Reflections on the CrowdStrike – Zscaler Partnership
By Arie Fred, VP of Product, SecBI
I was always troubled by the lack of complete visibility in the network.
The endpoint security products were adequate for malware protection of the endpoints but provided little in terms of network security. The gateway was “blind” to the possible impact on endpoints prior to an update in its policy. These two solutions together didn’t work in concert, meaning that investigating an incident required manually collecting and comparing data from these sources, a painfully slow, often inaccurate and basically ineffective process. I understood that the absence of an integrated solution meant that there will always be blind spots for malware and other malicious communications to enter the security operations.
I literally dreamed of a way that I could easily see what was going throughout the entire network.
While coming across the news of the partnership between Zscaler (a gateway solution) and CrowdStrike (an endpoint solution), my first thought was that the train finally left the station, making progress in the direction of real network visibility. But still, a huge piece was missing and it is an inherent limitation because even though both gateway and endpoint systems are now synced, the gateway is a preventive device and only manages the “current” traffic, remaining blind to historical information (e.g. the impact of pre-blacklist update). The endpoint solution, in addition to the same limitation of time, has a coverage issue and doesn’t support the whole environment, like older operating systems (e.g. XP which is still widely used for POS), OT environments or Linux-based systems.
Once I joined SecBI, I worked with enterprise customers who used both Zscaler and CrowdStrike solutions, leading me to realize that together with SecBI, we could deliver a complete picture to “bridge the gap” between CrowdStrike’s endpoint solution and Zscaler’s gateway solution in terms of network visibility for effective cybersecurity against malware and other malicious communications.
After testing and refining this three-way partnership at customers, we have achieved an integrated solution that enables end-to-end orchestration of preventive and detection measures with SecBI, Zscaler and CrowdStrike, providing:
- Advanced analytics covering the entire scope of a cyberattack per solution over time.
- Detection of the full scope of a malicious incident in a single narrative.
- Full visibility of the entire environment, with zero blind spots.
Inherently in the way SecBI operates, we also add value by augmenting the capability of both solutions together with:
- Automated threat hunting.
- Automated threat response.
All this translates to greater ROI to our customers. Using SecBI they receive greater value out of their security investment they made into the preventive measures (namely Zscaler and CrowdStrike).
Finally, I can provide a single pane of glass to other like-minded SOC managers, to everything that happens on the endpoint, gateway and in between, for greatly improved threat detection, prevention and response capabilities.