Zscaler Data Protection

A Complete Platform for

Securing Data on all Channels
Zscaler Platform – Comprehensive and Integrated Solutions

Cyber Protection Data Protection

AppCloaking (Minimize attack surface) Internet SaaS Cloud DC Secure Data-in-Motion

Inline Threat Protection (Prevent compromise) Secure SaaS, Cloud, Endpoint Data
Segmentation (Prevent lateral movement) Secure BYOD

Zero Trust Zero Trust AI

Exchange Exchange Fabric

Zscaler Platform
Zero Trust Networking Risk Management
Zero Trust for Branch (like a Café) Risk Scoring (Risk360)
Zero Trust for Cloud Attack Surface Mgmt.
Zero Trust for Devices (IoT/OT) Vulnerability Mgmt.
End-to-end Performance Resolution Breach Prediction

Workforce Workloads IoT / OT B2B

2024 Zscaler, Inc. All rights reserved

Costs Savings Operations Improved Leader in Data Protection

$2.1 M 37 %
annual savings faster deployments

385 % ROI 22 % more

over three years efficient IT teams

Risk Reduced

173 % more
incidents identified

27 % faster
data loss resolution 2024 Zscaler, Inc. All rights reserved
3IT
Data protection point products fall short

Network DLP

DSPM The Problem with

Web Proxy
Point Products:

Complex
Administration & Workflows

Alert Overload
SSPM Dataalerting
Inconsistent Endpoint DLP
Siloed
No correlation

CASB Email DLP

2024 Zscaler, Inc. All rights reserved

Zscaler Data Protection Platform: Unified and Comprehensive
Reduce cost & complexity while maintaining compliance

Secure SaaS Data Secure Cloud Data (DSPM)

SaaS Internet Cloud
Unified SaaS Security Data Discovery
API API Buckets, VMs & DBs with sensitive data
- CASB: Control shadow IT & sharing
- SSPM: Misconfigurations & compliance
Posture Control
- Supply Chain: Secure integrations Misconfigurations & vulnerabilities

Microsoft CoPilot Security Zscaler Actionable Insights

Control sensitive data access & output Data Protection Correlate, prioritize, auto-remediate

Auto Data Discovery

AI-Powered classification for faster visibility

Secure Data in Motion

Internet & Email DLP Gen AI Security UEBA & Adaptive Access
Structured, unstructured, images Prompt visibility & blocking Respond to risky anomalies

Secure Endpoint Data Secure BYOD (VDI Alternative)

Data
Cloud BYOD
Center
Endpoint DLP Browser Isolation
Secure USB drives, printing, network shares Isolate data w/o VDI or enterprise browsers
Users, Workloads, IoT/OT Traffic

Workflow Automation
Streamline Incidents & coach users

2024 Zscaler, Inc. All rights reserved

Secure Data-in-Motion – Unified DLP Policy
Public
Internet SaaS
Cloud

Flexible Configuration Options

Inline, Real-time Enforcement Allow, Block, Warn, Justify
Unified Policy Engine
Contextual Consistently Applied, Globally Block E.g., source code going to GitHub
• Cloud App Control
• Tenancy Restrictions Enable secure Generative AI use: block
Cloud uploads that violate DLP policies
Classification Browser
• Structured: EDM
Allow, Notify and Educate end-users uploading
• Unstructured: IDM
documents labeled confidential to OneDrive
• Images: OCR

Third-Party Integration Prevent Data Loss Stream Pixels

• Microsoft Tag Enforcement (AIP/MIP) Inline DLP, TLS Inspection Browser Isolation (SaaS & Public Cloud)
All Ports and Protocols Prevent download, copy, paste, print
Email: MAPI over HTTPS
Pre-defined & Custom Dictionaries
• PII, Source Code, Credit Card, 100+ more
• Regex and ML-based

Prevent Loss to Unmanaged Devices

VDI Alternative

Unmanaged Device E.g., access SAP from BYOD (steam pixels)

Managed Device

6
Zscaler Content Inspection: Advanced classification technologies

PaaS/
Internet SaaS
Data Storage
Indexed Document Matching (IDM)
Exact Data Match (EDM)
Secure high-value forms like tax, medical
Secure high-value data like PCI, PII, or manufacturing forms
Inventory Codes or Membership #’s
ZERO TRUST • Index unstructured data
• index structured data EXCHANGE
• Send hashes to Zscaler for blocking
• Send hashes to Zscaler for blocking JPG | BMP Document • Works to secure source code and trade
• Helps reduce false positives PNG | TIFF Labels
secrets as well
(read | write)

