Book Image

Zscaler Cloud Security Essentials

By : Ravi Devarasetty

Book Image

Zscaler Cloud Security Essentials

By: Ravi Devarasetty

Overview of this book

Many organizations are moving away from on-premises solutions to simplify administration and reduce expensive hardware upgrades. This book uses real-world examples of deployments to help you explore Zscaler, an information security platform that offers cloud-based security for both web traffic and private enterprise applications. You'll start by understanding how Zscaler was born in the cloud, how it evolved into a mature product, and how it continues to do so with the addition of sophisticated features that are necessary to stay ahead in today's corporate environment. The book then covers Zscaler Internet Access and Zscaler Private Access architectures in detail, before moving on to show you how to map future security requirements to ZIA features and transition your business applications to ZPA. As you make progress, you'll get to grips with all the essential features needed to architect a customized security solution and support it. Finally, you'll find out how to troubleshoot the newly implemented ZIA and ZPA solutions and make them work efficiently for your enterprise. By the end of this Zscaler book, you'll have developed the skills to design, deploy, implement, and support a customized Zscaler security solution.

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the color images

Conventions used

Section 1: Zscaler for Modern Enterprise Internet Security

Section 1: Zscaler for Modern Enterprise Internet Security

Free Chapter

Chapter 1: Security for the Modern Enterprise with Zscaler

Chapter 1: Security for the Modern Enterprise with Zscaler

Fundamental definitions in security

Understanding the evolution of the modern enterprise and its workforce

Exploring the need for scalable, cloud-based security

Using Zscaler Internet Access for a safe and secure internet experience

Using Zscaler Private Access for secure application access

Chapter 2: Understanding the Modular Zscaler Architecture

Chapter 2: Understanding the Modular Zscaler Architecture

Introducing the Zscaler cloud architecture

Understanding the CA – where the core resides

Using Zscaler PSEs – where the policies are applied and enforced

Monitoring user and application activity using Nanolog clusters

Protecting enterprise users and infrastructure with Sandbox

Further reading

Chapter 3: Delving into ZIA Policy Features

Chapter 3: Delving into ZIA Policy Features

Technical requirements

Understanding the ZIA Web policy

Exploring the ZIA Mobile policy

Learning about the ZIA Firewall policy

Order of policy enforcement

Further reading

Chapter 4: Understanding Traffic Forwarding and User Authentication Options

Chapter 4: Understanding Traffic Forwarding and User Authentication Options

Technical requirements

Understanding traffic forwarding

Exploring ZCC internet traffic forwarding

Evaluating user authentication options

Further reading

Chapter 5: Architecting and Implementing Your ZIA Solution

Chapter 5: Architecting and Implementing Your ZIA Solution

Analyzing the security posture of the enterprise

Creating a customized ZIA solution for the enterprise

Implementing the ZIA solution across the enterprise

Further reading

Chapter 6: Troubleshooting and Optimizing Your ZIA Solution

Chapter 6: Troubleshooting and Optimizing Your ZIA Solution

Technical requirements

Setting up proactive ticketing and alerts

Producing reports for management review

Generating custom widgets for the ZIA Dashboard

Creating a unified ZIA troubleshooting guide

Further reading

Section 2: Zero-Trust Network Access (ZTNA) for the Modern Enterprise

Section 2: Zero-Trust Network Access (ZTNA) for the Modern Enterprise

Chapter 7: Introducing ZTNA with Zscaler Private Access (ZPA)

Chapter 7: Introducing ZTNA with Zscaler Private Access (ZPA)

What is ZTNA and how does ZPA fit in to this?

