Scribd
Upload
84 views38 pages

Z-Sync-Cyberthreat Protection LabGuide v1.0

Uploaded by

anjan.chidurala
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
84 views38 pages

Z-Sync-Cyberthreat Protection LabGuide v1.0

Uploaded by

anjan.chidurala
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 38

Z-Sync - Cyberthreat Protection

Lab Guide

Z-Sync - Cyberthreat Protection Lab Guide © 2015-2024 Zscaler Inc., All rights reserved 1
Z-Sync - Cyberthreat Protection Lab Guide © 2015-2024 Zscaler Inc., All rights reserved 2
Copyright
This document is protected by the United States copyright laws, and is proprietary to Zscaler Inc. Copying, reproducing, integrating,
translating, modifying, enhancing, recording by any information storage or retrieval system or any other use of this document, in
whole or in part, by anyone other than the authorized employees, customers, users or partners (licensees) of Zscaler, Inc. without
the prior written permission from Zscaler, Inc. is prohibited.
©2015-23 Zscaler, Inc. All rights reserved.

Trademark Statements
Zscaler™, Zscaler Internet Access™, Zscaler Private Access™, ZIA™ and ZPA™ are either (i) registered trademarks or service
marks or (ii) trademarks or service marks of Zscaler, Inc. in the United States and/or other countries. Any other trademarks are the
property of their respective owners.

Z-Sync - Cyberthreat Protection Lab Guide


Jan. 2024, Rev. 1.0

Z-Sync - Cyberthreat Protection Lab Guide © 2015-2024 Zscaler Inc., All rights reserved 3
Contents
About the Z-Sync - Cyberthreat Protection Lab .....................................................................................................................................5
Lab Topology ...................................................................................................................................................................................5
Lab 0: Connecting to the Virtual Lab .....................................................................................................................................................6
Admin Portal Access ........................................................................................................................................................................6
Lab 1: Securing Access to Internet ........................................................................................................................................................9
Task 1: Review SSL Inspection Policy & Verify SSL Decryption ......................................................................................................9
Task 2: Review Threat Protection Configurations & Risk Reports .................................................................................................11
Task 3: Check Your Security Posture ............................................................................................................................................16
Lab 2: Reducing Risk by Isolating Risky Websites ..............................................................................................................................20
Task 1: Test Browser Isolation User Experience & Threat Prevention Capabilities .......................................................................20
Task 2: Review Browser Isolation Configuration & Settings...........................................................................................................23
Lab 3: Inspecting Unknown Files through Advanced Cloud Sandbox .................................................................................................26
Task 1: Review Sandbox Configuration .........................................................................................................................................26
Task 2: View Sandbox Activity Report ...........................................................................................................................................28
Lab 4: Enforcing Safe Access to Internet & SaaS Applications using Content Filtering & Access Control ..........................................32
Task 1: View Content Filtering Controls .........................................................................................................................................32
Task 2: Test End User Experience with Content Filtering ..............................................................................................................33
Lab 5: Extending Zero Trust with Deception-Based Active Defense ...................................................................................................34
Task 1: Review the Zscaler Deception Administrator Console .......................................................................................................34
Summary .............................................................................................................................................................................................38

Z-Sync - Cyberthreat Protection Lab Guide © 2015-2024 Zscaler Inc., All rights reserved 4
About the Z-Sync - Cyberthreat Protection Lab
Welcome to the Z-Sync - Cyberthreat Protection Lab. During this lab, you will practice the skills you learned during the eLearning
using Zscaler’s remote lab. You will complete several lab exercises designed to allow you to experience and familiarize yourself with
Zscaler Internet Access (ZIA) security features in a lab environment. Your objectives are to learn how to streamline your security
operations and take full advantage of the multiple layers of security provided by Zscaler’s Zero Trust Exchange.

Lab Topology
This lab environment is designed for carrying out the lab exercises in the provided manual. Your lab environment contains the
resources needed to test secure user access to the Internet through the Zscaler Zero Trust Exchange. Your virtual lab environment
will be started with:
● a virtual PC that you may use for testing as an end user,
● credentials for the admin and user accounts you need,
● a lab manual with a set of lab exercises to guide your learning.

In this workshop, you


will access the ZIA
Admin Portal as a
Read-Only
Administrator.
This role affects what
you will see in the
Admin Portal.

Z-Sync - Cyberthreat Protection Lab Guide © 2015-2024 Zscaler Inc., All rights reserved 5
Lab 0: Connecting to the Virtual Lab
The Hands-on Lab uses cloud-based lab resources hosted on the Skytap service. Each student has access to an account on the
Zero Trust Exchange (ZIA), and a Skytap ‘Pod’.

