Zscaler Cloud Security Essentials
eBook - ePub

Zscaler Cloud Security Essentials

Ravi Devarasetty

Share book
  1. 236 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Zscaler Cloud Security Essentials

Ravi Devarasetty

Book details
Book preview
Table of contents
Citations

About This Book

Harness the capabilities of Zscaler to deliver a secure, cloud-based, scalable web proxy and provide a zero-trust network access solution for private enterprise application access to end usersKey Features• Get up to speed with Zscaler without the need for expensive training• Implement Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) security solutions with real-world deployments• Find out how to choose the right options and features to architect a customized solution with ZscalerBook DescriptionMany organizations are moving away from on-premises solutions to simplify administration and reduce expensive hardware upgrades. This book uses real-world examples of deployments to help you explore Zscaler, an information security platform that offers cloud-based security for both web traffic and private enterprise applications. You'll start by understanding how Zscaler was born in the cloud, how it evolved into a mature product, and how it continues to do so with the addition of sophisticated features that are necessary to stay ahead in today's corporate environment. The book then covers Zscaler Internet Access and Zscaler Private Access architectures in detail, before moving on to show you how to map future security requirements to ZIA features and transition your business applications to ZPA. As you make progress, you'll get to grips with all the essential features needed to architect a customized security solution and support it. Finally, you'll find out how to troubleshoot the newly implemented ZIA and ZPA solutions and make them work efficiently for your enterprise. By the end of this Zscaler book, you'll have developed the skills to design, deploy, implement, and support a customized Zscaler security solution. What you will learn• Understand the need for Zscaler in the modern enterprise• Study the fundamental architecture of the Zscaler cloud• Get to grips with the essential features of ZIA and ZPA• Find out how to architect a Zscaler solution• Discover best practices for deploying and implementing Zscaler solutions• Familiarize yourself with the tasks involved in the operational maintenance of the Zscaler solutionWho this book is forThis book is for security engineers, security architects, security managers, and security operations specialists who may be involved in transitioning to or from Zscaler or want to learn about deployment, implementation, and support of a Zscaler solution. Anyone looking to step into the ever-expanding world of zero-trust network access using the Zscaler solution will also find this book useful.

Frequently asked questions

How do I cancel my subscription?
Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is Zscaler Cloud Security Essentials an online PDF/ePUB?
Yes, you can access Zscaler Cloud Security Essentials by Ravi Devarasetty in PDF and/or ePUB format, as well as other popular books in Computer Science & Computer Networking. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Packt Publishing
Year
2021
ISBN
9781800567368
Edition
1
Topic
Computer Science
Subtopic
Computer Networking
Index
Computer Science

Section 1: Zscaler for Modern Enterprise Internet Security

In this part, you will learn about the need for security and how it needs to change as the modern enterprise and workforce evolves.
This section comprises the following chapters:
  • Chapter 1, Security for the Modern Enterprise with Zscaler
  • Chapter 2, Understanding the Modular Zscaler Architecture
  • Chapter 3, Delving into ZIA Policy Features
  • Chapter 4, Understanding Traffic Forwarding and User Authentication Options
  • Chapter 5, Architecting and Implementing Your ZIA Solution
  • Chapter 6, Troubleshooting and Optimizing Your ZIA Solution

