Solutions > Partners > Splunk

Zscaler + Splunk

The best in cloud security meets the best in security analytics

Together, Splunk and Zscaler deliver a powerful, simplified, cloud native approach to zero trust. Our tightly integrated platforms provide unmatched security for the modern cloud-first enterprise.

The challenges

Complexity and risk

Complexity and risk

Complex legacy security architectures can't protect users outside your perimeter. Once on your network, users are implicitly trusted, potentially exposing sensitive data to malicious actors.

Visibility gaps

Visibility gaps

Siloed security tools and incomplete traffic inspection make it difficult for security teams to monitor threats and fully understand their security posture.

Lack of control

Lack of control

Security teams need coordination between their tools to keep protections updated as well as apply policies dynamically and consistently across environments.

The solution

Segment & authenticate

Segment and authenticate

  • Eliminate the attack surface and lateral movement
  • Continuously inspect and authenticate all traffic

Monitor and orchestrate

  • Coordinate security
  • Analyze behavior
  • Monitor risks
Reduce your attack surface with Zscaler

Reduce your attack surface with Zscaler

  • Eliminate app exposure to the internet: You can’t attack what you can’t see
  • Connect users directly to apps, not your network: Prevent data exposure, lateral movement, and connections to C2 servers
  • Proxy architecture, not a passthrough: Full content inspection, including SSL, holds and inspects unknown files before they reach their destination
  • Multitenant architecture: A cloud native, multitenant design delivers continuous security updates based on information from hundreds of billions of daily transactions
  • Security service edge (SSE): Policy is enforced as close as possible to every user
Maximize visibility and control with Splunk

Maximize visibility and control with Splunk

  • Centralized logging: Correlate and enrich Zscaler logs and dashboards with data from across your security stack, and monitor it all from a single pane of glass
  • Powerful analytics: Identify malicious activity with risk-based alerting and user and entity behavior analytics (UEBA)
  • Security orchestration: Leverage API-driven integrations between Splunk Phantom, Zscaler, and other security tools to automate and orchestrate policy changes, security controls, and real-time incident response
  • Zero trust analytics dashboards: Combine Zscaler data with other sources for real-time dynamic risk scoring and end-to-end visibility
Accelerate time-to-value

Accelerate time-to-value

  • Fast, reliable integration: Zscaler Internet Access, Nanolog Streaming Service, and Splunk Cloud work together seamlessly, normalizing and ingesting high-quality telemetry data directly into Splunk via HTTPS/443 with no middleware.
  • Simplified management: Logging requires no additional appliances, with direct cloud-to-cloud integration managed by Zscaler and Splunk.
  • Let security analysts focus on security: Spend more time preventing, investigating, and mitigating threats—and less administering logging pipelines.

Suggested resources


Threat Hunting with Zscaler and Splunk


Securing the Enterprise with Zscaler and Splunk


Achieve True Zero Trust with Zscaler and Splunk


Zscaler Splunk App Deployment Guide