During 2020, Zscaler brought significant innovations to our Zero Trust Exchange, the Zscaler cloud platform that powers all Zscaler services, including further evolving our inline Advanced Cloud Sandbox. We are excited to close out the year with the introduction of the world’s first AI-driven quarantine engine for Cloud Sandbox, further extending the strong malware protection we deliver to our customers.
In the early days of sandboxing technology, customers used it to detect unknown malware missed by traditional signature-based technologies. It worked well for many instances of unknown malware. But one of its gaps was the ability to stop patient-zero infections: by the time the sandbox detected an emerging threat, the first instance had already arrived at the endpoint.
To solve the patient-zero challenge, Zscaler reinvented malware analysis a few years ago by adding the ability to quarantine suspicious content inline, which is only possible due to our unique proxy architecture. With this capability, customers could prevent "patient-zero" incidents when using the quarantine policy on files going through the Zscaler cloud. However, quarantining can introduce a delay in the delivery of legitimate files, and we are always striving to improve the user experience.
To solve this pain point, the Machine Learning, Cloud Sandbox, and Security Research teams at Zscaler reimagined the quarantine capability with an inline AI model that significantly reduces wait times, ensuring that customers can benefit from the added security of quarantine without impacting their users or operations.
The AI model recommends “quarantine” for high-risk, unknown threats in real time, resulting in:
- Better security: Some customers did not want to turn on quarantine, risking potential patient-zero infections from unknown malware. Now, the inline AI model will make the quarantine verdict in real time, so customers get more comprehensive protection.
- Better user experience: In the past, some users experienced delays while waiting for clearance on quarantined files. Now, the inline AI model allows low-risk files through, while detonating the content in parallel.
The industry never believed it would be possible to simultaneously achieve real-time speed and comprehensive coverage. Traditional AV signature methodology is fast but doesn’t provide wide enough coverage for emerging threats. Sandboxes cover emerging threats, but they are not super-fast. Customers were often forced to choose, sometimes resulting in a reduced security posture.
Traditional sandbox vendors lack the cloud-native proxy architecture required for inline quarantine, preventing them from offering this critical capability. But with the new AI-powered Cloud Sandbox, Zscaler customers get inline quarantine for the majority of their files—without user impact.
We demonstrated our research into the AI-powered Cloud Sandbox capabilities with a Fortune 500 customer, National Oilwell Varco (NOV), at Zenith Live in 2019. The diagram below shows that out of a total of 5,765 files during the 20-day research period, 5,249 (91percent) got the instant quarantine verdict result (all correct). Those are the files that can be quarantined with no delay to the user.
As the Co-founder/CEO of TrustPath, acquired by Zscaler two years ago, the productization of inline intelligent patient-zero prevention in the Zscaler Cloud Sandbox marks the second integration milestone within the Zscaler family. It is a truly special and proud moment for my team and myself.
From the beginning, we have had a dream to deliver both “better security” and “better user experiences” at the same time by leveraging Machine Learning and AI. And now, our dream has come true inline with the Zscaler Zero Trust Exchange, the industry’s largest inline security cloud that processes and protects over 140 billion transactions per day!