Zscaler is a cloud-delivered security platform that routes users’ web, SaaS, and private-application traffic through policy enforcement points rather than relying solely on an enterprise network perimeter. Its functions can include a secure web gateway, cloud firewall, malware and phishing inspection, data-loss controls, and zero-trust access, which grants access to specific applications based on identity and device context instead of broad network connectivity.
Security coverage depends on correct identity policies, traffic steering, endpoint agents, application connectors, and integrations with directories and security tools. Vulnerabilities or misconfigurations in those components can expose internal applications, bypass inspection, or disrupt access; compromise of an administrative account or control plane could also change policies broadly. HTTPS inspection requires installed trust certificates and creates material privacy and compliance considerations, so organizations should limit decryption, protect logs, and define retention. Advisories under this tag may therefore concern the cloud service, client software, connectors, APIs, or dependent identity systems, and should be assessed alongside configuration review and access-control monitoring.