At the sidelines of the Zscaler Zenith 2024 event, I ran into Deepen Desai, CSO and Head of Security Research. Besides the threat hunting service, Zscaler is also having AI copilots, deception, etc. Excerpts from an interview:
DQ: What are the new announcements at this event?
Deepen Desai: We will announce the breach predictor very soon. The goal is to combine the power of GenAI with multi-dimensional predictive models. They can provide potential breach scenarios. We can tell when we can see tell-tale signs of a breach. We will demo this at the event.
Second, we have the Zscaler threat hunting service. Here, experts from Zscaler security teams will augment into customer SoC, and provide high-level threats, leveraging threat hunting playbooks.
Across the zero trust exchange, we are doing AI copilots. It is part of the exchange, The goal is to allow firms to leverage AI to fast track zero trust transformation journey. We will have AI-powered segmentation policy. Organizations can improve zero trust segmentation posture.
Next, we will an innovation in Zscaler deception product. You can deploy AI-powered honey pots. It will be dynamic in nature. The goal is to catch the threat actor. This is possible via GenAI specifically. It is more effective due to GenAI advancements. Zscaler unified experience is another area. We also have AAA rating from a third party, Cyber Ratings.
Zscaler ThreatLabz 2024 phishing report revealed that phishing attacks surged by 58% last year.
Zscaler acquired Airgap Networks to extend Zero Trust SASE leadership, and eliminate the need for firewall-based segmentation.
DQ: Elaborate what you mean by fighting AI with AI?
Deepen Desai: We are trying to embed AI in the zero trust platform. We must have true, zero trust architecture. We are shutting off attacks. We must take a proactive approach by shutting down the attack vectors provided by threat actors and AI may provide in future. The damage to the asset will be minimal.
All the security vendors also have to embrace AI in their detection engines. An example: Chat GPT may craft a phishing page that looks similar to Office 365. You must leverage AI models in detection engine.
DQ: How are you preventing attacks on IoT/OT surfaces?
Deepen Desai: In our world, any traffic egressing through the Internet, goes through the same level of inspection. IoT/OT devices should not be allowed to arbitrary destinations on the Internet. You can do that by instituting a security policy for critical software updates.
Second, we have lateral propagation / movement in IoT/OT devices. Zscaler acquired AirGap to improve segmentation posture for IoT/OT environments. The way Zscaler solution acts is as a DHCP gateway. Every device is a network of one device. The subnet is F/32.
Siemens has segmented OT systems from getting impacted by threat actors. Schneider has also done something similar. Schneider Electric has kick-started cloud transformation with Zscaler Zero Trust Exchange. World’s first zero trust OT security platform, powered by Zscaler, is now available globally via Siemens.
DQ: What is your advice to enterprises for zero trust transformation journey?
Deepen Desai: The first thing to do is to secure your network! Zero trust journey is not a flip of switch. You should have segmentation for mission-critical apps, and then segment high-risk users. Segmentation and security policies should be consistent. Then, start applying zero trust for workloads and workflows. We also need to have a mindset shift. Covid-19 has further accelerated this effort. Organizations are proactively doing this now.