Fact-checked by Grok 2 weeks ago

Zscaler

Zscaler, Inc. is an American cybersecurity company specializing in cloud-native zero trust security solutions, founded in 2007 by entrepreneur and headquartered in . The company pioneered the Zero Trust Exchange platform, which delivers secure access to applications and data for users, devices, and workloads regardless of location, replacing traditional VPNs and legacy security architectures with a cloud-based approach that inspects all traffic in real time. Zscaler's core offerings include Zscaler Internet Access (ZIA) for secure gateway and , Zscaler Private Access (ZPA) for to private applications, and additional services such as prevention, workload , and digital experience monitoring. These solutions are delivered via the world's largest inline , processing over 500 billion daily transactions to protect more than 40% of 500. As of 2025, Zscaler reported annual recurring revenue of $3.015 billion, up 22% year-over-year, with approximately 7,900 employees and over 4,000 enterprise customers worldwide. The company went public on the (ticker: ZS) in March 2018, raising $192 million in its , and has since grown into a leader in the (SASE) market, driven by increasing demand for zero trust architectures amid rising cyber threats and adoption. Zscaler's mission is to empower organizations to harness the full potential of and mobility by securely connecting users to applications from any device or location, with global offices spanning , , , and beyond.

Company Overview

Founding and Early Vision

Zscaler was founded in 2007 by in , at a pivotal moment when enterprises were increasingly adopting cloud applications and embracing more mobile workforces. Chaudhry, an experienced entrepreneur in the cybersecurity space, recognized the limitations of traditional on-premises security solutions in securing distributed users and environments, motivating him to pioneer a scalable, -delivered alternative. This vision addressed the growing need for secure access to cloud resources amid rising trends and the proliferation of software-as-a-service () tools, which exposed organizations to new risks from unsecured networks and unmanaged devices. Chaudhry's background shaped this innovative approach, drawing from his successful ventures in technologies. He previously founded SecureIT in 1996, the first pure-play service provider, which was acquired by in 1998. From 2000 to 2006, he led CipherTrust, introducing the industry's first security gateway, which merged with Secure Computing. Concurrently, Chaudhry established AirDefense in 2002, a pioneer in solutions, later acquired by in 2008. These experiences highlighted the inefficiencies of appliance-based systems, inspiring Chaudhry to develop a proxy-free, cloud-native architecture that eliminated hardware dependencies and enabled seamless, scalable protection. The company's initial focus centered on a multitenant designed to supplant legacy VPNs and firewalls, which were ill-suited for the dynamic demands of and access. By delivering directly in the , Zscaler aimed to provide low-latency and without the bottlenecks of traditional perimeter defenses, laying the groundwork for what would evolve into a zero trust model. This architecture emphasized efficiency and adaptability, allowing organizations to protect users regardless of location or device while supporting the secure adoption of emerging technologies.

Headquarters and Global Operations

Zscaler's global headquarters is located at 120 Holger Way in , serving as the central hub for its operations and leadership. The company maintains additional offices across the , including locations in Alpharetta (near ), Chicago, Denver, and New York, to support its domestic sales, engineering, and customer support teams. Internationally, Zscaler operates key hubs in for Europe, Middle East, and Africa (EMEA) activities, for (APAC) expansion, and for and operations, enabling localized service delivery and compliance. As of the end of 2025 (July 31, 2025), Zscaler employs 7,923 people worldwide, with a significant emphasis on and roles distributed across more than 10 countries. Approximately 63% of its workforce is based outside the , reflecting the company's commitment to global talent acquisition and innovation in cloud security. This distributed structure supports Zscaler's cloud-native model, allowing teams to collaborate seamlessly across time zones. Zscaler's revenue for fiscal 2025 totaled $2.673 billion. The company serves over 9,400 customers globally, including over 45% of 500, with customers operating in over 185 countries, underscoring its scale and penetration in enterprise security markets. This international footprint has been bolstered by strategic acquisitions, enhancing its operational reach.

