Zscaler + CrowdStrike
End-to-end protection from device to application secures work beyond the perimeter
Securing work beyond the perimeter
In the new work-from-anywhere reality, the perimeter has dissolved. Securing access to business applications must start with a zero trust architecture that takes user context, device posture, and access policy into consideration. Zscaler and CrowdStrike simplify security in a hybrid world.
Traditional security can't protect users outside your perimeter. Users on the network are implicitly trusted, which potentially grants them over-privileged access.
Disparate security tools are difficult to manage and make it challenging to derive timely insights from large amounts of data without context.
Siloed teams with multiple systems to support require a large investment in people to bridge the gaps and operate effectively.
Separate visibility and context between endpoint and network security teams can lead to unknown risks that take months to discover and investigate.
HOW IT WORKS
Adaptive zero trust access to all apps based on device health
The Zscaler Zero Trust Exchange™ and CrowdStrike integration lets security teams assess device health and automatically implement appropriate access policies.
Continuous device posture assessment using ZTA score:
Only users that meet the appropriate Zero Trust Assessment (ZTA) score threshold are allowed to access sensitive applications.
Increased security:
A real-time device compliance posture check enhances security in a work-from-anywhere world.
Threat intelligence and telemetry sharing
Cross-platform visibility:
Custom blocklists are automatically updated. Zscaler shares log files with CrowdStrike LogScale Services, enhancing mutual visibility without adding complexity.
Proactive threat prevention:
The Zero Trust Exchange blocks threats inline, leveraging new network data from CrowdStrike Falcon Threat Intelligence to prevent impact on endpoints.
Speed and agility:
Endpoint and network context enable speedy threat investigation for effective detection and decision-making.
Rapid zero day threat detection and remediation
Zscaler Sandbox intercepts unknown files before they reach endpoints. It detects zero-day threats, correlates with CrowdStrike telemetry to identify impacted devices, and enacts rapid response with a cross-platform quarantine workflow.
End-to-end visibility and rapid response:
Comprehensive network and endpoint platform visibility provides a complete view of the threat landscape. Automatic cross-platform correlation and workflow speeds up investigation and response.
Reduced risk:
Layered protection with Zscaler inline detection minimizes endpoint exposure to the network attack surface. Compromised endpoints are quickly quarantined to prevent lateral threat movement.
Threat intel sharing by Zscaler Deception
Zscaler Deception deploys decoys, lures, and honeypots to detect active threats and share the gathered threat intel with the CrowdStrike Falcon platform, enhancing defense and response capabilities.
Detect threats:
Zscaler Deception detects active threats and shares high-fidelity indicators and telemetry with CrowdStrike’s threat intel platform, enabling speedy response to stop active attacks in their tracks
Build workflows:
Driven by high-confidence alerts, administrators can leverage Falcon Fusion to build workflows and automate response actions.
Automated workflows with XDR-enabled sharing
Cross-platform visibility:
Sharing Zscaler network telemetry with Falcon InsightXDR provides enhanced context for detecting potential threats.
Proactive threat prevention:
Once a threat is detected, Falcon Fusion workflow engine triggers a request to Zscaler to add a user into a more restrictive user group. This enables the Zero Trust Exchange to apply a more stringent policy to limit critical application access, ranging from access by browser isolation only to quarantining the user altogether.
Speed and agility:
Endpoint and network context enable faster threat investigation for improved detection and decision-making.