Zscaler's AI-Driven Zero Trust Revolution: Reshaping Security Operations and Data Protection

Surfing the AI wave with zero trust everywhere: Five takeaways from CEO Jay Chaudhry's keynote at Zscaler's Zenith Live - SiliconANGLE

As zero-trust security vendor Zscaler Inc. held its user event, Zenith Live, this week in Las Vegas, Chief Executive Jay Chaudhry sought to shift the company's traditional narrative. In his Tuesday keynote, rather than focus on Zscaler as a replacement for virtual private networks and firewalls -- though that was clearly articulated as well -- Chaudhry (pictured) emphasized how zero trust everywhere could unlock the potential of artificial intelligence. Although the product specifics came later, Chaudhry appealed to the audience to embrace a fundamental shift in their security posture, evolve with modern trends and thrive in a hyperconnected, AI enabled world. These were the top of themes from Chaudhry's keynote: The concept of "zero trust everywhere" is to apply least privilege access across the business. Network protocols were designed to allow "trusted" devices to talk to any other device, regardless of whether it needed to or not. The problem with this is that if the trusted endpoint is breached, the threat actor now has unfettered access to any system and all data. Zero trust dictates that any device is unable to communicate with any other unless explicitly allowed. If there is a breach, the blast radius is contained to a very small area. The central theme of the keynote was the expansion of zero trust from initially protecting users that were connecting to private applications and the internet. Now Zscaler's scope has now expanded to cover workloads, internet of things devices and AI agents. The inclusion of AI agents as zero-trust entities is a pivotal step forward. As AI agents are increasingly become autonomous, accessing most applications and data sources, their identity and activity need to be rigidly determined and regulated. Zscaler is presently working with companies such as Microsoft Corp. to set the identity of AI agents and extend their "exchange" to safeguard the new participants. This proactive approach ensures that when organizations roll out AI-enabled co-pilots and apps, they will do so with confidence, with the agents functioning within policy boundaries. During the keynote, T-Mobile USA Inc. came on stage to talk about its use of zero trust, describing how securing 100,000 employees across 2,000 care sites, including iPads used in-store across 5G networks, was achieved by moving perimeter defense to an efficient, scalable zero-trust solution. As AI expands, the need for zero trust continues to expand. In every keynote Nvidia Corp. CEO Jensen Huang has done this year, he has talked about the next wave of AI being physical AI, which brings in a world of autonomous machines. These also need to be secured, and that can't be done with firewalls. As AI becomes ubiquitous, the world needs to move away from perimeter-based security and the answer is AI everywhere. Chaudhry brought up the topic of network evolution and explained the internet is a vast network that already connects everything and questioned why we need to build overlay networks that require firewalls to protect them. When Zscaler customers are working from home or a café, they're secured by the proxy-based zero-trust service. Their connection is secured back to the Zscaler cloud and then connected to the software-as-a-service applications they work with. This raises the question: When one is in the office, is there a need for a firewall? If the user can be secured at a café, simply extend that to the corporate office. At the event, I had a chance to talk with Zuora Chief Information Officer Karthik Chakkarapani. Zuora had moved to an all-SaaS model and along with that, moved away from the traditional castle and moat to using Zscaler. Chakkarapani explained the deployment went incredibly smooth, users were much happier as they no longer had to fiddle with VPNs, the security posture improved, and the company saved enough money that the Zscaler deployment paid for itself in only four months. I'm not saying the café-like connectivity model is right for all companies, but it should be considered by organizations that rely heavily on cloud applications. With SaaS, there isn't any data that goes between locations, so why build a wide-area network? Instead, treat users as if they were working remotely and they'll have the same experience regardless of where they are working. The keynote highlighted that with the onset of the AI era, data security takes center stage, going beyond traditional data loss prevention to a more comprehensive approach to data security. Chaudhry emphasized that "it's all about data security" these days, with data dispersed across SaaS applications, endpoints, cloud infrastructure as a service, and even the AI applications themselves. Having multiple vendors and having to manage data protection policies across them is a formidable challenge, so that is why Zscaler has invested in a unified data protection framework. This allows one set