Hashes
Only

Optical Character Recognition (OCR) Third-party Tagging Integrations

Block sensitive data found in screen Zscaler Integrate with document tagging in
shots or image files Index Tool Microsoft Purview (MIP)

• Extract text from images • Ingest defined labels into Zscaler Cloud
• Scan and block with DLP engine Name Credit Card Soc Document • Enforce inline blocking for sensitive labels
• Works on embedded images (MSWord) Jim Smith 4716653795988590 409-49-2027 • Write missing sensitive labels for data at rest
Jane Doe 5163272601356640 679-10-1537

Custom structured data High value forms

Granular policies for Cloud App Control

Flexible actions like:

• View but no uploads
• Define by tenant profile
Simple Setup • Enforce browser isolation for safe
Get started quickly with data access
App Categories

Granular Controls
Define apps (like ChatGPT) and
enforce by users, groups or risk profile

11
AI/ML Powered Auto data discovery and classification

Discovered data leaving the organization

AI-Powered
Data Discovery

Data Timelines Top Users Top Data Destinations

See all data risks with ease

Accelerated deployments –
no administration needed!

Pivot to policy creation

in a few clicks
Discover Shadow IT Apps and Third-party integrations
Advanced Shadow IT
• Discovery Risky Apps & SaaS Integrations
• Revoke access and stop data loss

Comprehensive Catalog
Unsanctioned
Integration
• 90k Apps and SaaS based services
Risky SaaS • 130k browser extensions
App Platform • In-depth risk attributes from
research and API sandboxing

API

Unsanctioned
Access

Dangerous Cloud
App Usage
Secure Data in Motion: Stop Email Data Loss with Email DLP

Email DLP

Google M365

Block
DLP Quarantine
2 Notify User
Action
Encrypt (Purview)
SMTP
Relay 1
3
MTA
(optional)

Zscaler SmartHost

Unified Policy
Central DLP simplifies protection

In-depth inspection
Secure full email & attachment

Fast Deployment
Easily added to email architecture

2024 Zscaler, Inc. All rights reserved

14
Secure Endpoint Data: A Streamlined Approach to Endpoint DLP

Secure all data with Public

Internet SaaS
single agent (ZCC) Cloud

Supported endpoint channels: Benefits

Removable Storage Consistent Alerting Everywhere
External HD, flash drive, SD cards, etc Unified policy across endpoint, inline & cloud

Printing Centralized Quick Deployment

Network, local, print to PDF, etc. Leverage existing Zscaler DLP policy
DLP Policy

Network Shares Retire Device Agents

Reduce device footprint - better user experience
Personal Cloud Storage
Faster Incident Management
Single Agent Forensics, dashboards & workflow automation
Light weight,
high performance

Windows and MacOS Support

2024 Zscaler, Inc. All rights reserved

15
Secure SaaS Data: Reduce Risks with a SaaS Security Platform

Unified SaaS Security

SaaS
Bring together everything for SaaS security into one place:
Platforms
and Apps

Posture Management (SSPM)

Fix dangerous misconfigurations and control posture drift

App Governance (Supply Chain)

Control SaaS Sprawl and reduce 3rd party access to data

Unified Data Security (API CASB)

Discover and secure sensitive data
SaaS Security

Identity Security
Identify user risks, suspicious activities, and improve posture

Improved context, correlation and risk reduction

2024 Zscaler, Inc. All rights reserved

16
Secure Data in Motion: Protect Data from Gen AI

Gen AI security with prompt visibility

Block data
Generative AI:
Types of Gen AI Security NEW!
Get prompt visibility
data risks
DLP Inspection
Block sensitive data
Internal
source code

Confidential
content

Control access
Sensitive
analysis Cloud App Control
User App Prompt DLP Engine
Block app or warn user
Define addition function
Browser Isolation Joe@acme.com ChatGPT Def addition (number 1, number 2): Source Code
Print (Addition result:”, result)
Isolate app and data
Create a customer email to his request
Sue@acme.com Gemi PCI
including to bill his credit card #

2024 Zscaler, Inc. All rights reserved

17
Secure SaaS Data: Enable Microsoft CoPilot while controlling data risks

Microsoft
M365 Copilot

Employee Records
How Zscaler Secures Copilot Data
CxO Documents
Acquisition Plans
Map risks
API Find and classify OneDrive data

Limit CoPilot Discovery

Revoke excessive permissions on
Challenges with CoPilot: sensitive data

CoPilot Security Fix CoPilot Misconfigurations

Data Discovery Oversharing
Find and close issues that enable
Over-permissioned data oversharing
can be discovered in CoPilot
Prompt Visibility
Risky Prompt Output View and classify input prompts
CoPilot output overshares
Block Prompts with Sensitive Data
sensitive data too widely Prompt Output:
All Employees Inline DLP to Inspect and block
Salaries! sensitive data to CoPilot

