Zscaler

What is Zscaler?

Zscaler is a cloud-native Zero Trust security platform built on a Security Service Edge (SSE) and SASE architecture, designed to replace traditional network security approaches that rely on firewalls and VPNs. All user traffic, whether destined for the internet, SaaS applications, or internal private applications, is routed through Zscaler's globally distributed cloud, where it is inspected for threats, policy violations, and sensitive data before being forwarded to its destination. This architecture means that security policies follow the user regardless of their location, and there is no need to backhaul remote traffic through a corporate data center. Zscaler's inspection capabilities cover SSL/TLS traffic at scale, malware sandboxing, data loss prevention, cloud access security brokering, and DNS security. The detailed transaction logs generated by the platform provide a comprehensive record of every connection made by every user, which is valuable for security investigations involving suspicious outbound activity.

How does Zscaler work with Qevlar?

Qevlar integrates with Zscaler to retrieve network traffic logs and security events during investigations. When an alert involves suspicious outbound connections, data exfiltration indicators, or policy violations, Qevlar can query Zscaler logs to identify the specific transactions involved, the user and device behind them, and whether the traffic matches known malicious patterns.