Table of Contents

• 1. Zscaler (ZS) — Detailed Earnings Review

  • a. Zscaler 101

  • b. Key Points & a Quick Reminder

  • c. Demand 

  • d. Profits & Margins

  • e. Balance Sheet

  • f. Annual Guidance & Valuation

  • g. Call & Release

  • h. Take

• 2. On Running (ONON) – Detailed Earnings Review

  • a. Key Points

  • b. Demand

  • c. Profits & Margins

  • d. Balance Sheet

  • e. Annual Guidance & Valuation

  • f. Call & Release

  • g. Take

1. Zscaler (ZS) — Detailed Earnings Review

a. Zscaler 101

Zscaler is a large player in network security. It competes with Palo Alto’s next-gen suite, Cloudflare and many others. Zscaler’s Zero Trust Everywhere (ZTE) is its latest and greatest cloud security approach. It was rebranded from Zero Trust Exchange this quarter.

ZTE blazes a trail between users, apps and devices across eligible networks — while securing data at rest and in motion. Zero Trust is exactly what it sounds like: never trusting a device or end user. The exchange vets and verifies all traffic as it moves within a company’s perimeter. It does not allow bad actors to breach the most vulnerable piece of infrastructure and freely move about it thereafter, without any subsequent verification. That’s called “lateral threat movement.” Zscaler uses risk scores to assess needed levels of security for requests. That makes sure it’s only creating user friction when there’s actual security concern.

This Zero Trust approach routinely cuts infrastructure costs for customers. How? By shrinking the attack surface down to grant permission to one app, one user and one piece of traffic at a time. Permissions are based on client policy.

ZTE replaces an antiquated firewall and virtual private network (VPN)-based philosophy in which every device & user within a perimeter gets perpetual and unconditional access. So? Zero Trust is safer, cheaper AND allows remote employees to responsibly work from anywhere.

Zscaler Network Security Definitions:

• Zscaler Internet Access (ZIA) (original product) protects internet connections. It’s the middleman between a user and a network that ensures proper authorization & access.

  • ZIA displaces legacy secure web gateways (SWGs) and firewalls from vendors like Blue Coat.

• Zscaler Private Access (ZPA) offers remote access to internal apps. This is an upgraded VPN by “connecting directly to required resources without public exposure,” per Zscaler filings.

• Zscaler Digital Experience (ZDX) ensures high quality and always-on performance of cloud apps. It sifts through networks to identify sources holding back performance to be fixed.

  • This includes application performance monitoring, some legacy endpoint monitoring tools and more.

• Zscaler for Users is the firm’s platform bundle that combines ZIA, ZPA and ZDX.

  • It’s now repurposing these products to expand into Zscaler for Workloads, Zscaler for the Internet of Things (IoT) etc.

• Unified Vulnerability Management (from its Avalor purchase). This offers a birds-eye-view to tag, assess and remediate vulnerabilities across all cloud environments and assets. It prioritizes all vulnerabilities and offers best course of action for remediation.

• Zero Trust Segmentation localizes and separates networks. This treats individual stores/factories/buildings as secure islands to prevent open sharing across locations. That lowers the risk of lateral threat movement and is a key part of ZS’s branch security offering. To expand its presence here, it purchased Airgap Networks for its location-level network security tools.

Zscaler Major GenAI Product Definitions: 

• Risk360 flags vulnerabilities and offers end-to-end risk quantification with intuitive next steps for remediation.

• Business Insights: Broad visibility into app usage, costs, needs and engagement. This helps minimize unneeded apps and licenses.

• ZDX Copilot is its GenAI assistant designed to detect and resolve network performance issues on its own.

Zscaler Major Data Product Definitions:

• Data security posture management (DSPM) is its tool for granularly tagging, organizing and protecting cloud-native data. 

• Data Loss Prevention (DLP) is its tool for guarding clients against data leakage or theft. This works for email, cloud, web, endpoints and more.

• Zscaler’s “emerging products” are all products outside of the Zscaler for Users umbrella.

More Sector-level Definitions:

• Secure Access Service Edge (SASE) provides an overarching suite of network security tools. Zscaler’s ZTE is considered a SASE-based platform, but SASE-based platforms are not necessarily zero trust-enabled. It provides access to users regardless of where they’re working.

• Virtual Private Cloud (VPC): These are subsections of public cloud environments. They offer users more autonomy with their network and apps. They also allow for secure connections between cloud and self-hosted (on-premise) environments with no public network exposure. This is especially key for highly regulated industries.

• Virtual Desktop Infrastructure (VDI): Allows software to be accessed on remote devices. ZTE ensures this is done safely and securely.

• Software-Defined Wide Area Networks (SD-WAN): Digital manager of network connectivity. It splits network hardware and software-based control. This cuts hardware and network costs, streamlines management & augments protection. This replaces Multi-protocol Label Switching (MPLS).

  • Unsurprisingly, ZS’s SD-WAN offering is zero trust-based.

  • Software-based management paired with Zscaler’s Zero Trust approach allows for seamless connection to remote branches, contractors and data centers.

• Firewall is a legacy form of network security that uses a fixed set of rules to authorize outbound and inbound traffic.

b. Key Points & a Quick Reminder

Subscribe to our premium content to read the rest.