Zscaler Introduces a Game-changing Solution for Simplifying Zero Trust on LANs

Zscaler Adds Airgap Device Segmentation to Empower Clients With Zero Trust for LAN Agents

With the recent acquisition of Airgap Networks, and the new Zero Trust Device Segmentation, Zscaler made a gigantic step forward in its zero trust SASE leadership. The adoption of zero trust at the LAN level eliminates the need for east-west firewalls, network access controls (NACs), and micro-segmentation to deliver greater operational simplicity at a time when bad actors are becoming faster and more efficient at evading even the most sophisticated security controls with AI-enhanced social engineering and identity-based attacks. Once they compromise an organization, they then move laterally to get to sensitive data or critical resources. 

Zscaler's identity-based, agentless device segmentation simplifies the traditionally complex task of segmenting network traffic within corporate campuses, data centers, and operational technology (OT) environments, providing companies with a practical, scalable solution to protect critical assets and prevent the lateral movement of threats. 

Through its partnership with Zscaler, WWT offers clients this comprehensive solution to enhance security and simplify network management while reducing operational expenses and accelerating the implementation of zero trust.

The Rising Complexity of Cybersecurity 

Modern cyberattacks are increasingly complex, with cybercriminals using advanced tools to evade even the most sophisticated defenses. For just one example, AI-enhanced techniques now enable adversaries to launch precise social engineering and identity-based attacks, bypassing traditional perimeter defenses and infiltrating networks at a deeper level. Once inside, these malicious actors move laterally, or east-west, through the network, aiming to reach sensitive data or critical resources. This mode of attack is often difficult to detect and contain, especially in legacy network environments where traditional firewall-based segmentation has become inefficient and challenging to manage.

Organizations are tasked with staying ahead of the dizzying number of evolving threats, often with limited resources and complex network infrastructures. The traditional approach to limiting lateral movement—using firewalls, NACs, and micro-segmentation technologies—places a heavy operational burden on internal IT and security teams. As cyberthreats escalate, zero trust architectures that secure the entire attack surface, including LAN environments, are essential.

Complexity and Maintenance Overhead

Traditional segmentation approaches require continuous maintenance, including the management of complex access control lists (ACLs) and firewall rules based on IP addresses and virtual local area networks (VLANs). Misconfigurations and policy drift are common, resulting in segmentation gaps and potential vulnerabilities. 

Other challenges include: 

• Resource Intensiveness: Maintaining network segmentation requires skilled resources and places a heavy workload on network and security teams, particularly when dealing with a constantly changing environment. This strain often leads to incomplete segmentation projects or implementations that fall short of security goals.
• Operational Inefficiencies: Organizations often need to deploy additional network infrastructure to achieve segmentation, leading to higher operational costs and complicated configurations that may impact performance and the user experience.

Zscaler's agentless segmentation technology, on the other hand, eliminates the need for complex hardware and IP-centric policies by creating a "network of one" for each device through an agentless, identity-based segmentation model. 

Using a dynamic host configuration protocol (DHCP) proxy, Zero Trust Device Segmentation intercepts DHCP requests, dynamically assigning each endpoint a unique IP and default gateway, creating an isolated network environment for each device. For static IP devices, there are automation scripts provided to clients so that the netmask can be changed without losing sessions or requiring endpoint reboots. By providing consistent identity-based segmentation, Airgap prevents lateral movement without adding additional hardware, making it a game-changing solution for simplifying zero trust on LANs.

Why Zscaler Zero Trust Device Segmentation is a Game-Changer 

Airgap's integration into the Zscaler suite offers a powerful solution that provides benefits, such as:

• Cost Savings and Simplified Management: Zero Trust Device Segmentation replaces the need for complex, hardware-intensive segmentation solutions such as NACs and east-west firewalls, lowering both capital and operational expenditures. This reduced hardware and complexity simplifies network management, allowing internal resources to focus on proactive security strategies rather than reactive troubleshooting.
• Scalability and Speed: Unlike traditional approaches that can take months to deploy and configure, Zero Trust Device Segmentation agentless solution can be deployed in hours across thousands of endpoints, making it an ideal choice for large, dynamic enterprise environments. What's more, its flexibility allows companies to scale security policies in line with business growth without disrupting existing network configurations.
• Universal Compatibility and Coverage: Zero Trust Device Segmentation is universally compatible across endpoint types, from IoT devices, such as cameras and sensors, to standard IT assets such as desktops and servers. This versatility provides clients with comprehensive security coverage across diverse network environments, from corporate offices to industrial sites.

Enhancing Zero Trust Across the LAN with Zscaler Device Segmentation

Zscaler's cloud-native Zero Trust Exchange, combined with Airgap's unique segmentation technology, provides a holistic security solution that extends zero trust protections across both the perimeter and internal network environments. By securing LANs, Zscaler enables organizations to achieve comprehensive protection across the full attack surface, enhancing both security and operational efficiency.

Through this integration, Zscaler's Zero Trust Exchange can protect east-west traffic, effectively eliminating the need for traditional segmentation technologies. The combined solution enables organizations to move away from legacy firewall and NAC solutions, simplifying network infrastructure and ensuring that security policies are consistently enforced across all devices and users. 

This approach is particularly beneficial for organizations with complex network environments, including those with significant operational technology (OT) assets, such as manufacturing plants and distribution centers, which face unique security challenges.

Take a Strategic Approach to Zero Trust

Implementing zero trust requires a strategic approach, particularly for organizations with extensive legacy infrastructures. Consider working with a partner such as WWT that can leverage deep expertise to zero trust adoption, guiding clients through both brownfield and greenfield deployments.

