Varonis for

Zscaler Proxy

Combine Zscaler’s web proxy events with Varonis’ file, email, and Active Directory metadata to detect threats faster with less noise. 

Request a demo
Zscaler Logo

Challenge

Attackers hope to evade detection by blending into your noisy network. As the perimeter becomes less defined and adversaries become more sophisticated, it’s critical to expand your detection window and take a defense-in-depth approach.

 

Could you trace an incident from your perimeter to the data that was touched or stolen? Many organizations don’t have data-level visibility.

Solution

Zscaler is a cloud-based proxy and firewall appliance with features like SSL inspection and IPS. By sending Zscaler events to Varonis Edge, you’ll enhance your infiltration and exfiltration detections. 

Edge events are aggregated, normalized, and enriched with valuable context such as geolocation, URL reputation, and account type. Events from Zscaler are stored in a unified audit trail for forensics investigations, threat hunting, and reporting. 

Behavior-based, real-time detection 

Boost your kill chain coverage for intrusion, C2, and data exfiltration. Turn billions of events into a handful of meaningful alerts with hundreds of out-of-the-box machine learning detections developed by Varonis’ elite researchers and data scientists.

Quick & conclusive investigations 

Get a normalized, human-readable audit log that makes it easy to correlate events from Zscaler with activity from Windows, Active Directory, Exchange, and Microsoft 365. Pivot from suspicious network activity to sensitive data access in seconds with end-to-end forensics.  

Flexible deployment 

Send web proxy events from Zscaler Proxy to Varonis using syslog or Zscaler Internet Access (ZIA). If Zscaler data is already collected in Splunk, you can forward those events directly to Varonis Edge.