History

2007–2017: Inception and Initial Growth

Zscaler was founded in 2007 by and K. Kailash with a vision to deliver security as a cloud service, shifting from traditional hardware-based approaches. In 2008, the company launched its first cloud-delivered web security service, pioneering a multi-tenant architecture that enabled secure for enterprises without the need for on-premises appliances. By the early 2010s, Zscaler achieved a key milestone by securing Takeda Pharmaceuticals, a Global 2000 company, as a client, which validated the 's readiness for large-scale enterprise deployments. This early adoption demonstrated the service's ability to handle complex, global security needs effectively. Throughout the period, Zscaler raised funding from prominent investors including Accel Partners and Venture Partners, supporting development and market expansion, including an initial of approximately $12 million in 2008 and a $38 million round in 2012. A significant $110 million Series D round in 2015, led by TPG with participation from others, valued the company at over $1 billion, achieving status.

2018–Present: IPO, Expansion, and Recent Milestones

In March 2018, Zscaler went public with its (IPO) on the exchange under the ZS, pricing 12 million shares at $16 each and raising $192 million in gross proceeds. The shares began trading on March 16, 2018, and quickly surged, closing the first day at $33 per share, which propelled the company's initial above $2 billion. Following the IPO, Zscaler experienced robust revenue expansion, growing from $190.2 million in 2018 (ended July 31, 2018) to $2.673 billion in 2025 (ended July 31, 2025), with year-over-year increases consistently exceeding 30% through much of the period, fueled by its subscription-based model that accounted for over 97% of total revenue. This growth reflected strong demand for the company's cloud-native security solutions amid rising cybersecurity needs. In 2022, Zscaler marked its 15-year anniversary since founding in 2007, highlighting a decade-and-a-half of innovation in zero trust architecture and cloud security. By fiscal 2025, the company raised its full-year revenue guidance to $2.659 billion to $2.661 billion in its third-quarter earnings release, coinciding with the announcement of its acquisition of to bolster AI-powered security operations.

Products and Technology

Zero Trust Exchange Platform

The Zscaler Zero Trust Exchange is a cloud-native platform designed as a secure fabric that connects users, devices, applications, and data without relying on traditional perimeters. It implements zero trust principles by enforcing least-privileged access based on , , and , enabling identity-based segmentation that verifies every regardless of location or . This shifts from perimeter defenses to a continuous verification model, ensuring that access is granted only to authenticated entities with appropriate permissions, thereby reducing the in distributed environments. Key components of the Zero Trust Exchange include inline inspection capabilities through its proxy-based architecture, which decrypts and analyzes 100% of , including encrypted TLS/SSL sessions, at scale to detect anomalies in . It integrates AI and for advanced threat detection, automating the identification of sophisticated cyberattacks, , and attempts while minimizing false positives through behavioral analysis and global intelligence sharing. The platform's global network, comprising over 150 centers worldwide, ensures low-latency enforcement by routing to the nearest , providing consistent without . Unlike legacy security models that depend on VPNs for remote access, the Zero Trust Exchange differentiates by eliminating the need for such tools, offering direct, secure user-to-application connections that bypass backhauling traffic to central data centers. This approach enhances and while preventing lateral movement of threats within networks. As of , the platform processes over 500 billion transactions daily, demonstrating its capacity to handle enterprise-scale operations securely.

