Zscaler announced the launch of Posture Control at its Zenith Live conference. The solution is intended to take cloud-native application security to a higher level. It helps DevOps teams prioritize and remediate risks earlier in the development process.
Posture Control is tailored to secure cloud workloads. It builds on Workload Communications, Zscaler’s solution for securing applications at runtime. By integrating with the Zscaler for Workloads service, Posture Control and Workload Communications can be combined to unify the development and runtime security of cloud-native and virtual machine-based applications, irrespective of the service or cloud used.
One of Posture Control’s features makes it possible to identify and assess multiple-security problems. Zscaler defines multiple-security problems as issues that are individually seen as small risks, but collectively represent large risks in cloud environments. The risks are unified in Posture Control, giving security teams the information they need to assess the issue.
Zscaler also wants to remove blind spots caused by incomplete coverage of security tools. Posture Control is agentless and fully API-based. VMs and containers are scanned in both registries and production environments. The solution correlates vulnerabilities with other cloud weaknesses to determine the need for action based on risk. Zscaler wants to move companies away from exclusively assessing threats through CVSS scores.
As mentioned above, Zscaler also wants to tackle security problems earlier in the development phase. To do so, it applies a shift-left approach. Zscaler monitors automated deployment processes and sends alerts when critical problems are found.
Integrations with other solutions
To make Posture Control widely applicable, Zscaler also worked on integrations. For instance, the solution works with development tools such as Visual Studio Code, GitHub and Jenkins, as well as major cloud providers. Zscaler thereby aims to provide 360-degree insight into risks across the entire multicloud, including VMs, containers and serverless workloads.
The company is also strengthening its ties with HashiCorp. Posture Control can scan infrastructure-as-code templates written in Terraform. This makes it easier to build security into the CI/CD process.