Zscaler extends zero trust SASE and eliminates the need for firewall-based segmentation

Zscaler has signed an agreement to acquire Airgap Networks. Combining Zscaler’s zero trust SD-WAN and Airgap Networks’ agentless segmentation technology will transform how enterprises implement zero trust segmentation to IoT/OT devices, and critical infrastructure across branches, campuses, factories, and data centers, including east-west connectivity.

Traditional NAC and network-based firewalls that use static access control lists (ACLs) to control east-west traffic were not designed to prevent sophisticated threats from moving laterally within a local area network (LAN). Airgap Networks’ approach, using an intelligent dynamic host configuration protocol (DHCP) proxy architecture, isolates every device and dynamically controls access based on identity and context, reducing business risk for enterprises with critical infrastructure.

Customers will benefit in the following ways:

• Extending zero trust to devices on internal networks – Airgap Networks’ technology enforces zero trust principles across east-west (LAN) device traffic, shrinking the internal attack surface to help eliminate lateral threat movement on campus and OT networks.
• Securing critical OT infrastructure – Airgap Networks’ technology delivers real-time device discovery and inline enforcement. It acts as a ransomware kill switch, disabling non-essential device communications to halt lateral threat movement without interrupting business operations. Airgap Networks’ solution neutralizes advanced threats, such as ransomware on IoT devices, OT systems, and agent-incapable devices.
• Delivering operational simplicity and cost savings – Airgap Networks’ solution eliminates the need for risk-prone east-west firewalls and antiquated security technologies, such as network access control (NAC), with the ability to identify and control all traffic from managed and unmanaged devices on any branch, campus or factory network without requiring changes to the existing switching and routing infrastructure. This dramatically improves enterprises’ security posture as traditional approaches using NAC fundamentally contradict the foundational principle of zero trust – “never trust, always verify.”

“Together, Zscaler and Airgap Networks have the opportunity to reimagine every aspect of how traditional solutions have approached security in campus and data center environments, particularly east-west,” said Naresh Kumar, VP and GM of Product Management, Zscaler.

“Zscaler is doubling down on SASE with significant innovation around zero trust networking, disrupting SD-WAN, NAC, and firewall-based security for east-west and OT networks.”