of policies to be universally applied, regardless of where the data resides or how it's being accessed, including through AI services. A critical piece of innovation mentioned was adding the LLM proxy. Chief Innovation Officer Patrick Foxhoven explained how AI, and LLMs in particular, can't be secured based on traditional threat signatures or sandboxing. Instead, it must ascertain the intent of what is happening, both in the prompts customers are sending and the output that AI generates. The LLM proxy employs 15 small language models to identify numerous injects of prompts, toxicity, and off-topic questions to enable the AI chatbots and apps to operate within established parameters. Zscaler ran a demo that illustrated how this prevents unwanted or malicious applications, such as a car chatbot offering a car at $1 or leaking sensitive competitive information. This capability is crucial to preventing risk from public-facing AI apps and maintaining data privacy, even with internal AI tools such as human resources chatbots. This takeaway highlights Zscaler's focus on building intelligent security products that understand the nuances of AI interactions and data flow, making secure and compliant AI adoption possible. Zscaler is best known as the firewall and VPN replacement company, and it's not turned its sights on modernizing security operations. Chaudhry explained that IT pros struggle with massive data lakes, slow queries and trying to keep pace with security incidents. In 2024, Zscaler acquired Avalor to accelerate security operations. This gives Zscaler the ability to consume, combine and apply context to data to cut times for detection and investigation by orders of magnitude. During his keynote, Chaudhry explained that an investigation that typically took 30 to 40 minutes could now be done in about three minutes, with most of that time being used for human verification. Zscaler's security operations center journey extends beyond data gathering and remediation and into preemptive avoidance of danger. Zscaler's platform holds billions of telemetry driven data points and the company is using AI to deliver exposure management, which is an end-to-end view of an organizations attack surface. Attack management is another part of the Zscaler operations suite, which uses its massive data fabric combined with AI to speed up threat response. The SOC segmet is filled with legacy vendors today, many of which are embedded into security workflows. Though the market is ripe for disruption, Zscaler's success will be based on its ability to work with legacy vendors and chip away at their share, much the way it did with its access products. There's an expression that states, "Some people make things happen, others watch things happen and the rest wonder what happened." In the AI era, the last two are the same as IT evolving at a pace never seen before. I understand the hesitancy of using AI. Can I trust it? What does this mean for my job? What happens if a mistake is made? These and others are viable questions, but the reality is that AI is coming, and it will redefine the way security is done. Today, threat actors use AI and can pivot quickly. The only way to fight AI-driven threats is by embracing AI. At the end of his keynote, Chaudhry showed a slide of Charles Darwin with his famous quote citing that it's those most adaptable to change that survive and that has always been the case is IT. Think back to other IT evolutions - mainframes to PCs, time division multiplexing voice to voice over IP, physical servers to virtualizations, on-premises computing to cloud. Each of these enabled IT to do more. Those that embraced the change moved into the new world, and those that did not were left behind. The best quote for this came from a customer at Zenith Live. A chief information security officer for a well-known insurance company told me, "The established security model does not work, has not worked and is never going to work, which is why we shifted away from firewalls and VPNs to zero trust." I asked him, when he removed the firewalls from the branch offices, did that scare him, and he responded, "At first it scared the crap out of me," but he quickly realized that it was a superior security model that was simpler to run. This need to change isn't just for security operations. Network engineers need to heed this warning as well, particularly those that run the WAN. The café-like model I alluded to will change the job function, moving it away from being connectivity-based to one that requires deeper security skills. From a resume perspective, network pros should embrace this, as it gives them more options as the world continues to evolve because of AI. Overall, this was a different kind of Zenith Live than ones I had been to in the past. Chaudhry's narrative was a bit more "in your face" and had the necessary level of urgency to it: AI is coming and it's coming fast. It's disrupting computing, networking, storage ad the way we build apps, and it will do the same to security. The time for change is now and Zscaler wants to be the company that helps customers adopt AI securely.

