Virtualization Technology News and Information
Black Hat USA 2023 Q&A: Zscaler Will Showcase Its Zero Trust Exchange Platform and Its 2023 ThreatLabz Ransomware Report


Are you getting ready for the upcoming Black Hat USA 2023 event, an internationally recognized cybersecurity event providing the most technical and relevant information security research, now in its 26th year.  The event is quickly approaching, taking place August 5-10, 2023, returning to the Mandalay Bay Convention Center in Las Vegas, NV with a 6-day program. 

Ahead of the show, VMblog received an exclusive interview with Deepen Desai, Global CISO and Head of Security Research at Zscaler, a leader in cloud security.  Make sure to add them to your MUST SEE list.


VMblog:  Before we get into it, can you give us a quick overview of the company?  What should folks know?

Deepen Desai:  Zscaler accelerates digital transformation so customers can be more agile, efficient, resilient, and secure. The Zscaler Zero Trust Exchange platform protects thousands of customers from cyberattacks and data loss by securely connecting users, devices, and applications in any location. Distributed across more than 150 data centers globally, the SSE-based Zero Trust ExchangeTM is the world's largest in-line cloud security platform.

VMblog:  You are sponsoring the upcoming Black Hat USA event.  How can attendees find you at the show?  Does your booth have a theme?  How many folks are you sending?

DesaiZscaler will be appearing in the Mandalay Bay Convention Center at booth #1660 located along the main pathway near the middle of the event hall straight back from the main entrance. We are sending approximately two dozen staff members this year to welcome visitors in the booth and conduct 1:1 meetings in our dedicated meeting room just off the main showroom floor.

VMblog:  The show is focused on cybersecurity.  What specific problem is your company and technology addressing?

DesaiZscaler offers comprehensive cybersecurity solutions to address the specific challenges faced by security practitioners, including:

  1. Cloud Security Platform: Zscaler provides cloud-native security solutions that are designed to protect users, data, and applications regardless of their location. This approach ensures consistent and effective security, whether users are within the corporate network or working remotely.
  2. Zero Trust Architecture: Zscaler follows a Zero Trust approach, which means that it never trusts any user or device by default, regardless of their location. This enhances security by enforcing strict access controls and verifying users' identities before granting them access to resources.
  3. Protection against Ransomware and Cyber Threats: Zscaler's advanced threat protection capabilities safeguard against ransomware and various cyber threats. Its security platform analyzes traffic in real-time, detecting and blocking malicious activities before they can cause harm.
  4. Data Loss Prevention (DLP): Zscaler incorporates Data Loss Prevention measures to prevent sensitive data from leaving the organization's network without proper authorization. This helps protect against data breaches and compliance violations.
  5. Security Research and Insights: Attend our speaking session with Deepen Desai, Zscaler's Global CISO & Head of Security Research, and Brett Stone-Gross, Senior Director of Threat Intelligence, to discover valuable security research and insights from ThreatLabz. These insights empower security practitioners to stay ahead of emerging threats and trends.

Combining cloud-native security, Zero Trust principles, advanced threat protection, DLP, and expert insights, Zscaler provides security practitioners with robust tools and knowledge to bolster their cybersecurity defenses and mitigate risks effectively.

VMblog:  What are some of the key takeaways of your solution that Black Hat attendees should be aware of? What are some of the security best practices you would deem critical?

DesaiAs Black Hat attendees engage with Zscaler this year, here are some key takeaways they should be aware of:

  1. Zero Trust Architecture: Attendees should understand the importance of Zero Trust in reducing the attack surface, verifying user identities, and applying access controls based on continuous verification, ultimately minimizing risks of unauthorized access, lateral movement, and data loss.
  2. Integrated Security Suite: Zscaler provides a comprehensive suite of integrated security services in a single platform. This includes web security, cloud firewall, full SSL inspection, browser isolation, sandboxing, DLP, deception technology, threat protection, and more. Attendees can explore the benefits of centralized security management and streamlined operations, improving efficiency and response times.
  3. Expert Insights: Attendees should take advantage of Zscaler's security research team, led by industry experts like Deepen Desai, to gain valuable insights into the latest cyber threats and trends. Leveraging this information can empower organizations to stay ahead of emerging risks.
  4. Proactive Protection: Zscaler leverages AI and machine learning to offer proactive threat detection and response. By attending Zscaler sessions, attendees can learn about the cutting-edge technologies that help identify and mitigate evolving cyber threats in real-time.
  5. Future-Proof Security: Zscaler's focus on transforming the foundation of security with Zero Trust Architecture ensures that organizations can adapt and scale their security measures to meet the challenges of the future. Black Hat attendees should explore how Zscaler's solutions can future-proof their security practices.