2024 Zscaler, Inc. All rights reserved

Secure Cloud Data: Protect Clouds and Stop Breaches with DSPM

Map data stores Understand risks Policies and insights

Azure GCP • Buckets, VMs DBs • Discover sensitive data • Actionable insights
• Virtual machines • Entitlements to sensitive data • Correlate events
Databases Misconfigurations & Prioritize risks
AWS
• • •

vulnerabilities
• Data access patterns

Discover Map & Remediate

1 2 3
Services Track Risk Risk

Zscaler Data Security

Posture Management
(DSPM)

Define DLP once

Zscaler DLP

Integrated DLP to secure structured & unstructured data in public cloud

2024 Zscaler, Inc. All rights reserved

20
 List of Detectors

Zscaler Detectors In / Out Explanation

Prompt Injection IN Detect and prevent malicious or unauthorized modifications to input prompts.

Invisible Text IN Identifies hidden or obscured text within digital content

Code Detection BOTH Filter and restrict the use of specific programming languages

Language Detection BOTH Detect and block unwanted languages across your platforms

Gibberish BOTH Identify and filter out nonsensical or meaningless text

Competition BOTH Prevent the inclusion of competitor names in the prompts submitted by users.

Topics BOTH Filter and control content by identifying and blocking specific topics.

Text BOTH Leverages customizable regular expressions to detect and block unwanted text patterns.

Detects and filter harmful language.

Toxicity BOTH

Secrets BOTH Detect and block sensitive information such as API keys, emails, passwords, and other confidential data .

Detect and block sensitive information such as API keys, emails, passwords, and other confidential data in real-
PII BOTH
time.

Refusal Out Tracks instances where large language models decline to provide responses or perform specific tasks

Malicious URL Out Flags potentially harmful or deceptive URLs generated within AI responses
Out
URL Reachability URLs are accessible and functioning correctly by continuously testing and verifying link status in real time
VDI Alternative: Agentless BYOD Access to SaaS & Private Web Apps

VDI or Enterprise Browser Agentless

Internet Private Internet Private

& SaaS Web App & SaaS Web App

Virtual Desktop
Infrastructure (VDI)
Public Secure access without
VDI costs and complexity
Servers (Sizing & Scaling)

Secure App Access & Storage

BYOD Portal: Available Apps
Non-persistent View/Share files across SaaS &
Instance
Data sent Private Web Apps
to device
Complex Powerful Data Protection
Management Isolated Browser secures data DLP, watermarking & control copy,
download and print
Data risk from
Costly 0-day browser vuln
Operations
Lower TCO
Data Security Fast Experience Agentless access without VDI cost
Air-gapped Secure turbo
Resource intensive & browsing Streaming
Broken User
Experience adoption friction

VDI 3rd Party Agentless BYOD

Agent Enterprise Browser

2024 Zscaler, Inc. All rights reserved

22
Streamline Incident Management with Workflow Automation

DLP Admin User People Manager & HR DLP Admin

Workflow Automation “It’s ok –
Data “Train user on Close Incident &
Justify incidents while Justification needed for Escalate Resolve
Incident correct policy” Create Workflow
enabling user coaching business”

Incident Notification:

A violation needs
your attention

Incident Link

Please provide
justification

It’s Ok.
Needed for business

Engage and coach

users on violations Automate repetitive tasks
Full Incident details and forensics (notifications, escalation, ect)

2024 Zscaler, Inc. All rights reserved

23
Top Initiatives for Data Protection

Secure Gen AI
Stop loss to shadow AI
Consolidated Unified
Data Protection SaaS Security

Web DLP, Email DLP, CASB, SSPM and

Endpoint DLP Supply Chain

Secure Public VDI Alternative

Cloud Data
Secure data with
DSPM Browser Isolation

Retire point products Stop data breaches Enforce regulatory compliance

2024 Zscaler, Inc. All rights
reserved
Selecting the right Data Protection Platform?

How granular is the policy engine

Granular policy engine helps reduce false positive

Are files process in memory or disk

Ensure that files are process in memory as Data is move out of your environment

How comprehensive is the Data Protection Platform

Inline DLP, CASB, endpoint DLP, email DLP, SaaS, IaaS, Private apps, BYOD

Can the DLP still work offline

Many endpoint DLP blocks all when endpoint is offline

2024 Zscaler, Inc. All rights reserved

Thank you!