For WWT clients, the integration of Airgap into Zscaler's suite offers the following benefits:

• Strategic Planning and Roadmap Development: WWT works with clients to assess their current infrastructure, identify high-priority assets, and develop a phased implementation plan. By beginning with critical applications and sensitive user groups, WWT helps organizations achieve early wins before scaling throughout the entire organization.
• Brownfield Expertise: Many WWT clients have extensive technical debt due to legacy infrastructure and multiple vendor solutions. WWT's team specializes in helping clients consolidate and streamline these environments, reducing operational complexity and vendor dependency. This portfolio consolidation approach is particularly valuable for organizations in regulated industries, such as finance and healthcare, where compliance requirements add complexity.
• Long-Term Operational Efficiency: By consolidating security portfolios and reducing operational overhead, WWT enables clients to allocate resources more effectively, resulting in long-term cost savings. With WWT's support, clients can transition away from legacy technologies, such as NACs and internal firewalls, simplifying their security architecture while achieving greater resilience against emerging threats.

Real-World Applications and Success Stories

The Airgap technology has already proven successful across industries. Here are just a few success stories:

• Healthcare Case Study: A large healthcare provider in the Midwest faced challenges with legacy medical devices running outdated operating systems, which made them vulnerable to cyberattacks. Traditional upgrades were cost-prohibitive, so the organization sought an alternative that could secure these devices. By deploying Zscaler Zero Trust Device Segmentation technology, the healthcare provider achieved compliance with cyber insurance requirements and reduced premiums, as Airgap isolated these devices, preventing any vulnerabilities from spreading across the network.
• Retail Case Study: During a period of geopolitical tension, a large retail chain identified potential security threats within its environment. With Zero Trust Device Segmentation, the company rapidly deployed segmentation across its stores, warehouses, and corporate offices in less than 96 hours, significantly mitigating risk and ensuring security consistency. This rapid deployment not only provided immediate protection but also demonstrated Airgap's scalability and efficiency in large-scale retail environments.
• Manufacturing Case Study: A global manufacturing enterprise with aging OT systems was experiencing frequent security incidents due to malware infiltration from third-party equipment. Traditional security measures were ineffective, resulting in production downtime. With Zero Trust Device Segmentation, the manufacturer was able to isolate each device, reducing downtime by 30% and eliminating thousands of trouble tickets annually. This deployment streamlined operations, improved security, and led to substantial cost savings.

Unique Features

Among Zero Trust Device Segmentation's most innovative features is its ransomware kill switch, a four-level security escalation system. The kill switch allows organizations to adapt their security policies based on the level of threat detected. For example, when ransomware or other high-risk threats are identified, the kill switch can activate an immediate lockdown, preventing the spread of malware across the network. The ransomware kill switch is particularly valuable for high-risk environments, such as financial institutions and manufacturing plants, where even a minor breach can have severe operational consequences.

How the Kill Switch Works

The Zero Trust Device Segmentation ransomware kill switch helps organizations respond instantly to suspected ransomware threats. Operating much like a "DEFCON level" for cyber threats, this feature allows organizations to adjust security policies based on perceived threat levels. With four levels of threat posture—from "normal" to "severe"—the kill switch dynamically changes security settings in real-time, limiting network access and isolating potential threats before they can spread.

By providing an immediate response mechanism, the kill switch helps organizations contain potential threats in real time, reducing the impact on critical systems. This feature also provides peace of mind to clients, as it automates response actions without requiring teams to diagnose or troubleshoot before containing a threat.

The Future of Zero Trust: Continuous Innovation and Industry Transformation

The combination of Zscaler's Zero Trust Exchange and its Airgap segmentation technology enables organizations to address today's challenges while preparing them for emerging risks. As cybersecurity threats continue to evolve, the need for scalable, easy-to-implement security solutions will only increase.

The Role of WWT in Zero Trust Transformation

WWT's role as a trusted advisor ensures that clients receive expert guidance on zero trust strategy and implementation. Beyond installing Airgap, WWT provides clients with a structured roadmap and ongoing support, allowing for flexible, phased implementation aligned with a client's unique needs. By offering long-term support, WWT helps clients adapt their security approach as their organizations grow, ensuring sustained security benefits.

Vendor and Tool Consolidation

For many organizations, consolidating vendor portfolios is a critical goal. WWT's expertise enables clients to streamline their security infrastructure, reducing both costs and the burden on internal teams. As organizations integrate Zscaler, they can phase out older, less efficient tools and instead rely on a simplified, more cohesive security framework that is easier to manage and scale.

Engage with WWT as you transition to SASE or Security Services Edge (SSE) and leverage our expertise to secure and streamline your IT infrastructure. Here are just some of the ways WWT can assist you:

• Security Assessments: Schedule a visit to our Advanced Technology Center (ATC) for a comprehensive security assessment and see how Zscaler integrates into your security strategy.
• Hands-On Labs: Gain practical experience with our on-demand labs. You can explore various Zscaler solutions and see how they integrate with your existing systems.
• Solution Comparisons: Use WWT's internal testing to compare different solutions and software versions. Our Paper POC process allows you to evaluate technologies based on how well they align with your priorities.
• Custom Testing: Test potential solutions in a lab environment tailored to emulate your own, ensuring the technology fits your specific needs.
• Extensive Resources: Access over 1300 reference labs available at the ATC to deepen your understanding and confidence in choosing the right solution.

About with the Authors

Matt Berry, AVP, Global Field CTO of Cyber, WWT 

Ritesh Agrawal, Vice President of Zscaler & Airgap Networks Founder