VMblog:  The market is a crowded space.  What is it about your company and technology that sets you apart from the competition?  What are your differentiators?

DesaiZscaler stands out from the competition due to several key differentiators that make us the leader in zero trust security across the cybersecurity industry:

  1. Cloud-Native Security: Unlike traditional security solutions that rely on on-premises hardware, Zscaler is a cloud-native platform. This approach enables it to provide seamless security for users and data, regardless of their location, without the need for complex hardware deployments.
  2. Zero Trust Architecture: Zscaler adopts a Zero Trust security model, which means it never trusts any user or device by default. Every user and device must be verified before gaining access to resources. This proactive approach enhances security by minimizing the attack surface and reducing the risk of unauthorized access.
  3. Global Security Fabric: Zscaler has an extensive global network of security gateways strategically placed around the world. This Security Fabric enables secure and optimized traffic routing, delivering high-performance security and low-latency user experiences.
  4. Integrated Security Platform: Zscaler offers a comprehensive suite of security services that are tightly integrated into a single platform. This includes web security, cloud firewall, sandboxing, data loss prevention (DLP), advanced threat protection, and more. The integrated approach simplifies security management and ensures consistent protection across all devices and locations.
  5. Secure Service Edge (SSE) Innovation: Zscaler is at the forefront of delivering the most comprehensive SSE solution available in a single platform. Enabling organizations to embrace a holistic and agile security approach while optimizing network performance.
  6. AI and Machine Learning: Zscaler leverages AI and machine learning technologies to continuously improve its threat detection and response capabilities. These advanced technologies enable the platform to identify and mitigate emerging threats in real-time, providing proactive protection against evolving cyber threats.
  7. Security Research and Insights: Zscaler's security research team, led by industry experts like Deepen Desai, provides valuable insights and threat intelligence to customers. This information helps organizations stay informed about the latest cyber threats and industry trends, empowering them to make more informed security decisions.

Overall, Zscaler's cloud-native architecture, Zero Trust principles, global security fabric, integrated security platform, SSE innovation, AI-driven approach, and expert insights make it a standout cybersecurity solution provider, helping organizations to secure their digital transformation and defend against modern cyber threats effectively.

VMblog:  Is your company launching anything new at the show?  Can you give us a sneak peek?

DesaiZscaler is sharing the recently launched 2023 ThreatLabz Ransomware Report at this year's show, highlighting recent trends in the threat landscape and covering the top ransomware families, tactics, techniques, and targets by regions and industry vertical observed by Zscaler's ThreatLabz researchers in Zscaler Cloud.

VMblog:  What are some of the top priorities you believe attendees at Black Hat should be considering for 2023/2024?


