Zscaler plans to acquire Airgap Networks to apply network segmentation in a way that improves security without requiring organizations to deploy agent software on endpoints.
Naresh Kumar, vice president and general manager of product management for Zscaler, said one major reason segmentation to isolate network traffic in a way that limits the scope of any breach has not been generally applied, mainly because legacy approaches depend too much on agent software that needs to be deployed.
Airgap Networks, in contrast, developed an Intelligent Dynamic Host Configuration Protocol (DHCP) to create proxy software that provides each device on the network with its own virtual network, said Kumar.
In addition to being simpler to deploy, update and manage, the Airgap Networks approach also eliminates the need to deploy a network firewall to each network segmentation, Kumar added.
Historically, firewalls and network access control (NAC) platforms have relied on static access control lists (ACLs) to manage east-west networking traffic. That capability, however, doesn’t prevent malware from moving laterally across networks unless they are segmented from each other. Network segmentation has been used to isolate virtual networks for decades, but many organizations have not adopted it because it’s simply too complex to manage, noted Kumar.
The Airgap Networks approach provides all the security benefits of network segmentation in a way that reduces operational complexity, he added.
That’s especially critical as organizations move to apply zero-trust principles across networks that continue to expand as, for example, operational technology (OT) teams continue to deploy Internet of Things (IoT) applications, said Kumar.
It’s not clear how closely OT and IT teams are working to build and deploy those applications, but the one certain thing is cybersecurity teams will be tasked with securing them. The challenge is making sure cybersecurity policies are being consistently applied within the context of security operations (SecOps) workflows that increasingly are being managed by IT and OT teams. The level of collaboration required is significant so the simpler the networking environment is to manage, the more likely cybersecurity can be maintained.
Zscaler has been making a case for a software-as-a-service (SaaS) platform through which access to applications is provided without requiring access to a corporate network. Airgap Networks will extend that strategy by enabling Zscaler to extend the cybersecurity policies it applies via its core platform to the endpoints accessing it. The overall goal is to make it simpler for organizations to apply zero-trust IT policies to both their applications and endpoints, said Kumar.
Each organization will need to determine to what degree it wants to embrace zero-trust IT policies. The challenge has always been finding a way to strike a balance between cybersecurity and ensuring that end users are productive. The more complex the cybersecurity controls are, the more likely it becomes end users will look for ways around them regardless of any potential risk.
Of course, cybersecurity teams are not just expected to reduce the overall friction that might impede productivity. They are also increasingly being tasked to achieve that goal in a way that reduces the total cost of cybersecurity.
Photo credit: Isravel Raj on Unsplash
Recent Articles By Author