As enterprises move application and resources to the cloud, users are connecting to them remotely from coffee shops, airports, and outside the security “moat.” Traditional VPNs help establish secure IPSec tunnels to and from corporate resources, but backhauling traffic causes latency and degrades the user experience. VPNs also expose the entire internal network to malicious activity once an authenticated user gains access. IT and network administrators have no visibility as to what applications the users are accessing (demonstrated in this video).
CrowdStrike and Zscaler have partnered to enhanced access control and end-to-end visibility that reduces attack surfaces. The CrowdStrike Falcon Platform and Zscaler Private Access (ZPA) together enable Zero-Trust access control based on both user identity and endpoint device posture to ensure that only compliant and secured endpoints can access mission-critical applications.
In this article and video, we demonstrate how to integrate ZPA with CrowdStrike.
To see how CrowdStrike integrates with Zscaler Internet Access (ZIA), please refer to this blog.
How to integrate CrowdStrike with ZPA
Zscaler Private Access (ZPA) and CrowdStrike work together to implement Zero-Trust access control, based on the real-time security posture of the endpoint device.
ZPA verifies the compliance status of the user device using an access rule that allows access to selected applications only if the CrowdStrike sensor is running on the endpoint.
To integrate ZPA and CrowdStrike:
1. Login to the ZPA portal using your ZPA admin credentials.
2. Once in ZPA, select Administration and then Access Policy.
3. As shown in the policy below, the CrowdStrike agent must be running on the end host or the Zscaler app blocks access to any internal applications hosted under a specific domain.
4. Click Administration, then select Application Segments to configure the CrowdStrike posture check.
5. Set up what domain ZPA uses for permitted internal applications. The applications must be hosted on the specified domain in order for ZPA to allow access and route traffic. In this example, we are using “*.bd-dev.com.”
6. On the client device, confirm that the Zscaler application is installed. Open the Zscaler application on the client device, and check that both Private Access and Internet Security are actively running.
7. Access the domain specified in the rule above. Since CrowdStrike isn’t yet installed, an access-denied screen appears.
8. The relevant log entry can be seen in the ZPA console.
9. Install the CrowdStrike agent on the client device. Enter the CrowdStrike Customer ID with Checksum. This is an installation code that ties this CrowdStrike agent to a specific CrowdStrike tenant. You can obtain this from the CrowdStrike admin portal.
10. Once CrowdStrike is installed, enter the same application URL as before. The action will pass the CrowdStrike rule now and access will be granted.
The integration of Zscaler and CrowdStrike provides the following benefits:
- A fuller security picture using network visibility, threat detection, and advanced endpoint analytics.
- protects access to private apps hosted in the cloud or on-prem by only allowing access to compliant endpoints.
- CrowdStrike 15-Day Free Trial
- CrowdStrike Tech Center
- Sign up for a weekly Falcon demo
- Request a 1:1 Demo
- Guide to AV Replacement
- CrowdStrike Products
- White Paper on Falcon OverWatch
Content provided by Jamie Chui and Rohan Upalekar of Zscaler