Splunk and Zscaler Utilize Data and Zero Trust to Eradicate Threats

Splunk is committed to using inclusive and unbiased language. This blog post might contain terminology that we no longer use. For more information on our updated terminology and our stance on biased language, please visit our blog post. We appreciate your understanding as we work towards making our community more inclusive for everyone.

T he past year has challenged us in unimaginable ways. We kept our distance for the greater good, while companies faced the daunting task of transforming their workforce from in-person to remote — practically overnight. This presented a unique challenge for cybersecurity teams. How would they ensure employees retained access to critical data in a secure way?

Working in the cloud has made remote work easier for many organizations, but has also presented new risks. In a cloud environment, users may bypass traditional security measures like VPN and identity and access management. This increases the risk of malicious content being introduced to the corporate network, and then proliferating across company infrastructure.

Digital transformation — along with other technologies and business initiatives — have since expanded the attack surface, compounding the need for a zero trust strategy. Zero trust is based on the premise that an attacker may already be in your environment, so you must treat every asset as breached, and all traffic as hostile. As organizations’ security perimeters dissolve — and the users, applications, devices, and data operate and move outside of traditional boundaries — the way in which we need to approach security has changed dramatically.

Our tightly integrated, best-of-breed cloud security and security analytics platforms deliver a cloud experience for the modern, cloud-first enterprise. With Zscaler, users and entities are given a secure, direct, authenticated connection to the applications they need — and only those. Metadata about that connection activity is ingested directly into Splunk, giving your security team visibility into everything from rich telemetry and dynamic integrated risk scoring, to intelligent monitoring and control access.

Zscaler replaces legacy networking and security architectures with a cloud-native proxy, creating a true zero trust architecture that eliminates unnecessary exposure and provides rich log and telemetry data, and increased visibility for security operations. With Zscaler’s secure access service edge (SASE) approach to security, the entire workforce is protected, regardless of location or device. Security teams can ensure that policy is being applied across every transaction, and they get additional insight into the behavior of users, data and apps. When a user does something abnormal like download a malicious file, click a malicious link, communicate with a C2 site or share sensitive data, their access is automatically blocked and captured in streaming logs — that way, security teams can identify bad actors within the system in record time.

Security logs are the lifeblood of effective analytics, and allow security teams to prevent, detect and mitigate threats throughout their environments. Real-time visibility is particularly critical to stopping adversaries before they can access sensitive data on the network or endpoints. Every second counts when integrating these data sources. Overburdened security teams must focus on finding and stopping threats, instead of relying on the operational and administrative overhead of building log pipelines.

That’s where Splunk comes in. Splunk provides centralized log ingestion and analytics to monitor and correlate activities across the entire security environment, including a direct cloud-to-cloud streaming ingestion of Zscaler logs and dashboards, and provides visibility into zero trust with a zero trust analytics dashboard. Splunk takes Zscaler logs, analyzes them and gives the customer a better understanding of what’s happening in their environment. Splunk Enterprise Security (ES) provides faster, more robust analytics with Risk Based Alerting (RBA) and User and Entity Behavior Analytics (UEBA). The API-level integration with Splunk Phantom enables automation and orchestration across triage, investigation, and response to take action within Zscaler and mitigate the proliferation of threats. The Splunk Security Analytics Platform delivers intelligence through data.

Getting Zscaler telemetry into Splunk is fast and easy with Zscaler Internet Access (ZIA) cloud-to-cloud log streaming. The direct integration between Zscaler and Splunk Cloud provides the “easy button” for log ingestion. Data is streamed securely and reliably over HTTPS. With Zscaler and Splunk, security teams can focus on security, not managing infrastructure. With this integration, actionable data is visible in a single console, reducing the need to pivot across disjointed point products during investigations.

We’re very excited to partner with Zscaler on this superior, cloud-to-cloud approach to security. We hope that you take advantage of this powerful integration to improve your zero trust maturity today.

To stay up to date on all things Zscaler and Splunk, head over to our Zscaler Global Strategic Partner Page. We’ll be updating this with all of the content that we create together.

----------------------------------------------------
Thanks!
Jane Wong