ZS

Zscaler, Inc. . (NASDAQ: ZS), the leader in cloud security, today announced the intent to acquire Canonic Security, a SaaS application security platform innovator. Canonic’s platform is designed to prevent organizations' growing risks of SaaS supply chain attacks. With the massive migration to the cloud, as organizations are adopting hundreds of SaaS platforms, their users are connecting thousands of third-party applications and browser extensions to their critical SaaS platforms like Atlassian Suite, Microsoft 365, Salesforce, Google Workspace, and Slack without IT’s permission. Corporate IT believes its critical data assets are stored and protected in enterprise-ready SaaS platforms. In reality, these assets are held in third-party drives, email clients, and chatbots, bringing data exposure and cyber risk to their SaaS supply chain. Canonic’s solution allows cybersecurity and IT teams to quickly gain visibility to this ungoverned surface area and streamline SaaS application governance and enforcement.

By integrating the new supply chain security capabilities into its data protection services, Zscaler strengthens its CASB (Cloud Access Security Broker) and SSPM (SaaS Security Posture Management) offerings enabling companies to consolidate point products reducing cost, and simplifying management. This new capability builds upon the company’s recently announced industry-first, zero configuration data protection solution, and Zscaler’s commitment to data protection wherever the data resides.

“When I speak with the top global CIOs, they consistently express their challenges with efficiently securing supply chain logistics due to the massive blind spot in SaaS-to-SaaS communications. While protecting SaaS platforms is necessary with CASB and SSPM, enterprises must reduce the supply chain attack surface, detect SaaS-native threats and automate responses,” said Jay Chaudhry, CEO, chairman and founder, Zscaler. “The addition of Canonic augments our CASB and SSPM capabilities and further strengthens the growing set of services on the Zscaler Zero Trust Exchange, the world’s largest cloud security platform, and provides our customers with unprecedented visibility and security of their SaaS applications. I am pleased to welcome the Canonic team to the Zscaler family as we execute on our vision to advance SaaS security.”

“While the SaaS ecosystem continues to grow, traditional CASB and SSPM solutions fall short to secure against the massive amount of supply chain attacks that are targeting organizations and their critical business applications,” said Boris Gorin, co-founder and CEO, Canonic Security. "The combination of Canonic with Zscaler’s existing inline and out-of-band CASB and SSPM offerings is an ideal technology fit that will accelerate how enterprises address SaaS-native threats and simplify operations by reducing the number of tools for SaaS security.”

According to research firm Gartner®, “SaaS remains the largest public cloud services market segment, forecasted to reach $176.6 billion in end-user spending in 2022. Gartner expects steady velocity within this segment as enterprises take multiple routes to market with SaaS.”1 This large-scale move to the cloud has made it difficult for enterprise security operations teams to take control over their growing SaaS app estate and address exposure of their critical cloud data due to the SaaS supply chain – creating a greater attack surface for data breaches. These pain points are amplified due to the current IT skills gaps in the rapidly evolving cloud security space, resulting in an inability for IT to effectively manage the unwieldy set of settings and permissions for which they are responsible.

The addition of Canonic’s advanced SaaS security to Zscaler’s existing data protection will enable customers to:

• Monitor SaaS Security Posture: Automate continuous monitoring of potentially fatal misconfigurations and compliance violations in SaaS platforms such as Atlassian Suite, Google Workspace, Microsoft 365, Salesforce and Slack.
• Discover and Assess Third-Party Apps and Extensions: Gain full visibility over first, second and third-party apps and API integrations across the enterprise business application estate. Uncover rogue and vulnerable apps, assess each integration posture, behavior and the risk involved with its API access and browser extensions.
• Reduce Attack Surface: Quarantine suspicious apps, reduce excessive and inappropriate privileges, revoke and block access if necessary.
• Enforce Access Governance: Enable app integrations by automating app-vetting and app access recertification processes.

The transaction is expected to close following the completion of Zscaler’s fiscal second quarter subject to the satisfaction of customary closing conditions. Terms of the transaction were not disclosed.

For more information please see “A New and Critical Layer to Protect Data: SaaS Supply Chain Security” on the Zscaler blog.

________________________1 Gartner Forecasts Worldwide Public Cloud End-User Spending to Reach Nearly $500 Billion in 2022, 19 April 2022,https://www.gartner.com/en/newsroom/press-releases/2022-04-19-gartner-forecasts-worldwide-public-cloud-end-user-spending-to-reach-nearly-500-billion-in-2022. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission.All rights reserved.

Forward-Looking StatementsThis press release contains forward-looking statements that are based on our management's beliefs and assumptions and on information currently available to our management. These forward-looking statements include the expected benefits of the acquisition to Zscaler’s product offerings and to our customers. These forward-looking statements are subject to the safe harbor provisions created by the Private Securities Litigation Reform Act of 1995. A significant number of factors could cause actual results to differ materially from statements made in this press release, including those factors related to our ability to successfully integrate Canonic technology into our cloud platform and our ability to retain key employees of Canonic after the acquisition.

Additional risks and uncertainties are set forth in our most recent Annual Report on Form 10-Q filed with the Securities and Exchange Commission (“SEC”) on December 7, 2022, which is available on our website at ir.zscaler.com and on the SEC's website at www.sec.gov. Any forward-looking statements in this release are based on the limited information currently available to Zscaler as of the date hereof, which is subject to change, and Zscaler will not necessarily update the information, even if new information becomes available in the future.

About Zscaler

Zscaler (NASDAQ: ZS) accelerates digital transformation so customers can be more agile, efficient, resilient, and secure. The Zscaler Zero Trust Exchange protects thousands of customers from cyberattacks and data loss by securely connecting users, devices, and applications in any location. Distributed across more than 150 data centers globally, the SSE-based Zero Trust Exchange is the world’s largest in-line cloud security platform.

Zscaler™ and the other trademarks listed at https://www.zscaler.com/legal/trademarks are either (i) registered trademarks or service marks or (ii) trademarks or service marks of Zscaler, Inc. in the United States and/or other countries. Any other trademarks are the properties of their respective owners.

Media Contact:Pavel Radda or Natalia Wodeckipress@zscaler.com

Investor Relations Contact:Bill Choi, CFAir@zscaler.com