  1. Zero Trust Security Architecture: Embracing a Zero Trust approach is crucial for Black Hat attendees over the next year because it overcomes the challenges presented by a traditional security model of trusting internal networks. With the rise of remote work, cloud services, and mobile devices, the perimeter-based security approach has become obsolete. Zero Trust Architecture ensures that no user or device is inherently trusted, no matter where they are located. By verifying identities and continuously validating access, organizations can fortify their security posture against evolving threats, including insider threats and lateral movement by attackers. Implementing Zero Trust architecture lays a strong foundation for future-proofing security, ensuring adaptability and scalability as cyber threats continue to evolve.
  2. Security Across the Supply Chain: In today's interconnected world, the security of the entire supply chain has a direct impact on an organization's security posture. Black Hat attendees should prioritize understanding and addressing security vulnerabilities across the supply chain. Supply chain attacks can target third-party vendors, suppliers, or partners, exposing organizations to significant risks. By conducting thorough risk assessments, implementing vendor security evaluations, and enforcing security standards throughout the supply chain, attendees can minimize the potential for breaches originating from supply chain weaknesses. Proactive measures in this area can prevent a single vulnerability in the supply chain from becoming a widespread security problem for an organization.
  3. Proactive Defense for IoT/OT Devices: The proliferation of IoT (Internet of Things) and OT (Operational Technology) devices introduces a growing security challenge. These devices often have limited security features and can be entry points for cyber attackers. Black Hat attendees should prioritize adopting proactive defense strategies to secure IoT/OT devices effectively. This includes implementing device authentication, encryption, continuous monitoring for suspicious activities, and embracing zero trust security architecture to minimize the threat that these vulnerable points of entry can pose to an organization. By doing so, they can mitigate potential risks and safeguard critical infrastructure and sensitive data from emerging threats in the IoT/OT landscape.

Embracing priorities such as Zero Trust Security Architecture, securing the supply chain, and implementing proactive defense for IoT/OT devices, Black Hat attendees can strengthen their security postures and stay resilient in the face of evolving cyber threats. These priorities offer a forward-looking and comprehensive approach to addressing the dynamic and complex challenges in the cybersecurity landscape, ensuring organizations are better prepared to protect their assets and data in the future.

VMblog:  What can attendees, customers and business partners expect to see from Zscaler this year?

DesaiSecurity practitioners can expect to see a lot more great things coming from Zscaler this year and beyond including:

  • Industry focused ThreatLabz Research
  • Recently, at our annual user conference we announced a set of advanced security solutions designed for IT and security teams to leverage the full potential of generative AI while preserving the safety of enterprises' intellectual property and their customers' data.
  • And, multiple new cybersecurity services and capabilities which further extend the power of its Zscaler Zero Trust ExchangeTM cloud security platform.

VMblog:  If you were presenting on the keynote stage, what trends do you see that companies should be paying special attention to in 2023 and beyond?

DesaiThe Rise of AI, What's coming and What to do about it

VMblog:  Does your company have any speaking slots at Black Hat?  If so, can you tell us more about those sessions so people can get them on their schedules?

DesaiYes, Join Zscaler's exclusive presentation on "Where is the Ransomware: The Rise of Encryption-less Extortion Attacks and the Latest Ransomware Trends." Discover insights from industry experts Deepen Desai, Global CISO & Head of Security Research, and Brett Stone-Gross, Senior Director of Threat Intelligence, as they unravel the evolving ransomware landscape and share cutting-edge strategies to protect your organization. Mark your calendar for Thursday, August 10, 10:20 AM PST, and secure your spot to learn about the latest trends in ransomware.

VMblog:  As a show sponsor, do you have any tips for attendees to better prepare for the conference?

DesaiTo get the most out of your time at Black Hat this year, it is best to have a game plan to cover the basics during this short event:

  1. Research Speaker Backgrounds: Check the conference schedule to identify the sessions or workshops focused on your topics of interest. Then research the background and expertise of the speakers presenting in these sessions to gauge their level of knowledge and industry experience and help you weed out the uninformative sales pitch sessions.
  2. Identify Specific Areas of Interest: Identify specific areas of interest within the domain that align with your organization's needs or interests. This will help you prioritize the sessions you attend and make the most out of your time at the conference.
  3. Prepare Questions: Prepare a list of questions about the security frameworks or initiatives you'd like answered during the show. Engaging with the vendors in their booths and speakers after their sessions to ask relevant questions can help sharpen your understanding of the subject matter.
  4. Attend Speaking Sessions, Booth Presentations, and Demos: These direct experiences can expose you to the experts and rapidly enhance your understanding of the problems facing practitioners and facilitate deeper learning about the solutions by allowing you to see practical implementations in action, get follow-up demos, and ask direct questions face to face.
  5. Review Case Studies: Look for real-world case studies or success stories of organizations that have implemented the security solutions you are most interested in learning about during the show. These examples can provide valuable insights into practical applications and the benefits of adopting such an approach.


Published Thursday, August 03, 2023 7:32 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<August 2023>