Skip to main content

·6 mins

Study progress

  • ✅ Zscaler Data Protection (EDU-220)

IDM - learn from your unstructured data

  • document fingerprinting
  • 75% match take more drastic action

EDM - protect your structured data

OCR - optical character optimization

  • extract senstive data from image file / screenshot and extract sensitive data and based on DLP policy protect data

AIP

  • azure information protection
  • use AIP tags and enforce a policy enforcement against them
  • we can add AIP tag as well scan data at rest to assess that doc have sensitive data and we can write label
  • if you see AIP label in document that says sensitive, do not allowed users to upload data to unsactioned sites

EUBA and Adaptive Access

  • trigger alert when user suddenly downloads 20GB in a day
  • you can ask user to reauthenticate again

Data in montion Data at rest

Policy construction

  • policy order of operation typically after first match the evaluation stops but with DLP this is not right approach
  • execute all policies
  • second policy can be for example more strict and should be matched
  • parralel policy evaluation

DEMO

  • dashboard > cloud applications (apps in your organization, risk scoring, total scoring, data that bitglass shares with us and zscaler service provide us - data breach, info about org, MFA support etc., drill down to applications, )
  • saas security report - different view of the above, number of users using this app are using, sanctioned or unsanctioned app from policy perspective
  • dictionaries - dictionary is a definition of the match we can use for our data protection policy ie credit cards (not based on pattern of number of codes, expiration, but also that it is properly formatted), low confidence score(16 digit numbers - launch check) - medium (checks proper format) - high confidence (looking for other phrases for posted data - American express card, Visa, etc - to further define this is credit card, CVV code pattern, etc)
    • pre-defined dictionaries
    • custom dictionaries - regex pattern and how many times it should occur, phrases case sensitive
  • DLP engine - is mechanism for enforcing the dictionaries

Index tool (IDM)

  • is a virtual machine - on-prem
  • you can upload documents to look into structured data, generate index
  • upload indexes to cloud and look for the matches as it pases through the cloud
  • create VM name in ZIA, deploy from OVF file on esxi/vcenter, zsroot + pw sudo zadp change-password sudo zadp configure-network IP, GW, DNS, dont restart yet

certs for machine index tool for registration? #

scp cert zsroot@IP:/tmp/

certs for web server with DNS domain to avoid ssl self sign certs errors #

scp idm.key cert zsroot@IP-or-DNS:/tmp/ scp idm.pem cert zsroot@IP-or-DNS:/tmp/ sudo zadp configure /tmp/idm.cert.zip

  • domain
  • password

^ generating self-sign certificate and replace with signed cert that we uploaded as well #

sudo zadp install-server-cert tmp/idm.pem tmp/idm.key

  • reboot / shutdown -r now ping DNS/IP of Indexing tool VM

ready to use indexing tool #

https://idm.domain.com authenticate with client credentials / against client validated

automate the VM creation using power shell maybe using vcenter

2 templates are available: exact data match template

  • provides CSV file that includes multiple fields, we are going to look into those fields for content, based on policy / engine we build for that …
  • upload structured data it will index document and hash out data and upload hashes to cloud, not uploading confidential data, just indexing the data, one way hash and upload to cloud

indexed document match template

  • looking for specific document that we are going to upload

created templates will be visible in the ZIA admin portal.

DLP dictionary - exact data match (type) + our template

  • match against fields from tempalates, primary (at least social security) and secondary data (at least one from secondary, we will triggered DLP policy)
  • index data + template, criteria and define accurancy - low (40% document match ) - medium (60%) - high (90% document is matched)
  • AIP - labels / tags within documents

DLP engines

  • grouping dictionaries IndexEngine
  • indexdata dictionary or exactdata 1> save

customdictionary >0 (at least one occurance)

  • looking for number of pattern ie. regex() a-z 0-9

DLP rule

  • without content inspection - header lookup
  • with content inspection - payload - POST data

Engine Index and block Zscaler Incident Receiver Auditory email

dlptest.com

  • post data and get response whether something was blocked exact document match -> un-structured data paste social security data and email data -> structured data custom pattern -> regex patterns

Protecting data also for BYOD devices

  • redirect to zscaler and redirect to isolation browser and block downloading files or copy pasting data

Out of band CASB protection

  • ie public shared drive / SaaS apps
  • scan for corporate
  • cloud misconfiguration - SaaS security posture management

DEMO

  • extending data loss - data at loss and 3rd party app integrations

SaaS applciation tenants

  • integrate with 3rd party SaaS applications to scan content that exists there
  • data exfiltration due to cloud misconfiguration - we have predefined signatures and we will fire off the signatures …
  • add app ie box.com we generate client id on box add app to authorize app wiht zscaler copy enterprise id form box to zscaler created federation between zscaler and box.com status = active

policy

  • pre-defined dictionaries
  • group together with dlp engine ie identify social security numbers
  • policy - saas security api control
  • DLP rules or apply malware detection here
  • choose in policy - box application that we integrated and PCI engine DLP action: report on incident

Saas security report

  • what apps were used
  • which tenant is scanend and what files has been scanned you can go to file, remove public link,

Demo 2

  • scan configuration - when the scanning should occur
  • create schedule, select tenant and policy and what and when to scan
  • play to start scanning of the content of the box

Saas security insights

App total

  • apptotal.zscaler.com
  • tool helps to give full visibility of 3rd party tools that are connected to SaaS platforms
  • all connected apps and their risks

DLP + ServiceNow integration

zworkflow - incident automation workflow

https://apptotal.io/ https://retool.com/

====== Automation updates

  • ZIA - Sandbox Submission
    • i need to incorporate wait interval
    • need file that will be always triggering submission to sandbox
    • sample that can be used to have known md5 hash for testing
    • workflow
    • visualization + screenshot

========

====== Youtube video - ✅ 3 How to install Grafana monitoring tool on Raspberry Pi 5 and automating the process

Optional:

  • Zscaler VPN S2S
  • How to install and use NordVPN
  • Raspberry Pi - install operating system
  • dual boot - flipper extreme and unleashed software (thumbnail with old evil porta but half half and include namings)

========

krtkova torta

  • mlieko
  • maslo kocka
  • vajicka
  • bananove smoothie
  • 30% smietanka - 500ml
  • hajzlak

ostrihat kupit: hajzlak, maso najst recept na natacanie: https://www.mimibazar.sk/recept/4514/dukatove-buchticky-s-vanilkovym-kremom Cesto:

  • 500 g hladkej múky
  • 3 dl mlieka
  • 20 g droždia
  • 50 g cukru
  • 1 vajce
  • štipka soli
  • 1 dcl oleja
  • olej na potieranie

Krém: 8 dcl mlieka 2 PL kryštálového cukru vanilkový cukor zlatý klas

https://www.mimibazar.sk/recept/23954/skolkarske-natierky https://www.mimibazar.sk/recept/5041/pecene-buchty https://www.mimibazar.sk/recept/3531/rychla-syrova-polievka-s-hraskom https://www.mimibazar.sk/recepty.php?strana=8&x=a&order=1&forum=0

========