Core Security Offerings

Zscaler's core security offerings are built on its Zero Trust Exchange platform, providing secure access and threat protection for , private applications, and data. Zscaler (ZIA) serves as a secure gateway designed to protect internet-bound from threats. It inspects all inline, enabling organizations to enforce security policies without traditional hardware appliances. Key features include URL filtering, which blocks access to malicious or inappropriate websites based on predefined categories and custom lists to prevent and distribution. ZIA also performs SSL/TLS inspection to decrypt and analyze encrypted , uncovering hidden threats in over 90% of sessions that are now encrypted, while ensuring compliance with data protection regulations. Additionally, its advanced sandboxing capability isolates and detonates suspicious files in a to detect zero-day before it reaches users, integrating seamlessly with broader threat intelligence feeds. Zscaler Private Access (ZPA) delivers zero trust access specifically for private applications, eliminating the need for VPNs by granting users direct, secure connections based on and rather than network location. This approach uses app segmentation to isolate applications, ensuring that authenticated users can only access specific resources they are permitted to use, thereby preventing lateral movement by attackers within the . ZPA enforces granular policies at the application level, supporting hybrid environments with private apps hosted on-premises or in the , and reduces the by never exposing the full to remote users. Zscaler Data Protection encompasses prevention (DLP) and (CASB) functionalities to safeguard sensitive information across diverse environments, including , IaaS, and on-premises systems. The DLP component monitors data in motion, at rest, and in use, applying predefined dictionaries and policies to detect and block exfiltration of , financial data, or through channels like email, web uploads, and cloud storage. Integrated CASB capabilities provide visibility into shadow IT usage, enforce inline controls for sanctioned applications, and prevent unauthorized data sharing by scanning API interactions and user behaviors in real time. This unified protection ensures encryption and compliance with standards like GDPR and HIPAA, with centralized reporting for auditing data flows. Zscaler Cloud Workload Protection (CWP) provides runtime security for cloud-native workloads, including containers, Kubernetes, and serverless functions, by enforcing zero trust policies to detect and respond to threats in IaaS and PaaS environments. It offers , , and to protect against runtime exploits and misconfigurations without requiring agents in some cases. Zscaler Digital Experience (ZDX) monitors and optimizes end-user digital experiences across networks, applications, and devices, providing visibility into performance issues, latency, and jitter to ensure secure and efficient access in hybrid work environments.

AI-Driven Innovations and SASE Integration

Zscaler has integrated agentic AI into its security ecosystem to enable automated threat response, leveraging the Data Fabric for Security to aggregate and unify data from various tools and systems for real-time analysis and action. This agentic AI capability, enhanced through the August 2025 acquisition of Red Canary, allows for proactive threat prioritization and context-aware remediation, such as monitoring generative AI application prompts to prevent policy violations and data exfiltration. The November 2025 acquisition of SPLX further bolsters these features by introducing shift-left asset discovery, which identifies and classifies models and data early in the lifecycle, alongside automated teaming to simulate attacks and uncover vulnerabilities in systems. These capabilities integrate with Zscaler's Zero Trust Exchange platform, providing and automated responses to mitigate risks from deployment, including of sensitive assets to enforce . In parallel, Zscaler's (SASE) platform converges its core offerings—Zscaler (ZIA) for secure web and cloud access, Zscaler Private Access (ZPA) for zero trust network access—with Zero Trust to deliver unified networking and security services. This architecture supports least-privileged access for users, devices, and workloads, reducing latency and enhancing protection against lateral movement in hybrid environments. Gartner recognized Zscaler as a Visionary in the 2025 Magic Quadrant for SASE Platforms, citing its innovative zero trust approach and completeness of vision in integrating -driven threat protection with SASE components like (CASB), prevention (DLP), and firewall-as-a-service. Among 2025 updates, the SPLX integration enables asset discovery to map and secure enterprise inventories proactively, while inline Gen DLP features protect against data leaks in workflows, having detected over 53.7 million sensitive transactions to platforms like Foundry in recent months. Additionally, Zscaler's ransomware detection capabilities blocked a 145.9% year-over-year increase in attacks from April 2024 to April 2025, as detailed in the ThreatLabz 2025 Ransomware Report, underscoring the platform's efficacy in countering escalating tactics.

Acquisitions

Pre-2020 Acquisitions

Zscaler's acquisition strategy in its early years emphasized targeted investments in to fortify its cloud-native zero trust platform, with deals centered on enhancing threat detection and endpoint protection. In August 2018, Zscaler acquired the and team along with the core technology from TrustPath, a stealth-mode cybersecurity startup based . This acquisition integrated advanced AI capabilities into Zscaler's platform, enabling more sophisticated analysis of the over 50 billion daily transactions processed at peak volumes to derive actionable security intelligence. Specifically, it bolstered user behavioral profiling, enterprise risk assessment, and detection of advanced persistent threats, marking an early step in embedding for proactive defense mechanisms. In May 2019, Zscaler completed the acquisition of Appsulate, a U.K.-based developer of browser isolation technology founded in 2016. Appsulate's cloud-rendering solution, which streams only safe pixels to user devices, was integrated to address web-borne and risks in environments, complementing Zscaler's web gateway services. This move expanded the platform's isolation features, providing granular control over remote browser sessions and reducing the for users without compromising performance. These two pre-2020 deals, both located in the U.S. and with undisclosed values estimated under $50 million combined, exemplified Zscaler's focus on U.S.-centric to build foundational zero trust elements like AI-driven analytics and isolation tech. They contributed to the company's initial growth by accelerating platform maturity ahead of its post-IPO expansion phase.

2020–2025 Acquisitions

During the period from 2020 to 2025, Zscaler pursued an aggressive acquisition strategy to bolster its Zero Trust Exchange platform, completing at least nine acquisitions across the , , and , with a cumulative exceeding $1 billion in disclosed deals alone. These moves reflected a strategic toward enhancing cloud-native , AI-driven threat detection, and operational , particularly as the company scaled post-IPO amid rising demand for integrated operations and protections. Key targets included startups specializing in cloud posture management, microsegmentation, technologies, automation, , data fabrics, and advanced capabilities for managed detection and response (MDR). In 2020, Zscaler targeted foundational cloud security enhancements with two acquisitions. The company first announced its intent to acquire Cloudneeti, a U.S.-based cloud security posture management (CSPM) firm, in April, integrating its compliance and risk assessment tools to strengthen multi-cloud visibility and governance within Zscaler's platform. Later that May, Zscaler acquired Edgewise Networks, a U.S.-based pioneer in zero-trust microsegmentation for application communications in public clouds, to address lateral movement risks in hybrid environments without relying on traditional firewalls. These early deals laid the groundwork for Zscaler's expansion into comprehensive cloud workload protection. The 2021 acquisitions focused on and active defense mechanisms. In , Zscaler acquired Trustdome, a (CIEM) provider, to close visibility gaps in and for workloads, enabling automated and reduction. Just a month later, in May, the company acquired Smokescreen Technologies, an India-headquartered deception technology specialist, to incorporate active defense capabilities like dynamic decoys and lures into its Zero Trust Exchange, helping organizations detect and disrupt advanced persistent threats more proactively. By 2022, Zscaler's strategy emphasized operations with the September acquisition of ShiftRight, a U.S.-based leader in AI-powered , , and response (SOAR). This allowed Zscaler to streamline incident response workflows, correlating threats across its platform for faster remediation and reduced operational overhead in large-scale environments. In 2023, the focus shifted to ecosystem risks, as Zscaler acquired Canonic Security, an Israel-based startup, in February; Canonic's runtime protection for applications enhanced by monitoring and third-party for anomalous behaviors. The 2024 acquisitions accelerated Zscaler's and -centric capabilities. In March, Zscaler acquired Avalor, an Israel-based fabric provider, for approximately $350 million, enabling -powered across disparate sources to improve and incident prioritization. This was followed in April by the acquisition of Airgap Networks, a U.S. firm specializing in agentless , which simplified zero-trust implementations for legacy and assets without performance impacts. These deals positioned Zscaler to handle the growing complexity of enterprise lakes in -era . In 2025, Zscaler's acquisitions underscored a deepening commitment to agentic and governance amid rapid adoption of generative technologies. The company signed a definitive agreement in May to acquire Red Canary, a Denver-based MDR provider, for $675 million, completing the deal in ; Red Canary's -driven threat detection and response platform integrated with Zscaler's data fabric to deliver autonomous operations, reducing mean time to respond (MTTR) for and threats. Later, in November, Zscaler acquired SPLX, a Croatia-founded startup (with operations aligned to U.S. and European markets), for an undisclosed sum, adding automated red teaming simulations, asset discovery, and runtime guardrails to secure the full lifecycle from to deployment. These final deals marked Zscaler's evolution into a leader in -secured zero-trust architectures, investing heavily in operational resilience and proactive defenses.

Leadership

Executive Team

Jay Chaudhry serves as the founder, chairman, and of Zscaler, a position he has held since founding the company in 2007. With over 25 years of experience in the cybersecurity industry, Chaudhry oversees the company's overall strategy and vision, particularly in advancing cloud-native security solutions. Prior to Zscaler, he founded and led several successful cybersecurity ventures, including AirDefense (acquired by ), CipherTrust (merged with Secure Computing), CoreHarbor (acquired by USi/), and SecureIT (acquired by in 1998), establishing a track record of multiple high-profile exits in the sector. Kevin has been the of Zscaler since May 2025, where he manages the company's global financial operations, planning, analysis, and . In this role, has played a key part in providing guidance for 2025, including raising the outlook to between $2.659 billion and $2.661 billion in upon his appointment. He has also supported the financial strategy behind Zscaler's 2025 acquisitions, such as the $675 million purchase of Red Canary in August and the acquisition of SPLX in November, aimed at enhancing AI-driven threat detection and security governance. Before joining Zscaler, served as at BetterUp and , where he led financial scaling, an IPO, and multiple acquisitions. Adam Geller is Zscaler's chief product officer, responsible for directing the company's product vision, innovation, design, and development, with a focus on Zero Trust architecture and integrations. Under his leadership, Zscaler has advanced its platform to incorporate -powered features for enhanced threat detection and (SASE) capabilities. Geller brings extensive experience from prior roles as CEO of Exabeam, where he developed SIEM solutions, and at , leading product lines in and cloud security. Mike Rich holds the position of chief revenue officer and president of global sales at Zscaler, driving the company's worldwide sales strategy and revenue growth. With more than 30 years in technology sales, Rich emphasizes building diverse teams and fostering customer-centric approaches to expand Zscaler's market presence across industries. Previously, as president of Americas at ServiceNow from 2011 to 2023, he scaled regional revenue from $500 million to over $6 billion while contributing to the company's overall growth from $80 million to $8 billion in annual revenue.

Board of Directors

Zscaler's comprises nine members as of November 2025, providing strategic oversight to the following its 2018 on . The board is led by Chairman , Zscaler's co-founder and , who has guided the company since its inception in 2007. Independent directors bring diverse expertise in technology, finance, and operations, including Charles Giancarlo, of and former executive of global corporate strategy at Systems; Karen Blasing, a four-time with prior roles at and Webroot; Eileen Naughton, former of product management at ; Scott Darling, managing director at Capital; David Schneider, general partner at ; Andrew Brown, of Sand Hill East; and James Beer, former of . In addition, Raj Judge, executive of corporate strategy and ventures at Zscaler, joined the board in May 2025. The board operates through three standing committees: the , chaired by Karen Blasing and including Andrew Brown and ; the Compensation Committee, chaired by Giancarlo and including Andrew Brown; and the Nominating and Committee, chaired by and including Eileen Naughton. These committees emphasize cybersecurity acumen, with several members holding deep experience in technology security and , alongside efforts to promote board , including two female directors representing key perspectives in and media. Governance practices include annual shareholder meetings to address key matters such as director elections and , regular environmental, social, and governance (ESG) reporting through the company's annual Corporate Responsibility Report, and adherence to NASDAQ's standards, including majority independent directors and annual committee charters.

Controversies and Legal Issues

Data Breaches and Security Incidents

In September 2025, Zscaler experienced a security incident stemming from the compromise of tokens associated with the and Drift third-party applications integrated with its environment. Attackers exploited these stolen tokens to gain unauthorized access to limited Salesforce data, including business contact information such as names, email addresses, job titles, phone numbers, and regional details for a large number of Zscaler customers, as well as product licensing information and plain-text support case metadata like case numbers, descriptions, and statuses. No attachments, files, or sensitive customer data within Zscaler's core platform were accessed, and there was no evidence of further misuse or impact on Zscaler's products, services, or infrastructure. The incident was part of a broader affecting over 700 organizations using the Drift integration with , highlighting vulnerabilities in dependencies. Zscaler's instance was targeted between August and September 2025, with the company detecting suspicious activity and confirming the scope by early September. While no core platform occurred, the exposure of customer underscored risks in third-party integrations. In October 2025, Zscaler responded to a disclosed security breach at F5 Networks by issuing guidance on related vulnerabilities, following F5's public announcement of a nation-state actor's that included the theft of BIG-IP and details on zero-day exploits. Zscaler's advisory emphasized the potential for exploits targeting F5 products, recommending immediate patching of over 40 identified vulnerabilities, such as CVE-2025-53868 and CVE-2025-60016, both with CVSS scores of 8.7. Through its Zscaler (ZIA) , Zscaler enabled automatic blocking of known and emerging exploits by inspecting inline , preventing unauthorized without requiring additional . Across both incidents, Zscaler implemented enhanced response measures, including the mandatory enforcement of (MFA) for all third-party integrations, rotation of tokens, and deployment of AI-enhanced monitoring to detect anomalous activities in real-time. The company conducted joint investigations with affected vendors like and collaborated with cybersecurity firms to review third-party risks, with no reported financial impact from these events. These actions reinforced Zscaler's zero trust architecture while drawing attention to persistent supply chain vulnerabilities in the cybersecurity sector.

Lawsuits and Regulatory Challenges

In 2023, Zscaler faced a class-action lawsuit under 's Private Attorneys General Act (PAGA) in Wenzel v. Zscaler, Inc., filed in Santa Clara County Superior Court. The suit, initiated by plaintiff Sandra Wenzel on behalf of affected employees, alleged that Zscaler systematically failed to reimburse employees for necessary business expenses, such as cell phone and internet costs incurred for work purposes, in violation of California Labor Code sections 2802 and related provisions. This failure effectively reduced employees' wages below legal minimums, particularly for those classified as exempt from . The case highlighted broader labor misclassification concerns, as the plaintiffs argued that certain roles did not qualify for exempt status under state law. The case was settled in early 2025, with final approval on March 17, 2025, without admission of liability. In 2024, Zscaler was sued for patent infringement by DataCloud Technologies LLC in the U.S. District Court for the Eastern District of Texas (Case No. 2:24-cv-00504). The complaint, filed on July 9, accused Zscaler's cloud security products, including its Android Client Connector app and related online security features, of infringing four patents owned by DataCloud: U.S. Patent Nos. 6,651,063; 7,209,959; 7,398,298; and 8,370,457. These patents cover technologies for data storage, user destination addressing, and efficient cloud-based data management, which DataCloud claimed Zscaler utilized without authorization in its Zero Trust platform. Zscaler responded by denying the infringement allegations in its answer and asserting that the patents are invalid due to prior art and obviousness, while also filing counterclaims challenging their enforceability. The case was settled and dismissed on December 11, 2024. By mid-2025, Zscaler encountered significant regulatory scrutiny over its AI data practices, particularly following announcements at its Zenith Live conference in June, where CEO highlighted the company's use of vast transaction logs to train models for threat detection. Reports emerged alleging that Zscaler processed up to half a daily logs—potentially including business data—for enhancement, raising concerns about violations under regulations like GDPR and potential unauthorized data sharing. Although no formal charges were filed by the or other agencies, the backlash prompted widespread debate on data ownership and transparency in -driven cybersecurity, leading Zscaler to issue a clarification in affirming that or is never used for external training and emphasizing data isolation within tenant boundaries. This response included updates to its to enhance disclosure on data handling, aiming to rebuild trust amid the controversy.