-
Zscaler announced the acquisition of Airgap Networks to bolster its zero trust architecture, simplify operations and cut costs for its customers
-
Airgap provides agentless segmentation for enterprise IT and OT environments, eliminating the need for east-west firewalls
-
The move echoes a broader industry trend toward consolidating zero trust principles within secure access service edge (SASE) frameworks
Zscaler is expanding its cybersecurity arsenal with the acquisition of Airgap Networks.
The consolidation further aligns Zscaler's SD-WAN platform with the zero trust security model and will eliminate the need for firewall-based segmentation. It will also help Zscaler customers simplify their operations and cut costs, the company said in an announcement.
Zero trust architecture is a cybersecurity approach based on the principle of "never trust, always verify." Unlike traditional security models that assume everything inside a network is safe, zero trust operates on the assumption that both internal and external threats may exist. Thus, it requires continuous verification of users, devices and network traffic before granting access to resources.
The acquisition will enable Zscaler to integrate Airgap's agentless segmentation technology into its Zero Trust SD-WAN, fortifying safeguards for east-west traffic across environments such as branch offices, campuses and critical OT infrastructure.
Controlling lateral movement is the “cornerstone” of zero trust, Zscaler said in the announcement.
“While Zero Trust cannot be achieved without a holistic strategy that addresses every stage of this typical cyber attack chain - also known as a defense-in-depth approach - restricting lateral movement, and proper containment of the adversary once your organization has been compromised, is where real Zero Trust technologies must prove their worth.”
By incorporating Airgap's agentless approach, Zscaler will be better able to eliminate dependencies on other IP-centric segmentation technologies like NAC and east-west firewalls. Zscaler called these traditional methods “complex” and “aging."
An "agentless approach" refers to technology that can operate without the need for software agents to be deployed on every device or system within a network. Instead of relying on agents installed on endpoints to monitor and enforce security policies, an agentless approach typically leverages network-based or cloud-based mechanisms to achieve its objectives. This can include techniques such as network traffic analysis, behavior monitoring or identity-based access controls that do not rely on software agents running on individual devices.
The advantage of an agentless approach is that it can simplify deployment and management, especially in environments with a large number of devices or heterogeneous systems where installing agents may be impractical or resource-intensive, including scenarioes with legacy servers or unmanaged devices.
Zscaler's Zero Trust SASE
Big picture, the Airgap acquisition represents the strategic alignment of networking and security while simplifying operations. It’s a common theme among today's networking and security vendors, many of which have been moving toward secure access service edge (SASE) frameworks.
Zscaler is not a single-vendor SASE provider, but last year its overall SASE-related revenues surpassed Cisco for the first time ever in a quarter.
SASE is a converged, cloud-native networking and security framework that as a requisite, includes zero trust network access (ZTNA). Often, SD-WAN is the networking piece of a SASE solution.
As they go with the SASE flow, organizations are actively integrating complementary technologies to strengthen their zero trust frameworks.
Some examples: Cybersecurity company SonicWall announced its acquisition of Banyan Security in January. Banyan’s security service edge (SSE) solutions will help SonicWall provide zero trust security to its customers. The acquisitions of Flow Security by CrowdStrike and Dig Security by Palo Alto Networks were also targeted at the consolidation of the zero trust control plane.
For two years in a row, Zscaler’s AI-powered SSE platform has been a leader in the Gartner Magic Quadrant. Gartner defined SSE as the set of tools (including ZTNA) that makes up the security part of a SASE portfolio. In January, Zscaler announced it would use the same AI-driven security to offer a Zero Trust SASE platform.
In a blog at the time, Zscaler director Ameet Naik said many SASE solutions on the market today simply extend the firewall/VPN model to the cloud and deliver a hosted version of the traditional security appliances. However, he said using these security measures "with bolted-on SD-WAN integrations... fail to deliver the promise of zero trust for anything beyond users.”