Zscaler
https://www.zscaler.com
Bring your SIEM up to speed with real-time logs from Zscaler.
With Zscaler, your SIEM can help you get a picture of what is happening across your entire network, instead of limiting your visibility to what has already happened. Zscaler’s global cloud platform continuously collects and streams logs to you, across racks of gateways and thousands of users. So you have the power of true threat correlation—in real time.
Zscaler has been providing us with logs from their solution, Nanolog Streaming Service.... I set this (Zscaler) up in my lab last week. Within 2 minutes I had events streaming in. And within a few more minutes I actually detected an offense…Ellen Knickle, Senior Product Manager, QRadar
Security Information and Event Management (SIEM) systems offer a means to correlate the appliance logs throughout your business, such as web gateways, firewalls, switches, and more. SIEMs have been the only way to get a true picture of what’s happening across your business. The only problem is that it can take so long to get the logs of web and firewall transactions—which often require batch imports from your racks of security appliances in each of your gateways—that any event has long since happened. Even worse, the logs coming from different security appliances are often specific to each appliance, which means the real picture is even more difficult to see.
Zscaler was designed to deliver logs for all users and all locations in near real time, with the Zscaler Nanolog Streaming Service (NSS). We can handle preprocessing based on your criteria, and deliver logs to the SIEM of your choice, with no need for batch reporting. This enables you to correlate logs across multiple devices, comply with regulatory mandates for local log archival, and conduct historical analysis. You can choose the format that works best for you and your solution, and send up to eight streams of logs—each with different filters and formats—to different SIEMs. NSS, like everything at Zscaler, is fully cloud-based, scalable, and elastic. NSS operates seamlessly with all of the leading SIEM vendors, including Splunk, ArcSight, QRadar, LogRhythm, Symantec, and RSA Security.
By time
Supports ASCII log format
Out of the box compatibility
By user/data/event type
Easily visualize security in real time, across your SIEM infrastructure.
All security engines fire with
each content scan – only
microsecond delay
Each outbound/inbound
byte scanned, native SSL
scanning
Risk of each object
computed inline,
dynamically
50:1 compression,
real-time global log
consolidation
Polices follow the user
for same on-premise, off-premise protection
