Zscaler and Crowdstrike Integration with WWT
This article was created and contributed by Zscaler.
Challenges
Hybrid work is increasingly becoming the normal way of doing business. Employees are working from anywhere, partners and their devices are moving on and off the office network, and many applications once hosted in data centers are now moving to a public cloud or being replaced with software as a service (SaaS). The corporate network is becoming less relevant as more work takes place off of it, and gateway appliances designed to build a hard perimeter around it are now obsolete. Traditional solutions emphasized network security and often did not consider device posture prior to allowing access to network resources. But the prevalence of cloud adoption means IT can no longer control secure application access when relying on the castle-and-moat architectures of the past. There is a need to protect the user to application connectivity from end to end, regardless of where users are connecting from. Security teams have access to more data than ever and need tools that provide the right visibility into data with the right context at the right time. This requires security beyond the perimeter.
Solution
To secure work beyond the perimeter, most IT teams have begun adopting a Zero Trust model that has of three key criteria: identity, user device posture and access policies. These criteria are a means for establishing Zero Trust based on context and then adapting access rights as the context changes.
Together CrowdStrike and Zscaler are simplifying the adoption of Zero Trust for IT teams by providing an integrated end-to-end security solution — from endpoint to application — that gives administrators a real-time view of a device's security posture and bases access to critical applications on granular access policies. By sharing data between the CrowdStrike Falcon® sensor at the endpoint and the Zscaler Zero Trust Exchange™, access policies can automatically be adapted according to user context, device health and newly detected IOCs.
CrowdStrike Falcon Zero Trust Assessment (ZTA) provides continuous, real-time security and compliance checks for endpoints, making sure that authentication and authorization are granted only to devices with security posture as approved by the organization.
Zero Trust Exchange uses policy to securely connect users to the internet, SaaS or private apps. CrowdStrike provides a ZTA score, which is the device posture score, and also provides the ability to use threat intelligence so Zscaler can adaptively enforce policy to access applications or to block malicious URLs, IP addresses or domains inline via a custom blocklist. This enables a security administrator to initiate a quarantine action from Zscaler to the CrowdStrike Falcon platform and stop malware from spreading from the offending device. This bidirectional sharing across platforms of threat intelligence, increased visibility and automatic workflow helps organizations increase the timeliness and effectiveness of threat defense, detection and remediation.
As a part of the CrowdXDR Alliance, Zscaler integrates with CrowdStrike to share relevant Zscaler logs for improved end-to-end visibility with telemetry from endpoints, networks and cloud applications. This sharing of intelligence maximizes cross-platform effectiveness for accelerated investigations. CrowdStrike Falcon Fusion can trigger cross platform response workflow, enabling Zscaler Zero Trust Exchange to adapt flexible access policies with speed and efficacy.
In addition, Zscaler Deception deploys decoys on endpoints, networks, cloud and identity systems to provide high-fidelity alerts and telemetry of targeted attacks. It also provides dynamic attack scoring and enables administrators to initiate both orchestrated and manual containment requests to the CrowdStrike Falcon platform to prevent lateral movement from a compromised host in real time.
The benefits from the joint solution are not just limited to IT security alone. As businesses look to enable work-from-anywhere strategies, this joint solution makes it easier to provide users with safe, seamless and secure access to essential business applications for day-to-day employee activity. All of this can now be achieved on a foundation of Zero Trust.
See it in practice
WWT's CrowdStrike and Zscaler Integrated lab allows customers to get hands-on access to the integration between CrowdStrike's Falcon Platform, Zscaler Private Access and Zscaler Client Connector through relevant use cases. It seeks to showcase how the integration delivers users secure, conditional access to applications based on granular access policies while giving administrators a real-time view of a device's security posture.
The CrowdStrike Falcon platform is a cloud based solution that provides valuable insights regarding the individual processes, files and behaviors on endpoint devices. Also leveraged in this lab Zscaler Client Connector (ZCC) is an application that users have installed on their endpoints which enforces security policies and access controls. Finally Zscaler Private Access (ZPA) is used to create the security policies to provide zero trust access to internal corporate applications by applying the principles of least privilege to give users secure, direct connectivity while eliminating unauthorized access and lateral movement.
Use cases & capabilities
- End to end visibility
Zscaler brings complete visibility into network & user traffic. Crowdstrike brings complete visibility into endpoint devices. Our tight integration brings full visibility into everything going on from the endpoint to the application and beyond! - Zero Trust access control
Both Zscaler and Crowdstrike play vital roles when it comes to enabling a Zero Trust framework. Access control policies are enforced through Zscaler. Crowdstrike manages endpoint compliance. Together, we ensure only authorized and compliant devices are able to access applications. - Faster detection & remediation
Zscaler ThreatLab and Crowdstrike Falcon X share information with one another, while automating response and remediation. Customers enjoy full protection without the need for human interactions.