Solved

Zscaler

Posted on 2014-01-13
12
1,838 Views
Last Modified: 2014-01-28
Hi;
I am new to world of cloud security.. can someone please shine some light on how security is rendered to enterprise w/ zscaler?

Thanks;
0
Comment
Question by:totaram
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
12 Comments
 
LVL 1

Expert Comment

by:jawafa
ID: 39778173
zscaler works as a proxy. This means that your computer sends all Internet traffic to/from the Zscaler systems. So, when you type a url in your browser (ex: www.google.com) That request is sent from your computer to the Zscaler systems. They then connect to the servers, send the request, and receive the response. The Zscaler systems then inspect the response to ensure it is safe and meets corporate policies before sending it to your computer.

Zscaler does this on an enterprise level by acting as a proxy for all computers in the environment. This can include gateway devices like a firewall, router, etc as well.
0
 

Author Comment

by:totaram
ID: 39779786
Thanks Jawafa;
What I do not understand is role of GRE tunnels, can you please explain that piece?
0
 
LVL 1

Assisted Solution

by:jawafa
jawafa earned 200 total points
ID: 39779862
GRE stands for Generic Tunnel Encapsulation. In short an encapsulation protocol takes existing network packets, encapsulates it into another network packet and then sends it to a new destination. This new destination receives the encapsulated packet, unpackages it to the original packet, and then processes the original packet on.

In this case, GRE takes the original network traffic and encapsulates it into another packet then sends this new packet to Zscaler Cloud. This is done at the firewall so that no reconfiguration of any single machine needs to be done. Once this encapsulated packet is received Zscaler unencapsulates the packet and then processes the original packet through their Zscaler Cloud systems. Once the response is received from the Internet then Zscaler Cloud will then encapsulate the traffic using GRE and then send it back to your firewall which will unencapsulate the traffic and process the response appropriately.

The plus of using a GRE tunnel is that all traffic from the enterprise environment will be directed to the Zscaler Cloud service. The downside is that anyone outside the corporate environment, think mobile users, will not be using Zscaler.
0
Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

 

Author Comment

by:totaram
ID: 39779926
If mobile/smartphone users do not go through GRE tunnel, does it mean that the mobile security is less stringent than the enterprise zscaler security?
0
 
LVL 1

Assisted Solution

by:jawafa
jawafa earned 200 total points
ID: 39780022
The only network connections that are going to go through a GRE Tunnel are those that are connected to the corporate network. So, if a mobile device, phone or tablet, is using the corporate network, via wireless for example, then it will us the GRE Tunnel and be secured. However, it the mobile device uses a cellular connection (ex: 3G, 4G, etc) then it will not go through the GRE Tunnel to Zscaler.

This means that any mobile device that is not using the corporate network for communication to the internet will not benefit from Zscaler services.
0
 

Author Comment

by:totaram
ID: 39780059
Ok.. so for GRE tunnels we need to use the enterprise resources.. but can laptops, iPhones and other smartphones be configured to use Zscaler as a proxy, if we do not connect it using as VPN?
0
 
LVL 1

Expert Comment

by:jawafa
ID: 39780122
I know Zscaler offers the service, but I do not about your relationship with them. That would be a question for Zscaler.
0
 

Author Comment

by:totaram
ID: 39780970
Thanks Jwata; now that we are @ this topic, can you please let me know what is bluecoat filter... I see it quite a bit in ref to zscaler...
0
 
LVL 1

Expert Comment

by:jawafa
ID: 39782516
Bluecoat is an appliance based proxy that one can install into their network. This appliance then proxies all appropriate network traffic (ex: http, ftp, http/s, etc) to filter and scan the traffic. These appliances traditionally use a rule set of good and/or bad urls to block or allow traffic. Since the dynamic nature of the Internet enables malicious individuals to change their location rapidly these static filters are not able to keep up.

Bluecoat has an Internet based filter system that is designed to try and keep pace with these rapidly moving malicious individuals. This filter systems gathers information from a number of sources and continually updates the rulesets on ones local appliance.

My guess is that Zscaler references Bluecoats capabilities here because of Bluecoat is one of the recognized leaders in the proxy server space and has a large percentage of the market share.
0
 

Author Comment

by:totaram
ID: 39785710
I thought that description that is used above is for web browser proxy configuration using PAC files... is bluecoat filtering same as browser proxy confguration?
0
 
LVL 1

Accepted Solution

by:
jawafa earned 200 total points
ID: 39785967
At its most basic definition Bluecoat filter refers to the URL filtering rulesets that are active on the appliance.
0
 

Author Comment

by:totaram
ID: 39816331
Hi Jawafa;
Is there any authentication that users have to go thro' before using Zscaler features. My initial feeling tells me there should not be pne, but on second thought how does one Dept know that they have BW priority over other Dept???
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Is your company's data protection keeping pace with virtualization? Here are 7 dynamic ways to adapt to rapid breakthroughs in technology.
There is no doubt that cloud is gaining importance. Many of you must have read about this technology and its growing importance. More and more organisations are embracing this technology not forgetting start-ups. The process begins by dipping …
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

736 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question