Hi QRadar Community,
I have some exciting news for you! IBM Security QRadar recently (Q2, 2021) released an integration with Zscaler Private Access (ZPA). See below for details:
Background:
In my role as a Product Manager for QRadar SIEM integrations, I’m continuously speaking with security practitioners and researching new security technologies. At this point in time one of the most common themes of discussion is the “Zero Trust” philosophy. The Zero Trust security philosophy has gained noticeable popularity and airtime in the last few quarters. Which I believe is logical with the increasing adoption of third-party clouds that was exacerbated by many office workers who were dispersed to their home offices as the result of COVID-19.
What is Zero Trust?
Of all of the definitions of Zero Trust, I find that in her June 3rd article for Gartner, Susan Moore describes the concept extremely well, see below for her description:
“The term “Zero Trust” is widely abused in security product marketing. However, it is useful as a shorthand way of describing an approach where implicit trust is removed from all computing infrastructure. Instead, trust levels are explicitly and continuously calculated and adapted to allow just-in-time, just-enough access to enterprise resources” (Here)
Zero Trust is not a prescriptive set of controls, but rather an approach that includes continuous verification of identities. The implementation to Zero Trust is often a journey for organizations and includes several technologies and services.
IBM And Zscaler: A partnership for Zero Trust:
In order to help our clients on their Zero Trust journey, IBM and Zscaler announced a partnership with Zscaler on May 5th that is multi-faceted and provides a framework for organizing in order to progress toward Zero Trust. Our partnership addresses four key blueprints (security use cases) which include: (1) Preserving customer privacy; (2) Securing the hybrid and remote workforce; (3) Reducing the risk of insider threat; and (4) Protecting the hybrid cloud.
IBM QRadar and Zscaler Private Access:
As part of this partnership, my teammates from IBM Security development and I collaborated with our counterparts at Zscaler to deliver an integration between IBM Security QRadar and Zscaler’s Private Access (ZPA) software (here). ZPA “is a cloud service from Zscaler that provides seamless zero trust access to private applications running on public cloud or within the data center” (here).
For organizations looking to implement a Zero Trust philosophy, ZPA allows them to continuously verify the identities of their users while still allowing users to complete their daily tasks. The integration between QRadar and ZPA allows ZPA users to seamlessly ingest their Zscaler into QRadar and correlate data from Zscaler with data from their other security sources to get a holistic picture of the security posture of their organization. For example, users can leverage QRadar’s User Analytics app, to analyze data from Zscaler and third-party cloud applications (incl: AWS/Azure/GCP) to understand a full risk profile of users.
Conclusion:
The combination of ZPA’s access controls and QRadar’s threat detection analytics capabilities are aimed at supporting our users on their journeys to Zero Trust and often times their simultaneous journey to the cloud.
Do you have thoughts on Zero Trust? Planning to check out this integration? Let me know!
Acknowledgements:
I’d like to thank the following team for all of their contributions to this project
- Mike Richards- IBM Security QRadar, Product Owner
- Oleksandr Havlovych - IBM Security QRadar, Software Engineer
- Rahim Ibrahim – Zscaler, Senior Manager Technology Alliances
- Rohan Upalekar – Zscaler, Solutions Architect
Thanks,
Wendy Willner – Product Manager, QRadar Integrations
References: