Episode twelve of the podcast, "Two Great Tastes That Taste Great Together," Zscaler & Vectra AI in the DoD, features Robert Marcoux, Federal Principal Technologist at Vectra AI, for a discussion on why traditional perimeter-based security no longer works in a world dominated by remote users, cloud services, and SaaS, and how Zero Trust has become essential. They explore how AI-driven signal analysis cuts through data noise, helping resource strained security teams detect threats faster and more accurately. The conversation also showcases how Vectra AI’s integration with Zscaler accelerates identity-centric detection and response, reducing MTTR by linking anomalous behavior directly to specific users and increasing visibility into attacks. Finally, the discussion emphasizes practical Zero Trust enforcement through a human in the loop model, combining AI-powered context with analyst oversight to maintain resilience across federal, defense, and critical infrastructure environments.
[Tom Tittermary]
We are back on video. I wasn't sure it was going to happen, and we haven't gotten the feedback from the first episode. So, you know, maybe this will be video, maybe this won't be video.
We'll find out later in the day. If it's not video, it's because the first one went horrible. But anyway, welcome to another episode of Zero Trust Given.
I always am one of your hosts, one Mr. Tom Tittermary. And with me today, I have always my amazing co-host, Tom Gianelos.
[Tom Gianelos]
Hey everybody, how's it going?
[Tom Tittermary]
Yeah, so here we are again today to have another conversation with you all about Zero Trust relative to the DOD, the civilian government, and the defense industrial base. Trying to take some of the signal that we can get out of a lot of the noise that's out in that space, take some really complex topics, and try to give you guys a little bit of actionable intelligence on the far side of that. With us today, we have an amazing guest with us.
[Robert Marcoux]
Hey everybody.
[Tom Tittermary]
We were chatting a little bit earlier on what we're going to talk about, as we always do. One Mr. Robert Marcoux from Vector AI. Robert, give me the opportunity to introduce yourself.
[Robert Marcoux]
Yes, I'm Robert Marcoux, pleasure to be here. I'm from Vector AI. We're excited to talk about our integration with Zscaler.
Today, we are a tool that is sort of like an AI heat map for your network to be able to detect threats and give you sort of places to look early warning-wise, things going sideways on your network and whatnot, and also a log reduction tool. So, happy to be here. Yeah.
[Tom Tittermary]
So, we spend a lot of time on the show talking about, we try not to make it Zscaler, Zscaler, Zscaler, but I feel like if people have listened to episodes, they have a decent understanding of what Zscaler is doing. On one side of the house from Zero Trust, we're doing the software SDP, software-defined perimeter protection, relative to that one side of the house. On the other side of the house, we're doing ZIA, which is really that I'm going to protect the user from everything that's out there in the Internet.
Right? I want to talk about where we're going together and the integrations we have together. Could you give a little bit of a breakdown relative to some of the things you're working on with Vectra, some of the value you're providing to customers, and some of the, not too deep in the weeds, but some of the specifics about how you all are doing that?
[Robert Marcoux]
Sure. So, I've been at Vectra about 10 years. I'm a federal technologist.
We work on a number of products across a number of the different federal silos, Zero Trust being primarily one of our big projects that we work on. The modern network is getting a lot of traction right now as a result of our sort of MQ prominence that we have in Gartner. But the modern network just dictates that everyone's a remote user.
The network presence is everywhere. There's no true perimeter anymore. So, just getting the stickiness between what is a boundary policy or a policy engine or a micro-segmentation engine with Vectra's complement of being able to pluck out things that are going sideways or help look at micro-segmentation policies to see if there are any leaky policies or things that are going on that are unexpected.
[Tom Tittermary]
Gotcha. So, to be able to take that ocean of data, the terabytes and petabytes of data that are out there, and to be able to parse that, leveraging the value of AI, which we were just talking about the last episode, to kind of take the needles out of that massive amount of hay that is there.
[Robert Marcoux]
Yes.
[Tom Tittermary]
And predominantly, you guys are working around the, if I say layer three or the underlay of the physical mapping of the network, that's predominantly the routes and paths that you guys are looking at from a data perspective?
[Robert Marcoux]
Absolutely. And then we take in log data as well. So, we're not just a packet tool.
People hear NDR, and they'll assume that we're just taking in raw packets. But we're actually stitching in log data. We're stitching in log data from endpoint.
We're stitching in the log data from Zscaler, as well as from Cloud Control Plane and other areas like Active Directory. Because once we get that context, we can deliver better signal. And I think we were talking earlier about it's not about having a huge, huge pile of hay.
It's having a really neatly compressed ball of hay that's smart, that has good data. Yeah.
[Tom Tittermary]
It's always fascinating to – AI has really changed the discussion around. I used to have a talk track that's too much data for me to do anything with or for humans to process and have meaningful effect against. I think there's a generation of really expert Splunk admins that have figured out how to write really interesting queries against Splunk that will bring back meaningful results with a specific purpose of turning that ocean of hay into that actionable intelligence, those key needles that you need to go out and perform the task against.
So moving on to, from a ZPA integration perspective, there's a lot of interesting stuff that Zscaler and Vectra AI are doing together. Can you speak to that little piece and then we can chat about that a little bit?
[Robert Marcoux]
Do you want me to lead?
[Tom Tittermary]
Absolutely.
[Robert Marcoux]
Yeah. So one of our customers in energy is using – in fact, we have several customers actually that are using ZPA with Vectra with tremendous results. The idea behind this is that not only – usually what Vectra does is we develop a notion of a host or an account and then we fire detections and pin them to those hosts or accounts.
With Zscaler, it makes it all the more easier because your account is your host. You are the host and the account at the same time. So regardless if it's your iPad or your remote office desktop or your government-owned laptop, we're going to be able to zero in on your identity and the things that you are doing.
And it's not about being accusatory, but it definitely gives us a belly button for things that are – that don't appear normal. You know, at 9 o'clock at night, we saw this. Do you have any idea why that would happen?
These are some of the kinds of things that our analysts can ask these questions of our – or their users because we have that sort of complementary Zscaler snap in.
[Tom Gianelos]
So Vectra is actually deriving the norms, right, and then calculating the deviations from those norms. Absolutely. Okay.
[Tom Tittermary]
Yeah. And specifically, so you guys are capturing and seeing traffic that's landing on Layer 3 initiated at a host.
[Robert Marcoux]
Yes.
[Tom Tittermary]
Right, and then being able to map that host across any number of interactions it has across that Layer 3 and then be able to figure out, all right, this is what this host is typically doing and then be able to map deviation against that to notify, hey, this is probably something strange that's going on in the environment.
[Robert Marcoux]
Yes, absolutely. And that can happen across on-prem, across cloud, multi-cloud, so whatever environment you're in, M365 as well.
[Tom Tittermary]
Yeah. Well, it's – I mean, it's a huge benefit for us. And, you know, I'm sure an outplay of this interaction is if you're able to determine, hey, I'm getting dodgy behavior out of this host, right, you're going to put a human in the middle or you're not, but when you take action against that specifically, if you hand that over to Zscaler, it's – from a ZPA perspective, it's pretty easy for us to say, I'm going to limit risk from that host by barring or changing access to individual applications until I figure out what's going on here.
[Robert Marcoux]
Yeah, it really allows our customers to zero in.
[Tom Tittermary]
Yeah, and you had mentioned one of the things that you guys are definitely getting out of this at the same time is, so you are collecting all that data and you're able to kind of figure out the network telemetry from an individual host, but the partnership with Zscaler is really helping also tie that back to identity.
[Robert Marcoux]
Absolutely.
[Tom Tittermary]
Okay. Just speak a little bit, maybe have an example.
[Robert Marcoux]
An example would be, so routinely what would happen in a traditional sort of remote or microsegmentation where you would have a policy engine at the core, you might have a device going through a gateway, and at that point, maybe your sensor is downstream from that gateway, and that gateway is – maybe it has a pool of addresses on the inside or maybe it's using port address translation. It's very difficult without going in and stitching through some log data to find out who owned that address or that port at that particular time whenever something went wrong. But with Zscaler, it makes it almost instantaneous.
[Tom Tittermary]
Yeah. So I think there's potentially value on both sides for a lot of these things, right? Because I think it's what we're talking about is, you know, MTTR in some way, it's like mean time to resolution relative to figuring out, all right, who's the identity behind this, you know, diversionary network traffic that I'm seeing in there, be able to tie that back to an identity.
But at the same time, on the Zscaler side, rather than have to go through and say, hey, for this identity, let me go fire firewall commands and routing commands across a wide variety of assets to limit access, I can almost just – it's almost like we were mentioning, it's almost like there's a big red button next to that ID.
[Robert Marcoux]
Yeah, I like that easy button.
[Tom Tittermary]
Yeah, where I can – so that the mean time to resolution between spotting the traffic that seems nonstandard and being able to limit the risk from that identity and from that host, one, I'm reducing the amount that it takes to actually isolate the identity on one side, and two, now that I know the identity, it drastically reduces the amount of time it takes me to remove that risk from the network by limiting that access.
[Robert Marcoux]
Absolutely. Yeah.
[Tom Tittermary]
And then also there's another newly emerging – we just had our Zenith Live a couple of weeks ago out in Vegas from Zscaler. There was a booth where folks from Vector AI were talking about a new integration that we have coming on that side of the house.
[Robert Marcoux]
Yeah, Brad was out there.
[Tom Tittermary]
So that's on the ZIA side of the house. So again, that's the part of the product from a Zscaler perspective where we're protecting users from resources you don't own. So rather than this SDP concept, software-defined perimeter – I got it right that time.
You did. Rather than this SDP context, this is for things that you don't own as an organization. So this is for the Internet, this is for public SaaS applications and how we're protecting that.
If you could speak to that new integration a little bit.
[Robert Marcoux]
Yeah, love to. Before this integration, there would be a blind spot in terms of what kind of visibility we could deliver. We couldn't apply our algorithms to any of that sort of data coming and going in the Internet traffic.
Now it functions almost like a network tap. So everything that's going out and coming in is also making its own little right-hand turn, and it's being run through Vector's algorithms. So we're providing you now with comprehensive coverage, not just east-west or things going in and out of the data center.
We have full C2 coverage as well as XFIL.
[Tom Tittermary]
So it's one of the interesting things that pops up. And, Tom, tell me if I'm right here right. How many customers have you had conversations with over time that wish that relative to what we're doing in Zscaler could also introduce a full packet capture?
[Tom Gianelos]
Most, if not all. Especially in our world.
[Tom Tittermary]
And in a lot of those cases when we end up walking the dog on that packet capture conversation, I think a lot of times they ask for packet capture because they're used to packet capture. And then there have been scenarios, and we need to make sure we obfuscate the heck out of this, because I don't want to put anybody's business out in the street. A lot of times where we've actually provided, delivered capability similar to that packet capture, the immediate response back is, whoa, whoa, whoa.
[Robert Marcoux]
We don't want this.
[Tom Tittermary]
I don't know if this is useful, given the amount of hay, the amount of data that's coming through the side.
[Robert Marcoux]
We've experienced the same thing in some areas. By the way, we have a product called Stream or a module called Stream, which allows you to send the data off unmolested. So not only you have Vectra looking at and applying its algorithms to all of the packets, but we can also send you the packet data unmolested so you can do your own things to it.
And what we find is it just adds more noise. And ultimately, you're being charged for all of this ingest. And ultimately, you're getting a better picture, a better heat map with what the AI is delivering you.
You find people that they just don't go to the PCAP as much as they used to. The data is getting better.
[Tom Tittermary]
Yeah. I would say just given the amount of data that's in there, if I'm going to have humans process it, I've seen the value shift for packet capture more to anatomy of a breach style.
[Robert Marcoux]
Yes.
[Tom Tittermary]
Investigations in order to come against it. All right. I need to know every nitinoid factor of every tiny piece of, not from a detection and response perspective, right, but I want to have the full story so that I can gain knowledge about the TTPs of the adversary relative to the breach.
[Robert Marcoux]
Right. And also so you can publish it so others can preventatively make, you know, take countermeasures.
[Tom Gianelos]
That's more of a forensic.
[Robert Marcoux]
Yeah. Indeed. Absolutely.
Right.
[Tom Tittermary]
Yeah. But what I'm understanding here is we have a comment on our side of the house where it's like, hey, I'd like full packet capture. We deliver full packet capture.
And they go, whoa, whoa, whoa. We thought we needed full packet capture. What we really wanted was, it sounds like exactly what we're talking about.
[Robert Marcoux]
Exactly, yes.
[Tom Tittermary]
Where I need an AI to get against this ocean of hay here and help me better parse needles, but I want to do that in the context of packet capture style data.
[Robert Marcoux]
Yes. And what I'm hearing back is we're taking full packet capture and making it more of a compliance decision rather than a security-related decision as it pertains to, like, real-time threat, right? So the spend is likely to be less on something that provides, you know, we just want to keep the data.
Because you're not going to – indexing that amount of PCAP is really painful.
[Tom Tittermary]
Yeah. What I think I'm hearing is anytime somebody comes to a Z-scale or, you know, to Z-scale and says, well, I need packet capture too, the option is I can route that data through vector AI. Add vector.
[Robert Marcoux]
Yes, send metadata off for threat hunt. Exactly. Full metadata off for threat hunt, not full packet capture.
We can do selective PCAP.
[Tom Tittermary]
Gotcha. Full metadata for threat hunt.
[Robert Marcoux]
Yes.
[Tom Tittermary]
Okay. Yeah, because it's funny. This hay conversation keeps – hay is for horses.
The number of times I've said hay on this podcast in the last couple of times, I apologize that I say hay so many times. I'm going to look right to camera and say I'm sorry. I need a different metaphor.
I haven't come up with one yet.
[Tom Gianelos]
We used ocean a lot.
[Tom Tittermary]
There's like a kissing frogs and finding princes thing in there somehow. Sure. But, like, yeah, it's – the hay and needles one significantly gets brought up.
And I think it's probably – I say it because people immediately recognize that you're getting overrun by a deluge of data.
[Robert Marcoux]
Yeah.
[Tom Tittermary]
And then people are waving fingers and pointing and saying it's an absolute critical nature that you find all of these needles in shorter and shorter time frames with the amount of hay increasing.
[Robert Marcoux]
I think it's also funny that the logs are the noise. People – I think because the industry, for the most part, the conversation has been dictated by Splunk, perhaps, is that the idea that you need to add more overhead to be able to get this full-on 360-degree visibility, and that's not true. What we're finding is you just need smarter data, better data, and that's what Vectra is able to do.
When I started this journey 10 years ago, I was trying to tell people they didn't need logs. Now, 10 years ago, they didn't want to believe that. In fact, it was heresy.
It was heresy. So we had to sort of pivot our messaging, but I really do feel like the timing is right now to talk about AI and what it can do to distill and condense the amount of log data that humans have to – you know, you think about it. You go to an airport, you go to the X-ray scanning machine, it's the first perimeter defense.
It's looking at the logs, essentially, and then humans get involved whenever something doesn't look quite right. That model is, I think, the model that scales better.
[Tom Tittermary]
I think there's a lot of confusion in a lot of cases between means and end. Like the logs are the means, but when we're talking about providing cyber protection, I mean, unless we're talking about compliance, then the logs are the ends, right? But in the context of NDR, in the context of providing cyber protection, the logs are the means, one of the means, by which we accomplish the end, which is effectively protecting networks, assets, data, right?
[Robert Marcoux]
Absolutely. Yeah.
[Tom Tittermary]
So it's, from a vector AI perspective, the ability to be able to arrive at the ends by utilizing AI to process the means is getting people the results faster in a lot of these cases. Okay. One of the – it's interesting, too, with specifically regard with the zero trust discussion.
Yes. We've talked about this as a bit of a fundamental pivot or shift, right?
[Robert Marcoux]
Mm-hmm.
[Tom Tittermary]
We say castle and moat. We say perimeter defense versus SDP or inside-out protection relative to, right? At the end of the day, if I'm building a brand-new company and I get to decide how I'm going to protect the network out the door, I don't think this landing on the far side of this pivot is really hard.
You just pick the tools that land on the far side of the pivot. Everyone that I've talked to is I'm walking to a gray field architecture where I need to manage kind of the old – I don't want to say old. I don't want to say legacy because any of those will sound negative, right?
Like these technologies have provided adequate protection for a decade or better. I don't see the way that things are pivoting that way going forward.
[Robert Marcoux]
No.
[Tom Tittermary]
Right? Where the logs of layer three are used as the baseline for the protection of applications, assets, networks.
[Robert Marcoux]
Right. It can't be. It can't be.
No.
[Tom Tittermary]
Yeah. So what I'm hearing is if Zscaler – you guys are providing that insight with AI introduced into that piece of the puzzle.
[Robert Marcoux]
Right.
[Tom Tittermary]
Networking. Because that's always going to be there, and I don't see it ever not being there. No.
[Robert Marcoux]
Right?
[Tom Tittermary]
And yet at the other side of things, we could talk about also protecting in that layer seven category of – you guys are – maybe the cleanest way to say this is – and I'm sorry. I just took four minutes of everybody's time to get here. You guys are underlay protection, and we are overlay protection.
[Robert Marcoux]
Correct.
[Tom Tittermary]
Yeah.
[Robert Marcoux]
Yeah. Absolutely. In terms of zero trust, you're enforcement, containment, right?
Making sure that things – if I'm a user, I log in, I have a Zscaler agent, I'm making sure that I stay within the boundaries of what I'm allowed to do. Like the things that I can touch. And then if things are leaky or if there's noncompliance on a host where we're seeing or observing behaviors that are not consistent with what we've observed from that account or that host, we're going to flag those things.
[Tom Tittermary]
Yeah. And I think it's – we were – in terms of reducing the total amount of hay, in terms of actually getting needles from hay, signal from noise, I think you guys are uniquely positioned from what I've heard to be able to do that on the individual network side. Also, I think from – if I talk – if I look at zero trust wide area and I look at how the hay is changing, right, there's always – there's never not going to be value in being able to parse through all of that individual layer three network traffic.
I'm seeing a greater focus now on aspects individually of host posture, right? And you guys out there, imagine the four vendors off the top of your head. Imagine how you're using that data relative to the protection of your environments.
I'm seeing a major pin around identity. And I'm seeing more of a pin around additional attributes that I can associate with individuals around the identity that might have to do with who they are, where they are, et cetera, in those categories. Rather than what are the packets that are traversing the network today.
[Robert Marcoux]
Right. We call them host artifacts or account artifacts. We're looking for those things.
We're pinning them to hosts. We're sprinkling in context. And forgive me if I'm going off on a tangent here.
But I think also when I started this out, if you're making this about detections, you're going to find that a lot of people are going to stare at you with cross arms. Where the value comes, especially when you're talking to a lot of Fed leaders, every detection is a one-on-one. So honestly, the idea that we can fire these detections or provide this meantime, maybe they need to see where the proof lies.
[Tom Gianelos]
We often talk about like PEPs or PDPs. So the policy enforcement policy decisions. So I know you guys are now a decision point, right?
In a sense.
[Robert Marcoux]
You can decide what's better and different. And that's where I was trying to go with that. It's like the Kipling method.
I talk a little bit about that. It's kind of a chicken or egg thing where people want to put the tools first. But you actually need to build like a comp plan or understand what does this user.
Because there's this concept of like observed privilege versus granted privilege. I may be a domain administrator. I may have all the keys to the castle.
But over the course of a year, I work on specific projects that only cause me to interact in certain ways with certain things. Now, if I deviate from that, we'll be able to flag that, right? So that's one thing that we kind of track in the abstract.
[Tom Gianelos]
And when you say flag, does that mean you can actually take an action to stop?
[Robert Marcoux]
So our ability to take dynamic actions. I mean, you know what's funny is just like you guys get a lot of questions about. We want full PCAP.
And then when they get it, they're like, we don't want it. I really believe that dynamic, any dynamic actions at all, dynamic enforcement. Yeah, they want to see it, but they never ever turn it on.
I mean, if you're honest with someone and say. Yeah, if you're honest with someone and say, do you really want this machine to turn off this connection automatically based on like condition A, B and C all marrying up together without failure? They find often that what that does is break things that they don't otherwise want to break.
So it's usually left to a human to do, which I think is, you know, I mean, it's the way the military still does it. We just don't trust machines to that degree, not because we feel like they'll make a mistake in a bad way, but because they're likely to do a self-imposed denial of service.
[Tom Tittermary]
So we want to circle back into changing the type of hay. And I think maybe where I was trying to lean is, you know, the context.
[Robert Marcoux]
So because we're getting packets and logs, and that includes logs from Zscaler, the context that we provide is more relevant and more important, actually, than the detection itself. You're going to have a host firing off crazy detections and have an analyst click on it and look at details for that host and say, oh, yeah, I know what this host is. Based on the detection profile and based on what I've seen this host or account do, I know what this is.
It makes it a lot easier to understand.
[Tom Tittermary]
Yeah, it's interesting. So we're talking about different types of hay. It sounds like you guys are on the receiving end of both of those types of hay and have AI models that can provide context on both sides of that equation.
[Robert Marcoux]
Absolutely. Okay.
[Tom Tittermary]
I mean, pretty massive value there. I would agree that that's probably where things should be going. So, like, at the very high level, you've got that protection in the door of a user never gets to see the front door of an application until they basically validate through the Zscaler service.
Right. And then when they do, by policy, then they get to the front door. And then on the other side of things, if the user is not utilizing Zscaler to get to an individual application but they're sitting on the network, you guys are able to see every individual interaction.
[Robert Marcoux]
Correct.
[Tom Tittermary]
Of that user relative to that network. So I've got, it sounds like I've got all the routes and paths covered.
[Robert Marcoux]
Yes.
[Tom Tittermary]
And then on the far side of that, even also, you guys are able to ingest the Zscaler logs, doing a much faster translation of network activity to identity.
[Robert Marcoux]
Yes.
[Tom Tittermary]
And host ID so that we can get to that meantime resolution a lot faster.
[Robert Marcoux]
With, instead of saying, so SIEM doesn't own, can I just go start from there?
[Tom Gianelos]
Yeah.
[Robert Marcoux]
So in just about every case, SIEM does not own the data that it ultimately consumes back and then kind of runs its magic on whatever it might be, call it analytics, call it whatever. Whereas when you deploy Vectra, you're deploying our sensors, we're actually running the analytics on the data in use as it's in transit, as packets traverse the sensor. So it doesn't even, I know it might seem like it's low latency or whatever, but there is a difference between looking at that traffic in use versus having it on a data store and then running analytics against it, if that makes sense.
[Tom Gianelos]
Oh, absolutely.
[Robert Marcoux]
Okay.
[Tom Gianelos]
So where do these sensors live?
[Robert Marcoux]
They can live just about anywhere, actually. So obviously let's start with the big beast in the room is for high throughput, because really for Vectra, we want to get east, west and north, south. So we need to be at the core of the network in those choke points.
A lot of times they can be high throughput networks. So we have hardware to accommodate that. If you want to do sort of a hybrid, we can deploy virtualized sensors in your virtualized infrastructure, whether that's in the cloud or in your data center or both.
So, yeah, it can be virtual, physical, but ideally we want to start at the core and build out from there.
[Tom Tittermary]
Makes sense.
[Robert Marcoux]
Okay.
[Tom Tittermary]
Yeah. Physical, virtual sensors?
[Robert Marcoux]
Physical and virtual. Yeah, yeah. And cloud-based as well.
So we have Azure, so you can monitor Azure workloads.
[Tom Tittermary]
Let me get physical sensors in the cloud. Yeah. GCP.
There you go. Yeah. Yeah.
One of the other topics I know that we wanted to, we were chatting about, chatting about what we were going to chat about. It's interesting. I think that a lot of people got their first big notification, boom of Zscaler, landed on things in COVID, where so many people immediately started working from home.
And suddenly people that are protecting networks realize, in order for me to stay in business with all these people working from home, I need a new methodology, because these people aren't within my walls and within my boundary. And VPN use exploded. A lot of people had a very interesting time doing that.
And then Zscaler, I think we increased capacity like 300 percent in six months because there was such a clean use case for that remote user and the protection there. Part of something that we, that pops up in conversation periodically, I'm not seeing a drive towards furthered and continue remote work, you know, politically, culturally.
[Robert Marcoux]
That's disappointing.
[Tom Tittermary]
I'm seeing, right? I am seeing more of a drive of bringing people back to and inside the office. I was just wondering from your perspective on how you've seen things, how is that kind of changing the conversations you're having?
[Robert Marcoux]
The good news is, well, I think that for some cyber analysts, there's still some remote opportunities, even within Fed. I haven't experienced a full-on return to work in all of my customers. But the good news is the modern network is remote everywhere anyway.
There's SAS products, there's M365, there's cloud. It's not that traditional moat and castle perimeter that you're used to seeing. So Zscaler is a great product for micro segmentation, isolation, containment.
We still have many customers that leverage it for that purpose east-west as well.
[Tom Tittermary]
I am seeing me covering and managing all the engineers for Zscaler for DoD. There was less of a pivot and shift around on-prem and off-prem for reasons that people could probably imagine, right? Across the rest of the business, I think what's interesting about this is the off-prem users, the remote users, really triggered a lot of the utilization of things like Zscaler.
And then people started realizing a lot of the value about doing it that way instead, about I don't trust the underlying network. And it kind of meshed with a lot of the zero-trust things, where even though users are now back on-prem, the value of being able to associate host-posture identity rather than just, hey, they're all in the network. They must be good, right?
I think a lot of that kind of instinct around what feels safe changed.
[Robert Marcoux]
Really, that good housekeeping transitioned into on-prem. Yeah.
[Tom Tittermary]
But yeah, so just in terms of I've seen the – I have seen more talk, if I'm looking at civilian and defense industrial base especially. I'm definitely seeing more of a drive of back-to-office. But it's interesting.
I think that Zscaler for the remote user, from a vector AI perspective, if you're not putting physical or remote sensors out on their home network. So there's another place where that marriage works, where I think in the remote user case that Zscaler is basically managing all those places that are not the corporate or mission or entity network. But they're also protecting those connections outside.
But then, especially now with more people coming back to the office, there's an opportunity to marry that together more. Because we're getting to see more of the same. There's kind of a double opportunity when that user is back in the office of our ability to partner with you and manage your sensor traffic and what you're seeing along with what we have implemented over on our side from a policy perspective.
[Robert Marcoux]
Absolutely. When customers ask us about Zero Trust, we talk about Vector Zscaler better together for that specific purpose.
[Tom Tittermary]
Hey everybody, thank you for listening to another episode of Zero Trust Given. As always, I'd like to thank my incredible co-host, Tom Giannullis. Thank you, Tom.
Yeah, and also I'd like to thank Robert Marcoux.
[Robert Marcoux]
Appreciate it.
[Tom Tittermary]
Specifically for Vector AI.
[Robert Marcoux]
Thanks everyone.
[Tom Tittermary]
Anybody that's, any feedback that you have on the show, please don't forget, zerotrustsgiven at gmail.com. Trusts with an S, zerotrustgiven at gmail.com is where we would love you to send feedback. If you can engage with us either there or through some of the Zscaler posts that we have on LinkedIn and others where we post the content for the shows.
We'd love to hear back from you. If you also have any feedback for the show or a question that you think might be interesting for us to read on the show and address on the show, a topic of conversation, we're most likely, we're definitely going to find a goody bag from a Zscaler perspective to be able to get out to you from that perspective. But again, Tom, Robert, thank you guys so much.
[Robert Marcoux]
Appreciate you.
[Tom Tittermary]
See you next time, folks. See you.