As more enterprises embrace cloud and hybrid environments, it is essential that remote work does not interfere with the security teams’ ability to detect threats and abnormal user behavior. We are committed to continually innovating the Securonix Next-Gen SIEM platform and partnering with leading solution providers to meet evolving customer demand. We are excited to announce a technology integration with Zscaler to meet the needs of our joint customers.
The new integration enhances enterprises’ security posture, providing advanced analytics within a zero trust architecture to allow security teams to detect and respond to threats faster. This relationship is one of many steps in how Securonix is redefining threat detection and response for today’s hybrid cloud, data-driven enterprises. Securonix Next-Gen SIEM is powered by the most advanced analytics which leverage behavior analytics technology to reduce noise, prioritize high-fidelity alerts, and speed threat resolution.
Securonix and Zscaler’s Joint Solution
As customers adopt Zscaler’s Zero Trust Framework it is important to extend visibility to the logs contained within. Securonix is able to leverage Zscaler’s data and apply advanced analytics to gain better insight into your users within a zero trust framework. Securonix provides customers who deploy Zscaler with advanced machine learning algorithms and user risk scoring giving you an understanding into how users are interacting with sensitive data. These algorithms identify deviations from normal behavior and stitch together disparate, often overlooked, events into a single threat for an accurate depiction of threats that have a real potential for negative impact.
Zscaler Cloud Nanolog Streaming Service (NSS) gives Securonix Next-Gen SIEM direct cloud-to-cloud log integration streaming. Cloud NSS consolidates logs from Zscaler for all users, globally, and pushes them into a central repository where administrators can view and mine transaction data by user, device, application, and location in real time. This integration makes it easier for Securonix Next-Gen SIEM to alert security teams to possible cyber threats without the hassle of standing up and maintaining on-premises NSS infrastructure to relay activity.
Figure 1: Securonix and Zscaler’s Integration
Figure 1 above demonstrates how the Securonix and Zscaler integration works. Zscaler gives users customizable and configurable filters (on criteria such as user, data type, etc.) so only relevant logs are sent to the Securonix SIEM. Then, logs are easily converted to the correct format without manual effort through a seamless integration.
Key Use Cases
Securonix offers over 120 out-of-the-box use cases to monitor Zscaler events for cyber threats. This includes monitoring for:
- Authentication anomalies
- Malicious inbound and outbound connections
- Suspicious application access
- Data exfiltration attempts
- Web traffic anomalies
- Phishing attempts
The Integration’s Combined Benefits
The Securonix and Zscaler partnership is driven by the mission to detect and respond to threats faster. The combined industry-leading technologies come together to provide substantial benefits to any organization.
It starts with a seamless, fast, and reliable integration that delivers cloud-to-cloud log streaming for high-definition telemetry. This log streaming is transmitted directly from the Zscaler environment to the Securonix Next-Gen SIEM over a reliable and secure HTTP connection to protect data in motion. Next, the combined solution greatly reduces risk with consistent threat detection and response, everywhere. The joint solution leverages advanced analytics from Securonix to provide real-time insights across all devices, users, and locations all from a single unified platform. These real-time insights optimize threat detection and properly prioritize them to make security teams more efficient. And lastly, organizations can optimize costs because Securonix and Zscaler both deliver cloud-native platforms that eliminate the need for appliances. Operational costs are also reduced by minimizing the need to deploy, manage, and monitor on-premises NSS virtual machines.