Organizations face increasing cyberthreats in today’s digital landscape, making robust security measures a top priority. As a leader in cloud security, we offer a powerful feature in Zscaler Client Connector called Flow Logging, which enhances visibility, threat detection, and incident response capabilities. Let’s dive into the details of Flow Logging and how it contributes to a secure and efficient network environment.
“Let’s try excluding the traffic.” Does that sound familiar? If you’re in IT and have been in troubleshooting sessions or tried to get an application to work, you’ve probably tried it. With the massive increase in remote users and the rate at which IT needs to scale, you sometimes have to move corporate policies around to address top priorities.
Zscaler Client Connector is a software agent that provides secure access to the Zscaler Zero Trust Exchange platform. Flow Logging, available from Client Connector 4.0 onward, provides critical visibility into traffic not sent through Zscaler Internet Access or Zscaler Private Access (i.e., excluded traffic). For instance, if you need to exclude Microsoft Teams traffic from ZIA, Flow Logging ensures all Teams session connectivity is artificially logged to ZIA.
3 Key Benefits of Flow Logging
1. Enhanced visibility
Many customers are looking for ways to send only desired traffic through ZIA, but excluding traffic comes with a key downside: losing visibility of traffic and user activity. Flow Logging enables tracking of excluded traffic, giving security teams comprehensive visibility and deep insights into user activity, application usage, and data flows.
2. Threat detection and incident response
Security analysts can proactively monitor and detect malicious activities by leveraging the captured flow logs. With Flow Logging enabled, you can proactively track and correlate any malicious activity across endpoints and users, even for excluded traffic.
3. Troubleshooting and reporting
Flow logs are easy to filter and navigate in ZIA Analytics to assist with security investigations and network troubleshooting. By analyzing flow logs, IT teams can identify and resolve any events related to bypassed traffic. Reports are embedded in the Insights section and spread across all the Insights sections in the ZIA dashboard.
Easily, Flexible Configuration
Configuring Flow Logging takes just a couple of clicks. In the app profile, we’ve introduced a new section for enabling Flow Logging. Flow tracking is enabled per app profile, and an administrator can start or stop a flow based on your organization's needs and policies.
Admin can select specific flows:
- VPN: VPN connection (outer tunnel toward VPN server)
- VPN tunnel: Inner tunnel traffic (actual traffic flows within the VPN tunnel)
- Direct: Direct internet traffic
- Intranet: RFC 1918, IPv6 Intranet
- Loopback: Loopback IPv4 and IPv6
- Block traffic: T2 fallback option, drop IPv6 configuration, block due to strict enforcement mode, block due to disaster recovery configuration
Flow Logging, available through Zscaler Client Connector, offers your organization a powerful tool that enhances visibility, threat detection, and incident response capabilities for bypassed traffic. By capturing and analyzing detailed flow logs, you can gain key insights to proactively identify and mitigate security risks while facilitating audit, troubleshooting, and operational efficiency.
Incorporating Flow Logging into your security strategy can significantly strengthen your organization's defenses and ensure a secure, efficient network environment.