Back to Tech Center

How to Integrate CrowdStrike with Zscaler Private Access

April 24, 2020

Tech Center
CrowdStrike Tech Center

Introduction

As enterprises move application and resources to the cloud, users are connecting to them remotely from coffee shops, airports, and outside the security “moat.” Traditional VPNs help establish secure IPSec tunnels to and from corporate resources, but backhauling traffic causes latency and degrades the user experience. VPNs also expose the entire internal network to malicious activity once an authenticated user gains access. IT and network administrators have no visibility as to what applications the users are accessing (demonstrated in this video).

CrowdStrike and Zscaler have partnered to enhanced access control and end-to-end visibility that reduces attack surfaces. The CrowdStrike Falcon® Platform and Zscaler Private Access (ZPA) together enable Zero-Trust access control based on both user identity and endpoint device posture to ensure that only compliant and secured endpoints can access mission-critical applications.

In this article and video, we demonstrate how to integrate ZPA with CrowdStrike.

To see how CrowdStrike integrates with Zscaler Internet Access (ZIA), please refer to this blog.

Video

How to integrate CrowdStrike with ZPA

Zscaler Private Access (ZPA) and CrowdStrike work together to implement Zero-Trust access control, based on the real-time security posture of the endpoint device.

ZPA verifies the compliance status of the user device using an access rule that allows access to selected applications only if the CrowdStrike sensor is running on the endpoint.

To integrate ZPA and CrowdStrike:

1.  Login to the ZPA portal using your ZPA admin credentials.

zscaler ZPA login

2.  Once in ZPA, select Administration and then Access Policy.

zscaler zpa access policy

3.  As shown in the policy below, the CrowdStrike agent must be running on the end host or the Zscaler app blocks access to any internal applications hosted under a specific domain.

zscaler zpa policy

4.  Click Administration, then select Application Segments to configure the CrowdStrike posture check.

zscaler zpa admin

5.  Set up what domain ZPA uses for permitted internal applications. The applications must be hosted on the specified domain in order for ZPA to allow access and route traffic. In this example, we are using “*.bd-dev.com.”

zscaler zpa domain

6. On the client device, confirm that the Zscaler application is installed. Open the Zscaler application on the client device, and check that both Private Access and Internet Security are actively running.

zscaler zpa private access

zscaler zpa internet security

7.  Access the domain specified in the rule above. Since CrowdStrike isn’t yet installed, an access-denied screen appears.

zscaler zpa denied

8.  The relevant log entry can be seen in the ZPA console.

zscaler zpa log

9.  Install the CrowdStrike agent on the client device. Enter the CrowdStrike Customer ID with Checksum. This is an installation code that ties this CrowdStrike agent to a specific CrowdStrike tenant. You can obtain this from the CrowdStrike admin portal.

zscaler zpa cs install

10.  Once CrowdStrike is installed, enter the same application URL as before. The action will pass the CrowdStrike rule now and access will be granted.

Conclusion

The integration of Zscaler and CrowdStrike provides the following benefits:

  • A fuller security picture using network visibility, threat detection, and advanced endpoint analytics.
  • protects access to private apps hosted in the cloud or on-prem by only allowing access to compliant endpoints.

 

More resources

Content provided by Jamie Chui and Rohan Upalekar of Zscaler

Related Content