The move to modernize security operations to keep up with the proliferation of complex, highly ephemeral apps and infrastructure has become more daunting than ever with the added explosion of remote work and the resulting acceleration of lift-and-shift and hybrid-cloud initiatives. With Sumo Logic’s cloud-native Continuous Intelligence Platform and Cloud SIEM, it’s now easier than ever to integrate with Zscaler’s Internet and Private Access platforms to gain visibility across your cloud apps with out-of-the-box content, respond in real time to correlated security incidents and monitor your ZTNA deployment. We’ve worked closely with Zsaler to deliver a simplified integration process, completely overhauled dashboards for ZIA and an all new Sumo App for ZPA to help security teams cost-effectively reduce risk and alert fatigue at the speed and scale required to protect your users and defend your apps from external threats.
At a high level, with these two new apps for Zscaler, you can now:
Monitor, alert and respond to incidents from across your security stack at scale using cloud-based services.
Correlate Zscaler Internet Access logs and events with data collected from other endpoint and security machine data to analyze behavioral patterns to identify anomalies and vulnerabilities, as well as the health and performance of your security architecture.
Audit and monitor your Zscaler Private Access deployments to assure compliance, avoid misconfigurations and maintain uptime for a seamless user experience.
Correlate blocked and allowed ZTNA traffic events from your Private Access deployments with user data and out-of-the-box threat intelligence for real-time, automated threat detection.
How does it work?
Collection
Sumo Logic has released separate apps for Zscaler Internet Access and Zscaler Private Access. The process of cloud-to-cloud log collection for each platform is slightly different, so we have provided instructions on how to configure each app separately:
App Use Cases
Let’s walk through some of the key use cases for these two new Zscaler apps for Sumo Logic. While Zscaler Internet and Private Access products are both geared towards securing your digital properties and workforce, the apps for Sumo Logic have slightly different use cases.
ZIA
The app for Zscaler Internet Access (ZIA) is primarily a tool for security ops teams, analysts and engineers to monitor, alert and respond to external threats.
Anomaly detection for blocked traffic and geographic hotspots
Identifying threats amongst benign traffic distributed across the globe has become a machine-scale problem. Sumo Logic has provided out-of-the-box dashboards that aggregate data from ZIA and perform outlier detection to reduce alert fatigue and provide valuable context to optimize the incident response process. The ZIA overview dashboard provides an excellent starting point for configuring alerts.
In addition, drill-down dashboards for blocked traffic are included for security analysts to deep dive into specific events.
Traffic Behavior Analysis
Another challenge that arises when attempting to secure modern applications at a large scale is analysis of allowed traffic patterns and trends to identify security events or incidents of interest. The Behavior dashboard analyses these traffic patterns in multiple dimensions with simplified time series visualizations that security engineers can leverage for alerting and response. Users can now easily intuit deviations from normal traffic patterns by user, content type, content category, super category and bandwidth.
File Classification, Threats and DNS Analysis
Detailed analytics and insights on threats is also made available through additional dashboards focused on classification of blocked files, URLs, server locations, threat categories, threat risks and individual transactions.
To learn more about these three dashboards, see our documentation on ZIA here.
ZPA
The app for Zscaler Private Access (ZPA) is a tool to help IT and Ops teams monitor and optimize their ZPA deployments to ensure a Zero Trust model without affecting user productivity. From a single dashboard, IT and Ops personnel can get immediate visibility into the health and performance of their ZPA deployment.
Connector Health and Performance Analytics
One of the primary challenges in implementing and operating a modern, large-scale Zero Trust Network Access (ZTNA) solution is avoiding end-user disruptions in productivity. If a connector is overloaded with traffic or stops responding, workforce productivity is immediately impacted. The Connector and Performance dashboards for the ZPA app provide operators with detailed analytics and insights into their distributed ZPA deployment.
Alerts can be configured to alert based on trends in connector performance in order to flag issues before they impact the end-user.
Auditing and User Activity Monitoring
While detailed auditing of any ZTNA deployment is useful, or even required, from a compliance perspective, it’s also an ideal way to track down operator misconfigurations or surface ways to optimize existing configurations based on end-user activity. In order to accommodate these use cases, we have provided an Audit and User Activity Dashboards.
Monitoring user activity can help drive policy updates or configuration changes based on real-time policy blocks and timeout blocks. We’ve also included a panel that correlates connection details with out-of-the-box threat intelligence to determine potentially malicious connection attempts.
To learn more about the content made available in the ZPA app for Sumo Logic, see our documentation here.
Get Started Now!
The Sumo Logic apps for Zscaler Internet and Private Access help security engineers gain visibility across their cloud apps with out-of-the-box content, respond in real time to correlated security incidents and monitor your Zero Trust Network Access deployments. Prebuilt dashboards combined with realtime alerts and correlated threat intelligence make it simple to monitor and identify anomalous activities, vulnerabilities and respond to security incidents.
To get started, check out the Sumo Logic Zscaler Internet Access and Zscaler Private Access documentation. If you don’t yet have a Sumo Logic account, you can sign up for a free trial today.
Additional Resources
For more great security-focused reads, check out the Sumo Logic blog.
Download the Sumo Logic Continuous Intelligence Report that quantitatively defines the state of the modern application stack and the shift in technology used by enterprises adopting Cloud and DevSecOps during the COVID-19 global pandemic.
Complete visibility for DevSecOps
Reduce downtime and move from reactive to proactive monitoring.