered quarantine Add-on check check
Attacker deception Add-on check check
Dynamic, risk-based policy - check check
Contextual alerts - check check
AI-powered Cloud Browser Isolation Add-on check check
Data Protection Advanced Plus (Inline web, SaaS, email,
advanced classification, incident management)
Add-on Add-on check
IoT, server, and guest Wi-Fi protection Add-on Add-on check

Licensing model
All Zscaler Internet Access editions are priced per user. For certain products inside of your edition, pricing
may vary outside of user count. For more information on pricing, talk to your Zscaler account team.

Part of the holistic Zero Trust Exchange

The Zero Trust Exchange enables fast, secure connections and allows your employees to work from
anywhere using the internet as the corporate network. Based on the zero trust principle of least-privileged
access, it provides comprehensive security using context-based identity and policy enforcement.

About Zscaler © 2022 Zscaler, Inc. All rights reserved. Zscaler™,

Zero Trust Exchange™, Zscaler Internet Access™,
Zscaler (NASDAQ: ZS) accelerates digital transformation so that customers can be more agile, efficient, resilient, ZIA™, Zscaler Private Access™, ZPA™ and
and secure. The Zscaler Zero Trust Exchange protects thousands of customers from cyberattacks and data loss other trademarks listed at zscaler.com/legal/
trademarks are either (i) registered trademarks or
by securely connecting users, devices, and applications in any location. Distributed across more than 150 data service marks or (ii) trademarks or service marks
centers globally, the SSE-based Zero Trust Exchange is the world’s largest inline cloud security platform. of Zscaler, Inc. in the United States and/or other
countries. Any other trademarks are the properties
Learn more at zscaler.com or follow us on Twitter @zscaler.
of their respective owners.

+1 408.533.0288 Zscaler, Inc. (HQ) • 120 Holger Way • San Jose, CA 95134 zscaler.com