Admin Portal Access


You can access the ZIA Admin and Deception Admin portals from the machine/browser of your choice. These are cloud services
accessible from any machine with an Internet connection. In some labs, you should access the URLs from a Client PC VM to upload
/ download a file.

You should now logon to Skytap and, if required, start the virtual machine.
a. Familiarize yourself with the logon options and clipboard copy/paste functions.
b. Ensure the keyboard is mapped appropriately for your locale.
c. When connected to a VM, the keys icon identifies the username/password. Clicking the icon allows you to insert the
credentials into the foreground application.

1. In the VM Control Panel, click CTRL-Alt-Del.


2. Log in as the student user,
with password Admin-123!.

Z-Sync - Cyberthreat Protection Lab Guide © 2015-2024 Zscaler Inc., All rights reserved 6
Note: In the right window pane, you’ll find a list of usernames, passwords and a link to download the LabGuide.

3. In the Zscaler Client Connector, enter the username of the Marketing department user and click Login.

4. Enter the same username again and click Next.


5. Enter the Session Password and click Sign in.
6. At the Stay signed in? dialog, click No.

7. Client Connector will minimize to the Windows Tray. Open it again and check that the Internet Security
Service Status shows ON and the Network Type is shown as Off-Trusted Network.
8. To confirm that traffic is being forwarded to Zscaler, open a browser window and go to http://ip.zscaler.com.
9. Verify that you are accessing the Internet via a Zscaler data center.

Z-Sync - Cyberthreat Protection Lab Guide © 2015-2024 Zscaler Inc., All rights reserved 7
10. Notice the IP address that is used for the request.
11. In a new browser tab, go to https://www.ipaddress.my.

As you can see in the example screenshot, the IP address for this user is going through the Zscaler data
center. Zscaler helps organizations eliminate attack surfaces by removing identifiable information from
users as they are accessing the Internet. All users appear to come from a Zscaler data center, leaving no
indication of the true company identity that they are associated with.

Z-Sync - Cyberthreat Protection Lab Guide © 2015-2024 Zscaler Inc., All rights reserved 8
Lab 1: Securing Access to Internet
Threat Protection is at the core of preventing compromise. Zscaler offers layered protections to user traffic to provide this basic
requirement. As a cloud-native proxy, the Zscaler security cloud ensures that every packet from every user, on- or off network, gets
fully inspected from start to finish, with unlimited capacity to inspect SSL.

Task 1: Review SSL Inspection Policy & Verify SSL Decryption


To review the current SSL inspection policies, follow these steps:
1. On your laptop (or the Client PC VM), open a web browser and go to the ZIA Admin Portal URL.
2. Log in to the ZIA Admin Portal with Admin User ID and Session Password.

3. Go to Policy > SSL Inspection to view examples of SSL policies.

Several default policies like Office 365 One Click, and Zscaler Recommended Exemptions help
implement SSL inspection without disrupting users.

4. Click the icon for a policy to explore its settings.


5. On the Client PC VM, open a new browser window and go to https://www.microsoft.com.
6. View the certificate for the site.

Z-Sync - Cyberthreat Protection Lab Guide © 2015-2024 Zscaler Inc., All rights reserved 9
Lab1: Securing Access to Internet

Note: Viewing the certificate varies by browser choice, but it’s typically done by clicking on the lock symbol in the
browser address bar, then viewing ‘More Information’. You should see that the site is using a Zscaler certificate (Zscaler
Intermediate Root CA.

7. [Optional] On the ZIA Admin portal, go to Analytics > Web Insights and select Protocol to see encrypted vs unencrypted traffic
mix.
8. [Optional] Change the Timeframe on the left navigation bar to see charts for different time periods or by transactions vs bytes.

Z-Sync - Cyberthreat Protection Lab Guide © 2015-2024 Zscaler Inc., All rights reserved 10
Lab1: Securing Access to Internet

Task 2: Review Threat Protection Configurations & Risk Reports


To review the current Threat Protections, follow these steps:
1. In the ZIA Admin Portal, go to Policy > Malware Protection.
2. Scroll through the settings and compare them to the Recommended Policy settings, taking notice of which Malware Protections
have been enabled. These protection areas guard users against spyware, botnets, malicious active content, and more.

