Zscaler Common

  1. Components
  2. Zscaler client connector (ZCC)
  3. Nanolog

Components

  1. ZeroTrust Exchange (ZTE)
  2. Zscaler Internet Access (ZIA)
  3. Zscaler Private Access (ZPA)
  4. Zscaler Digital Experience (ZDX)
  5. Mobile Admin portal
  6. Zscaler Posture Control (ZPC)
  7. Deception

Zscaler client connector (ZCC)

  • on endpoint: Windows, Mac, Linux, iOS, Android
  • install files hosted on AWS
  • refresh intervals
    • network change: app profile, forwarding profile, PAC and policy
    • 15 mins: PAC
    • 1h: policy update, app profile, forwarding profile
    • 2h: software update
  • uninstall, disable, logout is protected by OTP per device
  • device posture
    • certificate trust
    • file
    • registry key
    • client certificate
    • firewall active
    • AV/EDR
    • BitLocker
    • part of AD
    • process
    • OS version
    • jailbroken
  • detects correct IdP based on user domain
  • up to 16 devices per user
  • trusted network detection
    • FQDN resolved to specific IP
    • DNS server
    • DNS search domain
    • VPN trusted network ≡ trusted network + NIC containing “VPN”
  • logs
    • Mac: /Library/Application Support/Zscaler
    • Windows: ProgramData/ZscalerAppData/Zscaler

Nanolog

  • logs transactions metadata
  • differential: only delta is logged + number of occurences
  • tokenized: ID only (mapping on SMCA)
  • compression – 50:1
  • cluster: N+2
  • retention
    • ZIA: 6 months
      • 1h restream is possible (if NSS goes down)
    • ZPA: 2 weeks
      • 15 mins restream, not guaranteed
    • ZDX: 2 days (standard license) / 14 days (advanced license)
  • in-memory 1h buffering
  • syslog: connect to server via app connector