Delving into the ZPA architecture

Exploring clientless ZPA solutions

Further reading

Chapter 8: Exploring the ZPA Admin Portal and Basic Configuration

Chapter 8: Exploring the ZPA Admin Portal and Basic Configuration

Navigating around the ZPA Admin Portal

Configuring the ZPA log servers for activity insights

Integrating with Azure AD and Okta for SSO

Configuring the ZCC app for ZPA

Further reading

Chapter 9: Using ZPA to Provide Secure Application Access

Chapter 9: Using ZPA to Provide Secure Application Access

Deploying App Connectors

Configuring ZPA applications

Exploring the best practices for enterprise deployments

Further reading

Chapter 10: Architecting and Troubleshooting Your ZPA Solution

Chapter 10: Architecting and Troubleshooting Your ZPA Solution

Architecting your ZPA solution

Troubleshooting your ZPA solution

Further reading

Assessments

Chapter 1 – Security for the Modern Enterprise with Zscaler

Chapter 2 – Understanding the Modular Zscaler Architecture

Chapter 3 – Delving into ZIA Policy Features

Chapter 4 – Understanding Traffic Forwarding and User Authentication Options

Chapter 5 – Architecting and Implementing Your ZIA Solution

Chapter 6 – Troubleshooting and Optimizing Your ZIA Solution

Chapter 7 – Introducing ZTNA with Zscaler Private Access (ZPA)

Chapter 8 – Exploring the ZPA Admin Portal and Basic Configuration

Chapter 9 – Using ZPA to Provide Secure Application Access

Chapter 10 – Architecting and Troubleshooting Your ZPA Solution

Other Books You May Enjoy

Other Books You May Enjoy

Packt is searching for authors like you

Leave a review - let other readers know what you think

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Using Zscaler Private Access for secure application access

Employees of the enterprise primarily work on the company applications that generate revenue, support customers, and grow the company business. These company applications have traditionally been custom-designed for the enterprise and hosted in data centers. With the expansion of the internet and public cloud providers, many enterprises are migrating their applications to the cloud. Employees need to securely connect to these applications in an effortless manner. Here, we will introduce the concept of private access.

What is Private Access?

In the previous sections, we looked at the security needed when the users are accessing the public internet. Many enterprises host their core business applications in a private data center or in the public cloud. Most of the time, the employees work on these business applications as part of their daily work duties.

In the past, we saw that most company employees go to their corporate location, access the business applications using their internal LAN and desktops, and then go home at the end of the day. But as we explained in the workforce shift, the following happened:

Business applications started to move to the cloud (web-based model).
Employees wanted flexibility in terms of where and when they worked.
The internet became the most popular and affordable transport platform.

Now, enterprises can't force their employees to go to a corporate location anymore. So, how do enterprises connect end users to the business applications without exposing either to the public internet? This is where Zscaler Private Access (ZPA) comes in.

How ZPA works

The primary use case for ZPA is to connect the end users and the business applications wherever they are, without even traversing the public internet. What ZPA does is use the internet as a transport medium and heavily leverages the Zscaler cloud.

While installing the service, an enterprise ZPA administrator does the following:

End users are identified based on their department or location.
Business applications that need to transition to ZPA are identified.
The end user access policy to business applications is created using business needs.
A small virtual machine called the App Connector is deployed near the business applications.

We can see this illustrated in the following diagram:

Figure 1.2 – Fundamental operation of ZPA ADD

Figure 1.2 – Fundamental operation of ZPA ADD

When the App Connectors boot up, they discover the business applications and register with the Zscaler cloud, stating that they are ready to serve the end users to provide access to end users. This communication happens over secure tunnels using the internet as the underlying transport mechanism.

When users log into their corporate devices, they authenticate with the ZCC application, as described earlier. Based on Step 3, their application access is provisioned and ready upon authentication, and this happens in a transparent manner for the end user. The end users do not have to do anything special.

When the end users initiate the business application natively or using a web-based interface, their request is handled by the nearest Zscaler cloud. The Zscaler cloud already knows where that business application resides from App Connector registration. The Zscaler cloud then brokers the connection between the end user and the App Connector in the most optimum and secure manner.

As you can see, from an end user perspective, all they must do is log into ZCC, and everything just works! The end users or the applications are never exposed to the internet. You cannot attack what you cannot see!

ZCC

We saw ZCC mentioned in both the previous sections, so let's clarify things here. ZCC can be used for just ZIA, just ZPA, or both ZIA and ZPA. Ideally, the enterprise would use the same authentication mechanism so that their end users do not have to log into ZCC twice – once for ZIA and once for ZPA – which would be very confusing. ZCC is a central tool in most Zscaler implementations and as we will see in later chapters, ZCC offers a lot of different configurations that provide flexibility to each enterprise situation.