Zscaler CEO Jay Chaudhry On 'Reimagining' Security Operations: 'SIEM Goes Away'

In an interview with CRN, Chaudhry says the planned acquisition of Red Canary will help to propel the company toward achieving a different vision for security operations -- with an offering that can displace traditional SIEM tools. Zscaler's planned acquisition of Red Canary will help to propel the company toward achieving a dramatically different vision for security operations -- with a future offering that can displace traditional SIEM tools, Zscaler Founder and CEO Jay Chaudhry told CRN. The deal for Red Canary, announced last week, is just the latest in a series of moves over the past year-and-a-half that have seen Zscaler laying the foundation for an expansion into the critical area of security operations (SecOps). [Related: Zscaler CEO Jay Chaudhry: Firewall Vendors 'Can't Really Do Cost Reduction'] In an interview with CRN this week at Zscaler's Zenith Live 2025 conference in Las Vegas, Chaudhry (pictured) called the SecOps push the second major time that the company has sought to reimagine a major segment of the cybersecurity market in its 17-year history. After doing so for secure access, "we're now reimagining security operations," he said. "It's ripe for disruption." As a well-known player in MDR (managed detection and response), Red Canary has tremendous expertise and technology in SecOps that will massively accelerate Zscaler's moves into the space, Chaudhry said, noting that "we don't intend to compete with MDRs." Instead, Zscaler plans to integrate the Red Canary technology with functionality from its acquisition of security data fabric provider Avalor in March 2024, to offer new SecOps capabilities such as threat management that can improve security outcomes while removing the need for traditional SIEM (security information and event management). "In this world, the SIEM goes away," Chaudhry said. The acquisition of Red Canary, which includes $675 million in cash along with equity for employees, is expected to close in August. Speaking with CRN, Chaudhry also discussed opportunities for partners with the company's move into SecOps, the security risks from agentic AI and Zscaler's rapid growth in data security. What follows is an edited portion of CRN's interview with Chaudhry. What are your biggest goals for expanding into the security operations segment? How are you envisioning that? We reimagined secure access on one side. We're now reimagining security operations. It's ripe for disruption. The No. 1 complaint I hear from CISOs is how expensive and inefficient their security operations are. And then they say, "You've got the most useful logs that are sitting out there." They generally think we have 80 percent of the logs we need to do security operations. And without having to build a data lake and incur that cost, [because of our] architecture with data fabric, makes it pretty interesting. In terms of platform consolidation, and bringing together all the different pieces you need for that, this would also be another big piece for Zscaler? That's a big, big area. I often say, we only have had one North Star since the inception of the company. This is the second North Star. We don't just jump around -- here, here, here. So you're seeing two [key areas] under that. One we call threat management. And second is exposure management. Exposure is looking at the risk overall, your external attack surface, your asset risk, your vulnerability management risk. That feeds to threat management and vice versa. Is threat management, as far as how you're looking at it, comparable to what other vendors are trying to accomplish with SIEM? In this world, the SIEM goes away. What Splunk didn't do well [is that] they built the data lake with great indexing technology, but there were no compelling applications on the top. They gave you scripting language, and this and that. There are no efficiencies with that. The world needs to be able to do that stuff a lot better. And people shouldn't be worried about building a [data] lake. If you ask people, "How much time do you spend on building a lake, and worrying about the storage and all this stuff?" It's too much time. We're coming from the application side of it and data fabric side of it. What are the biggest differentiators you're envisioning here from Palo Alto Networks and its XSIAM offering? First of all, the logs of a zero trust, proxy-based architecture are very good. Firewall logs generally have a couple of problems. One, firewalls are not a proxy. Now, one could say, I can turn on a proxy. But if you turn on the proxy feature, your 20-gig firewall becomes 2-gig or less. So they don't turn it on. For the logs generally stored by people [from a] firewall, there are short logs and long logs. Most people keep short logs. Short logs mean date, time, source. It's not a whole lot, and you can't do much with it. So