Chapter 1: Security for the Modern Enterprise with Zscaler

In the past few years, there has been a momentous shift in the way modern enterprises have evolved. They have moved from a traditional hub-and-spoke, data center type of network to a cloud-based or anywhere-access type of network. The core locations have become more decentralized because the employees are now based in various geographies and the applications are migrating to the cloud.
When we look at the infrastructure itself, enterprises invest in a variety of products such as routers, switches, and firewalls to implement various functions such as authentication and security. These products very quickly reach end-of-life from a capacity and a vendor-support perspective. This, in turn, causes the enterprises to upgrade in a 3- to 5-year cycle where they must do a lift and shift of the entire hardware in their data center. This moves the enterprise expenditure from an OPEX to a CAPEX model, which is not desirable from a business and planning perspective.
In this chapter, we will see how Zscaler steps in as a cloud-based security solution. The ZIA product provides secure internet access and the ZPA product brings the geographically spread-out end users and enterprise applications together. They both provide the following benefits:
  • There are no upgrade cycles for the enterprise as Zscaler takes care of that.
  • There is a shift from CAPEX to OPEX, which enterprises like because of predictability.
  • An amazing user experience as users can access applications using the best path.
In this chapter, we are going to cover the following main topics:
  • Fundamental definitions in security
  • Shift of the modern enterprise and its workforce
  • The need for scalable, cloud-based security
  • Zscaler Internet Access (ZIA) for a safe and secure internet experience
  • Zscaler Private Access (ZPA) for a zero-trust private application access
Let's get started!

Fundamental definitions in security

In this section, we will define some commonly used internet and security terms that are applicable to this book. A detailed explanation of all internet and security concepts is outside the scope of this book. If you are already comfortable with these terms, you can skip ahead to the next section.

Active Directory

Active Directory is a directory service that was originally developed by Microsoft for the Windows environment and was released in 2000. It stores data such as users, groups, and devices. It has many components that assist the user to interact with the domain. Our focus in this book is to authenticate users against their credentials in Active Directory.

Authentication

Authentication is the process by which an end user, a computer, or a software application can prove its identity. This is typically done using a username and a password. The term multi-factor authentication (MFA) is gaining popularity today. MFA means that there is an additional item that is needed in addition to a username and a password. This could be a token number or a biometric such as a fingerprint or a retina scan.

Bad actors

A bad actor is, in general, a malicious party that is usually interested in the following:
  • Attacking legitimate users and businesses due to various motivations
  • Stealing sensitive and valuable information from individuals and businesses
  • Compromising infrastructure such as servers and using them for their needs
Next, we'll look at bandwidth.

Bandwidth

Bandwidth refers to the rate of data transfer over a network. It is typically measured in bits per second. The higher your bandwidth, the faster you can transfer your data across. The data being transferred could be an image, text, a video, or a combination of all three.

Certificate

A certificate is usually a small text file that can be used to establish the identity, authenticity, and reliability of a web server on the internet. Certificates are usually used to assure the confidence of end users trying to use the services of a website and to provide protection against malicious websites. Certificates are issued by certification authorities and they are usually tracked with creation and expiry dates.

DLP

Data Loss Prevention (DLP) is the prevention of loss of any kind of valuable or sensitive data. Valuable data may mean company proprietary formulas and business strategies. Sensitive information may be customer information such as social security numbers, credit card numbers, date of birth, and so on.

DNS

The Domain Name System (DNS) is a system that converts domain names (such as www.google.com) into IP addresses so that web browsers can translate customer requests into lower-level IP packets and carry on data transfer tasks, such as loading websites. The DNS is very crucial for internet security as bad actors can hijack these servers and have the end user traffic sent to their malicious web servers, instead of the legitimate ones.

Firewall

A firewall is a security device or application that monitors traffic through the network and applies security rules configured by the administrator to that network traffic. Firewalls are usually used as perimeter security devices by many organizations.

FTP

The File Transfer Protocol (FTP) is a network protocol (based on IETF standards) that is used primarily to transfer files between a client and a server across a network.

Identity Provider

An Identity Provider (IdP) is a system that creates and maintains identity information for end users or applications. When a company wants to authenticate an end user, they usually make a call to the IdP. An IdP is essentially an Authentication as a Service (AuthaaS).

Intrusion Prevention System

An Intrusion Prevention System (IPS) is a system that sits in the line of the network traffic and looks at possible malicious activity and blocks it. There are many types of IPS systems, with the most recent ones looking to leverage ar...

Table of contents