On any given day, our team of security professionals who comprise the OMES Oklahoma Cyber Command stay on top of up to 17 million potential threats ranging from phishing and credential compromise to ransomware and data breaches. Dedicated to securing the digital assets of the State of Oklahoma government, these members are also stewards of massive amounts of sensitive personal and healthcare data—from our more than 30,000 employees and the nearly 4 million state residents served by our more than 180 agencies.

Thanks to the Zscaler Zero Trust Exchange platform, we are successfully managing this high volume of threats and safeguarding the vital data we have been entrusted with. One of the Zscaler superpowers we have come to rely on is its integration capabilities. By working in sync with other components of our security stack, Zscaler has taken us to the next level of our security maturity and zero trust transformation.

Keep pace by unifying security

We know that the spiraling volume of threats will always be a challenge, especially now that cybercriminals are beginning to leverage AI for malicious purposes. When new security challenges emerge, we need to be able to respond at lightning speed.

Amid all the change and complexity in the security and technology landscape, I’m finding that the solution is to simplify and unify our security infrastructure. One of the ways we have done that is by taking full advantage of Zscaler’s powerful integration capabilities. When you work with a single unified platform, it almost forces efficiency, and it certainly aids in the ongoing battle most state governments face of having to do more with less.

Integrations provide a holistic view

One of the things that differentiates Zscaler from other solutions is its open application programming interface (API), which has made it easy to integrate with our existing security solutions. In our environment, we’ve found that Zscaler plays well with other core tools we rely on—namely CrowdStrike and Splunk—in how it shares threat intelligence data and coordinates protection and incident response. The ability to tie these security tools together increases telemetry and gives us the opportunity to stop lateral threats before they become bigger problems that could potentially affect our users and our citizens.

Zscaler-CrowdStrike integration curbs lateral threat movement

By sharing telemetry and threat intelligence data between the CrowdStrike platform and the Zscaler Zero Trust Exchange, access policies can automatically be adapted according to changing user context, device health, and newly detected threats, making investigation and response faster and more effective. For example, let’s say we know there’s an attack occurring—maybe the next SolarWinds or a user just installed a new, unauthorized app that has weakened the endpoint posture. With the Zscaler-CrowdStrike integration, CrowdStrike can detect the change and recalculate the Falcon Zero Trust Assessment (ZTA) score and share it with Zscaler. Based on the updated ZTA score, Zscaler policy control can automatically adapt to a stricter threshold to only allow access via a browser isolation session or even block the connection to protect against access to selected mission-critical applications. Furthermore, the sharing of telemetry and threat intelligence is key to expanded visibility of the threat landscape, from endpoint to applications. After all, it wouldn’t be efficient if one security system knows something is critically important and doesn’t share this with another security domain!

As an inline security cloud, Zscaler can intercept any unknown zero-day payloads before they reach an endpoint and share the telemetry with CrowdStrike. This helps us quickly assess the existence of any such zero-day payload in the entire endpoint environment and provides the basis for automated cross-platform response workflow. This helps stop threats from moving laterally into critical systems, such as a database server housing financial information.

Zscaler-Splunk integration provides a centralized view

The Zscaler-Splunk integration gives us extensive analytics for in-depth visibility into usage, access, and the overall environment. The analytics correlate data, helping us perform proactive threat hunting and investigations by enabling us to identify abnormal patterns. Zscaler’s data logs correspond to the same schema as Splunk, so it makes correlation searches easy.

Zscaler logs are sent via a secure HTTPS push and delivered to Splunk’s HTTP Event Collector reliably and securely. Once in Splunk, the logs are normalized, which allows correlation across all data sources, providing end-to-end visibility. Splunk’s robust analytics include risk-based alerting (RBA) and user and entity behavior analytics (UEBA).

The tight integration simplifies security operations by reducing the need for our team to constantly swivel from one security console to another to get the information they need. The Splunk analytics dashboard serves as the hub of this wheel of zero trust protection. It shows activity across the enterprise in real time, regardless of user location. As a result of the Zscaler-Splunk integration, our security operations team has experienced significant gains in speed and efficiency.

In the past, I would have needed three to five different solutions to accomplish what Zscaler and its integrations can do on their own. We would not be as far along our path to zero trust as we are now without a platform like the Zscaler Zero Trust Exchange to help us out. It has exponentially improved our cybersecurity, and I’m proud to be a part of the amazing things that my team does every day to protect our employees and our citizens.

Read the case study to learn more about the State of Oklahoma’s Zscaler Zero Trust Exchange deployment.