Zscaler CEO Jay Chaudhry On ‘Reimagining’ Security Operations: ‘SIEM Goes Away’

In an interview with CRN, Chaudhry says the planned acquisition of Red Canary will help to propel the company toward achieving a different vision for security operations — with an offering that can displace traditional SIEM tools.

Zscaler’s planned acquisition of Red Canary will help to propel the company toward achieving a dramatically different vision for security operations — with a future offering that can displace traditional SIEM tools, Zscaler Founder and CEO Jay Chaudhry told CRN.

The deal for Red Canary, announced last week, is just the latest in a series of moves over the past year-and-a-half that have seen Zscaler laying the foundation for an expansion into the critical area of security operations (SecOps).

In an interview with CRN this week at Zscaler’s Zenith Live 2025 conference in Las Vegas, Chaudhry (pictured) called the SecOps push the second major time that the company has sought to reimagine a major segment of the cybersecurity market in its 17-year history. After doing so for secure access, “we’re now reimagining security operations,” he said. “It’s ripe for disruption.”

As a well-known player in MDR (managed detection and response), Red Canary has tremendous expertise and technology in SecOps that will massively accelerate Zscaler’s moves into the space, Chaudhry said, noting that “we don't intend to compete with MDRs.”

Instead, Zscaler plans to integrate the Red Canary technology with functionality from its acquisition of security data fabric provider Avalor in March 2024, to offer new SecOps capabilities such as threat management that can improve security outcomes while removing the need for traditional SIEM (security information and event management).

“In this world, the SIEM goes away,” Chaudhry said.

The acquisition of Red Canary, which includes $675 million in cash along with equity for employees, is expected to close in August.

Speaking with CRN, Chaudhry also discussed opportunities for partners with the company’s move into SecOps, the security risks from agentic AI and Zscaler’s rapid growth in data security.

What follows is an edited portion of CRN’s interview with Chaudhry.

What are your biggest goals for expanding into the security operations segment? How are you envisioning that?

We reimagined secure access on one side. We’re now reimagining security operations. It’s ripe for disruption. The No. 1 complaint I hear from CISOs is how expensive and inefficient their security operations are. And then they say, “You’ve got the most useful logs that are sitting out there.” They generally think we have 80 percent of the logs we need to do security operations. And without having to build a data lake and incur that cost, [because of our] architecture with data fabric, makes it pretty interesting.

In terms of platform consolidation, and bringing together all the different pieces you need for that, this would also be another big piece for Zscaler?

That's a big, big area. I often say, we only have had one North Star since the inception of the company. This is the second North Star. We don't just jump around — here, here, here. So you're seeing two [key areas] under that. One we call threat management. And second is exposure management. Exposure is looking at the risk overall, your external attack surface, your asset risk, your vulnerability management risk. That feeds to threat management and vice versa.

Is threat management, as far as how you're looking at it, comparable to what other vendors are trying to accomplish with SIEM?

In this world, the SIEM goes away. What Splunk didn't do well [is that] they built the data lake with great indexing technology, but there were no compelling applications on the top. They gave you scripting language, and this and that. There are no efficiencies with that. The world needs to be able to do that stuff a lot better. And people shouldn't be worried about building a [data] lake. If you ask people, “How much time do you spend on building a lake, and worrying about the storage and all this stuff?” It's too much time. We're coming from the application side of it and data fabric side of it.

What are the biggest differentiators you’re envisioning here from Palo Alto Networks and its XSIAM offering?

First of all, the logs of a zero trust, proxy-based architecture are very good. Firewall logs generally have a couple of problems. One, firewalls are not a proxy. Now, one could say, I can turn on a proxy. But if you turn on the proxy feature, your 20-gig firewall becomes 2-gig or less. So they don't turn it on. For the logs generally stored by people [from a] firewall, there are short logs and long logs. Most people keep short logs. Short logs mean date, time, source. It's not a whole lot, and you can't do much with it. So they don't have a good source of data. So that's one big thing. So in their case, they have to bring logs from different parties. We think we have most of the logs. That's one big advantage. The second is, in the past, people built data lakes [but] it was never a real fabric that got built as a product. So we are excited about the data fabric technology we have. It's not common out there to have this kind of technology. This is our pioneering effort.

The other interesting thing is, we’ve got most of the identity logs as well — because all communication, all authentication, goes through us. With Red Canary, we’ll get some very good agentic AI technology. And being an MDR company, they actually have people who know how a SOC [Security Operations Center] should work. Many times, vendors don't know. So we think that's going to help us. It accelerates our time to market.

So you're already working toward this with acquiring Avalor and building on their capabilities — but Red Canary is meant to get you that much faster?

Avalor was the first stepping stone. Then we proved, in the data fabric of Avalor, that I can build other applications like Risk360 asset exposure management using the fabric. And the next thing is naturally this kind of step. But there's a lot of application work in detection, engineering, investigation, remediation. That time, organically, would have taken longer. This cuts it down significantly.

So you are seeing Red Canary more as enabling a broader SOC transformation vision?

Exactly. We don't intend to compete with MDRs. It's akin to having a small professional services team, that teaches you how to do professional services. But we want our partners to do professional services. Our core team has been helpful when partners are coming up to speed. Many times, with large deployments, we provide one of our experts as a part of the deployment team, so the knowledge transfer happens.

In terms of agentic AI, what are your thoughts on the security risks as compared to the risks we’ve seen with GenAI?

Things are happening much faster [than with GenAI]. Agentic is far more powerful than GenAI, and the security becomes much harder. But, the industry steps up. The good thing is, the solutions can be discovered fast, too. My team has built technology where we can start detecting threats much faster than we could before. Now the challenge is, how quickly will enterprises embrace some of the newer stuff? Hackers have no inertia. Enterprises have inertia. The larger the enterprise, the more inertia they have. That's the main concern I have.

Where else are you seeing momentum that you’d want to highlight — perhaps in data security or in other areas?

Customers want one holistic solution with one set of policies applying — no matter what the data channel is, no matter where the data is. And we are there. So that's why we're seeing our data security growing at twice the rate of our overall growth rate. I think the overall thing I'm excited about is, synergy between our “zero trust everywhere” [approach] and what we are calling agentic operations. [The idea is to] leverage one to the other and provide closed loop feedback to deliver better security. If you discover something in my security operations, my signal goes to Zscaler private access, to stop access to this person, to this application right now.

As you’ve discussed before, you're saving costs for customers on top of modernizing their technology — do you see that as something more security vendors will try to achieve given the macroeconomic pressures?

It's pretty clear — better cyber with cost savings is what customers are clearly wanting. But when you are the incumbent in cyber, you can't do much. Otherwise, you'll be cannibalizing yourself. Even now, the biggest single area of spend for most enterprises is the firewalls. We go in there and say, if you're spending $20 million on firewalls and VPN, in two years, I'll bring it down to $6 [million] or $7 million. Our case is very compelling. But we’re in a unique position. Which security company actually saves money? Identity doesn't save money. [Active Directory] was free. EDR doesn't save money. Symantec and McAfee were at one-fifth the cost of what EDR is now charging.

Overall, what is your message to partners?

Partners have come a long way [in working] with us. Customers need help with transformation. And for every dollar a customer spends on Zscaler, there are probably $3 to $4 for a services opportunity. But partners need to spend some time discovering it and working with customers. Most customers tell me, ‘My deployment of Zscaler is slow because I don't have enough resources.’ So they need help. A partner should get involved there. So they should be thinking about making money from services by transforming [and] eliminating some of the old [technology] — which is good for the customers, good for partners and good for us.