Solutions > Partners > Splunk

Zscaler + Splunk

The best in cloud security meets the best in security analytics.

Splunk and Zscaler have partnered to deliver a powerful, simplified, cloud-native approach to ZeroTrust. Our tightly integrated platforms provide unmatched security for the modern, cloud-first enterprise.

The challenges

Complexity and risk

Complexity and risk

Complex legacy security architectures cannot protect users outside the perimeter. Once on the network, users are implicitly trusted, potentially exposing sensitive data to malicious actors.

Visibility gaps

Visibility gaps

Siloed security tools and incomplete traffic inspection make it difficult for security teams to monitor threats and understand their true security posture.

Lack of control

Lack of control

Security teams require coordination between their security tools to keep protections updated and to apply policies dynamically and consistently across their environments.

The solution

Segment & authenticate

Segment & authenticate

  • Eliminate attack surface & lateral movement
  • Continuously inspect and authenticate all traffic

Monitor & orchestrate

  • Coordinate security
  • Analyze behavior
  • Monitor risks
Reduce your attack surface with Zscaler

Reduce your attack surface with Zscaler

  • Eliminate app exposure to the internet: You can’t attack what you can’t see
  • Connect users directly to an app, not a network: Prevent data exposure, lateral movement, and connections to C&C servers
  • Proxy architecture, not a passthrough: Full content inspection including SSL; holds and inspects unknown files before reaching the endpoint
  • Multitenant architecture: Cloud-native, multi-tenant design; continuous security updates based on information from 150B+ daily transactions
  • Secure Access Service Edge (SASE): Policy enforced at the edge, close to every user
Maximize visibility and control with Splunk

Maximize visibility and control with Splunk

  • Centralized logging: Correlate and enrich Zscaler logs and dashboards with data from across your security stack, and monitor it all from a single pane of glass
  • Powerful analytics: Risk Based Alerting (RBA) and User and Entity Behavior Analysis (UEBA) identify malicious behaviors
  • Security orchestration: API-driven integrations between Splunk Phantom, Zscaler, and other security tools enable automation and orchestration of policy changes, security controls, and incident response to stop threat actors before they can do damage
  • Zero trust analytics dashboards: Combine Zscaler data with other sources for real-time dynamic risk scoring and end-to-end visibility
Accelerate time-to-value

Accelerate time-to-value

  • Fast, reliable integration: Pre-built integrations between Zscaler ZIA, Cloud to Cloud Log Streaming, and Splunk Cloud work together seamlessly. High-resolution telemetry data is normalized and ingested directly into Splunk via HTTPS/443 with no middleware
  • Simplified management: No additional appliances to manage for logging. Direct cloud-to-cloud integration managed by Zscaler and Splunk.
  • Let security analysts focus on security: Spend more time on preventing, investigating, and mitigating threats—and less on administering logging pipelines.

Suggested resources


Threat Hunting with Zscaler and Splunk


Securing the Enterprise with Zscaler and Splunk


Achieve True Zero Trust with Zscaler and Splunk


Zscaler Splunk App Deployment Guide