Zscaler is proud to announce our zero trust partnership with Splunk, giving security analysts more ways to incorporate telemetry from our world-class Zero Trust Exchange into their workflows and strategies. Together, our tightly integrated, best-of-breed cloud security and security analytics platforms deliver unmatched zero trust capabilities for the modern, cloud-first enterprise.

Zero trust is based on the notion that a breach is inevitable or has likely already occurred, and therefore any and all access to resources should be limited to the least amount possible for users to be able to do their jobs. This involves segmentation, risk-based access controls, continuous authentication and monitoring, and dynamic coordination between security controls.

Citing guidance from the National Security Agency (NSA), “to be fully effective to minimize risk and enable robust and timely responses, zero trust principles and concepts must permeate most aspects of the network and its operations ecosystem.”

Zscaler and Splunk work together to do just that.

Zscaler’s cloud-native proxy architecture eliminates unnecessary exposure and provides rich data and increased visibility for the SecOps team. With a direct-to-cloud architecture, security teams can ensure that policy is being applied across every transaction; meanwhile, they get boosted insight into users, data, and apps. The zero trust benefits of Zscaler include:

• Zero attack surface – apps are never exposed to the internet; you can’t attack what you can’t see
• Direct connections to an app, not a network – segment of one, no exposure of any additional resources or data, no ability to move laterally or connect to C&C servers
• Proxy architecture, not pass-through – full content inspection including SSL; holds and inspects unknown files before reaching the endpoint
• Multi-tenant architecture – cloud-native, multi-tenant design; continuous security updates
• Secure Access Service Edge (SASE) – policy enforced at the edge in 150 DCs (SASE), peering in internet exchanges, hundreds of apps

Splunk, meanwhile, provides SecOps teams with centralized log ingestion and analytics to monitor and correlate activities across the entire security environment – including a direct cloud-to-cloud streaming ingestion of Zscaler logs and dashboards – and provides visibility into zero trust with a zero trust analytics dashboard. Further, Splunk Phantom can orchestrate policy, allowlist/denylist, and remediation actions using Zscaler’s API. Splunk delivers:

• Logging, normalization, correlation, and enrichment of data from your entire security infrastructure in Splunk including a direct cloud-to-cloud streaming ingestion of Zscaler logs and dashboards
• Robust analytics including Risk Based Alerting (RBA) and User and Entity Behavior Analysis (UEBA) to identify suspicious/malicious behaviors
• A centralized single pane of glass to remediate incidents
• Zero trust analytics dashboards that incorporate data from multiple sources, including Zscaler, to provide end-to-end visibility
• Automation and orchestration of triage, investigation, and response to stop threat actors before they can do damage
• Centralized security controls and policy management, which can be used to enact changes to the Zscaler platform in addition to other tools

Accelerate time-to-value with Cloud NSS log streaming

Cloud NSS is Zscaler's innovative new cloud-to-cloud data streaming service that makes it even faster and easier to deploy, manage, and scale log ingestion from Zscaler to Splunk Cloud. This service enables native ingestion of Zscaler’s rich cloud security telemetry to enrich investigation and threat hunting for cloud-first organizations – and is configurable in a matter of clicks. Splunk Cloud correlates the Zscaler telemetry with an organization’s other high-value data sources, providing full visibility into actionable data for investigations within one centralized console.

Zscaler’s cloud-native security architecture dramatically reduces the attack surface and provides full inline scanning and analytics, and sends high-resolution telemetry logs directly to Splunk using the cloud-to-cloud log streaming service. The Zscaler app for Splunk further allows for SecOps teams to visualize Zscaler’s threat protection with detailed dashboards and prebuilt queries. Customers benefit from:

• Fast, reliable integration: Get immediate visibility with pre-built integrations. Splunk and Zscaler work together seamlessly, with high-resolution telemetry data normalized and ingested directly into Splunk. Increase reliability and scalability by sending all logs directly to Splunk via the Splunk HTTP Event Collector with no middleware.
• Simplified Management: No additional appliances to manage for logging. Direct cloud-to-cloud integration is managed by Zscaler and Splunk. Let your analysts spend more time on preventing, investigating, and mitigating threats and less time on administering logging pipelines.

We are extremely excited to offer our customers the benefits of this partnership with Splunk, and look forward to continued collaboration on zero trust. To learn more, check out the Zscaler + Splunk solution brief. If you're already a Zscaler and Splunk customer, download the Zscaler App for Splunk from Splunkbase today.