they don't have a good source of data. So that's one big thing. So in their case, they have to bring logs from different parties. We think we have most of the logs. That's one big advantage. The second is, in the past, people built data lakes [but] it was never a real fabric that got built as a product. So we are excited about the data fabric technology we have. It's not common out there to have this kind of technology. This is our pioneering effort. The other interesting thing is, we've got most of the identity logs as well -- because all communication, all authentication, goes through us. With Red Canary, we'll get some very good agentic AI technology. And being an MDR company, they actually have people who know how a SOC [Security Operations Center] should work. Many times, vendors don't know. So we think that's going to help us. It accelerates our time to market. So you're already working toward this with acquiring Avalor and building on their capabilities -- but Red Canary is meant to get you that much faster? Avalor was the first stepping stone. Then we proved, in the data fabric of Avalor, that I can build other applications like Risk360 asset exposure management using the fabric. And the next thing is naturally this kind of step. But there's a lot of application work in detection, engineering, investigation, remediation. That time, organically, would have taken longer. This cuts it down significantly. So you are seeing Red Canary more as enabling a broader SOC transformation vision? Exactly. We don't intend to compete with MDRs. It's akin to having a small professional services team, that teaches you how to do professional services. But we want our partners to do professional services. Our core team has been helpful when partners are coming up to speed. Many times, with large deployments, we provide one of our experts as a part of the deployment team, so the knowledge transfer happens. In terms of agentic AI, what are your thoughts on the security risks as compared to the risks we've seen with GenAI? Things are happening much faster [than with GenAI]. Agentic is far more powerful than GenAI, and the security becomes much harder. But, the industry steps up. The good thing is, the solutions can be discovered fast, too. My team has built technology where we can start detecting threats much faster than we could before. Now the challenge is, how quickly will enterprises embrace some of the newer stuff? Hackers have no inertia. Enterprises have inertia. The larger the enterprise, the more inertia they have. That's the main concern I have. Where else are you seeing momentum that you'd want to highlight -- perhaps in data security or in other areas? Customers want one holistic solution with one set of policies applying -- no matter what the data channel is, no matter where the data is. And we are there. So that's why we're seeing our data security growing at twice the rate of our overall growth rate. I think the overall thing I'm excited about is, synergy between our "zero trust everywhere" [approach] and what we are calling agentic operations. [The idea is to] leverage one to the other and provide closed loop feedback to deliver better security. If you discover something in my security operations, my signal goes to Zscaler private access, to stop access to this person, to this application right now. As you've discussed before, you're saving costs for customers on top of modernizing their technology -- do you see that as something more security vendors will try to achieve given the macroeconomic pressures? It's pretty clear -- better cyber with cost savings is what customers are clearly wanting. But when you are the incumbent in cyber, you can't do much. Otherwise, you'll be cannibalizing yourself. Even now, the biggest single area of spend for most enterprises is the firewalls. We go in there and say, if you're spending $20 million on firewalls and VPN, in two years, I'll bring it down to $6 [million] or $7 million. Our case is very compelling. But we're in a unique position. Which security company actually saves money? Identity doesn't save money. [Active Directory] was free. EDR doesn't save money. Symantec and McAfee were at one-fifth the cost of what EDR is now charging. Overall, what is your message to partners? Partners have come a long way [in working] with us. Customers need help with transformation. And for every dollar a customer spends on Zscaler, there are probably $3 to $4 for a services opportunity. But partners need to spend some time discovering it and working with customers. Most customers tell me, 'My deployment of Zscaler is slow because I don't have enough resources.' So they need help. A partner should get involved there. So they should be thinking about making money from services by transforming [and] eliminating some of the old [technology] -- which is good for the customers, good for partners and good for us.