Solved

Zscaler

Posted on 2014-01-13
12
1,933 Views
Last Modified: 2014-01-28
Hi;
I am new to world of cloud security.. can someone please shine some light on how security is rendered to enterprise w/ zscaler?

Thanks;
0
Comment
Question by:totaram
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
12 Comments
 
LVL 1

Expert Comment

by:jawafa
ID: 39778173
zscaler works as a proxy. This means that your computer sends all Internet traffic to/from the Zscaler systems. So, when you type a url in your browser (ex: www.google.com) That request is sent from your computer to the Zscaler systems. They then connect to the servers, send the request, and receive the response. The Zscaler systems then inspect the response to ensure it is safe and meets corporate policies before sending it to your computer.

Zscaler does this on an enterprise level by acting as a proxy for all computers in the environment. This can include gateway devices like a firewall, router, etc as well.
0
 

Author Comment

by:totaram
ID: 39779786
Thanks Jawafa;
What I do not understand is role of GRE tunnels, can you please explain that piece?
0
 
LVL 1

Assisted Solution

by:jawafa
jawafa earned 200 total points
ID: 39779862
GRE stands for Generic Tunnel Encapsulation. In short an encapsulation protocol takes existing network packets, encapsulates it into another network packet and then sends it to a new destination. This new destination receives the encapsulated packet, unpackages it to the original packet, and then processes the original packet on.

In this case, GRE takes the original network traffic and encapsulates it into another packet then sends this new packet to Zscaler Cloud. This is done at the firewall so that no reconfiguration of any single machine needs to be done. Once this encapsulated packet is received Zscaler unencapsulates the packet and then processes the original packet through their Zscaler Cloud systems. Once the response is received from the Internet then Zscaler Cloud will then encapsulate the traffic using GRE and then send it back to your firewall which will unencapsulate the traffic and process the response appropriately.

The plus of using a GRE tunnel is that all traffic from the enterprise environment will be directed to the Zscaler Cloud service. The downside is that anyone outside the corporate environment, think mobile users, will not be using Zscaler.
0
IoT Devices - Fast, Cheap or Secure…Pick Two

The IoT market is growing at a rapid pace and manufacturers are under pressure to quickly provide new products. Can you be sure that your devices do what they're supposed to do, while still being secure?

 

Author Comment

by:totaram
ID: 39779926
If mobile/smartphone users do not go through GRE tunnel, does it mean that the mobile security is less stringent than the enterprise zscaler security?
0
 
LVL 1

Assisted Solution

by:jawafa
jawafa earned 200 total points
ID: 39780022
The only network connections that are going to go through a GRE Tunnel are those that are connected to the corporate network. So, if a mobile device, phone or tablet, is using the corporate network, via wireless for example, then it will us the GRE Tunnel and be secured. However, it the mobile device uses a cellular connection (ex: 3G, 4G, etc) then it will not go through the GRE Tunnel to Zscaler.

This means that any mobile device that is not using the corporate network for communication to the internet will not benefit from Zscaler services.
0
 

Author Comment

by:totaram
ID: 39780059
Ok.. so for GRE tunnels we need to use the enterprise resources.. but can laptops, iPhones and other smartphones be configured to use Zscaler as a proxy, if we do not connect it using as VPN?
0
 
LVL 1

Expert Comment

by:jawafa
ID: 39780122
I know Zscaler offers the service, but I do not about your relationship with them. That would be a question for Zscaler.
0
 

Author Comment

by:totaram
ID: 39780970
Thanks Jwata; now that we are @ this topic, can you please let me know what is bluecoat filter... I see it quite a bit in ref to zscaler...
0
 
LVL 1

Expert Comment

by:jawafa
ID: 39782516
Bluecoat is an appliance based proxy that one can install into their network. This appliance then proxies all appropriate network traffic (ex: http, ftp, http/s, etc) to filter and scan the traffic. These appliances traditionally use a rule set of good and/or bad urls to block or allow traffic. Since the dynamic nature of the Internet enables malicious individuals to change their location rapidly these static filters are not able to keep up.

Bluecoat has an Internet based filter system that is designed to try and keep pace with these rapidly moving malicious individuals. This filter systems gathers information from a number of sources and continually updates the rulesets on ones local appliance.

My guess is that Zscaler references Bluecoats capabilities here because of Bluecoat is one of the recognized leaders in the proxy server space and has a large percentage of the market share.
0
 

Author Comment

by:totaram
ID: 39785710
I thought that description that is used above is for web browser proxy configuration using PAC files... is bluecoat filtering same as browser proxy confguration?
0
 
LVL 1

Accepted Solution

by:
jawafa earned 200 total points
ID: 39785967
At its most basic definition Bluecoat filter refers to the URL filtering rulesets that are active on the appliance.
0
 

Author Comment

by:totaram
ID: 39816331
Hi Jawafa;
Is there any authentication that users have to go thro' before using Zscaler features. My initial feeling tells me there should not be pne, but on second thought how does one Dept know that they have BW priority over other Dept???
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For cloud, the “train has left the station” and in the Microsoft ERP & CRM world, that means the next generation of enterprise software from Microsoft is here: Dynamics 365 is Microsoft’s new integrated business solution that unifies CRM and ERP fun…
Your data is at risk. Probably more today that at any other time in history. There are simply more people with more access to the Web with bad intentions.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question