Z-Sync - Cyberthreat Protection Lab Guide © 2015-2024 Zscaler Inc., All rights reserved 11
Lab1: Securing Access to Internet

3. Go to Policy > Advanced Threat Protection.


4. Scroll through the settings and compare them to the Recommended Policy settings, taking notice of which Advanced Threat
Protections have been enabled. These protection areas guard users against Command and Control Traffic, Malicious Sites,
Fraud Protection, Phishing, Cryptomining, Tunneling, Cross-Site Scripting (XSS), etc.

5. Note the current Page Risk Score Index (SUSPICIOUS CONTENT PROTECTION (PAGE RISK™)).

The Zscaler service calculates the Risk Index of a page in real-time by identifying malicious content
within the page (injected scripts, vulnerable ActiveX, zero-pixel iFrames, and many more) and creating
a risk score, or Page Risk Index.
Simultaneously, a Domain Risk Index is created using data such as hosting country, domain age, past
results, and links to high-risk top-level domains. The Page Risk and Domain Risk are combined to produce
a single score for the Risk Index; this score is then evaluated against the Suspicious Content Protection
(Page Risk™) value that you set in this policy. The Low Risk area indicates that you are willing to block
anything that is even slightly suspicious; there is no tolerance for risk. The High Risk area indicates a high
tolerance for risk and will allow users to access even very risky sites.

6. Go to Analytics > Configuration Risk Report.

Z-Sync - Cyberthreat Protection Lab Guide © 2015-2024 Zscaler Inc., All rights reserved 12
Lab1: Securing Access to Internet

The Configuration Risk Report evaluates your current policy configuration, traffic pattern and feature
capabilities against Zscaler’s best practices and recommends configuration changes to better protect
against emerging threats.

7. Click on each category, Web-Based Threats, File-Based Threats, Network-Based Threats, Uninspected Encrypted Traffic,
to understand the current protection status and its contribution to the overall risk.
8. Navigate to the category with the highest Risk Contribution and drill into the details by clicking on the category name to review
potential threats and recommended config changes.

9. Go to Analytics > Company Risk Score Report.

Z-Sync - Cyberthreat Protection Lab Guide © 2015-2024 Zscaler Inc., All rights reserved 13
Lab1: Securing Access to Internet

The Company Risk Score Report allows organizations to monitor and analyze the various factors that
contribute to an organization's risk score, which can include recent malware outbreaks, risky user behavior,
and other suspicious factors. Administrators can study how their users' and company's risk score has
changed over time and compare their score against their industry peers and Zscaler cloud averages.

Company Risk Score Report provides the following benefits and enables you to:
- Configure stronger policies by monitoring your organizational, location, and user-level risk exposure.
- Study users' and company's risk scores change over time to determine the effectiveness of various
policy configurations.
- Compare the risk scores against your industry peers and Zscaler cloud averages to understand your
position against potential attacks.

10. Review the sections Events Contributing to the Risk Score and Top Advanced Threats Trend to understand the user’s risky
behavior & activities trend that contributed to the current risk score.

Z-Sync - Cyberthreat Protection Lab Guide © 2015-2024 Zscaler Inc., All rights reserved 14
Lab1: Securing Access to Internet

11. Subsequently, you can click on any of the Top Risky Users to pivot to the User Risk Report to understand the selected user’s
behavior that contributed to the risk score and trends.

Z-Sync - Cyberthreat Protection Lab Guide © 2015-2024 Zscaler Inc., All rights reserved 15
Lab1: Securing Access to Internet

Task 3: Check Your Security Posture


To see the before-and-after effects of enabling Zscaler protections, follow these steps:
1. On the Client PC VM, go to the Client Connector and turn off Internet Security.
2. In a browser window, go to https://www.testmydefenses.com/.

Z-Sync - Cyberthreat Protection Lab Guide © 2015-2024 Zscaler Inc., All rights reserved 16
Lab1: Securing Access to Internet

3. Scroll down to Internet Threat Exposure Analysis.


4. Select Test your defenses now and then click Test your cyber risk posture to see how you are protected without Zscaler.
5. Wait for the test to complete and review the results.

Z-Sync - Cyberthreat Protection Lab Guide © 2015-2024 Zscaler Inc., All rights reserved 17
Lab1: Securing Access to Internet

6. Return to the Test My Defenses site.


7. Under Ransomware Risk Assessment, click Test your defenses now and then click Test My Ransomware Defenses.
8. Wait for the test to complete and review the results.

Note: You can fill out the details on the right to get a more detailed, downloadable risk assessment.

Z-Sync - Cyberthreat Protection Lab Guide © 2015-2024 Zscaler Inc., All rights reserved 18
Lab1: Securing Access to Internet

9. Now turn Internet Security back on and rerun both analysis tools.

Note: You should see a significant difference with ZIA disabled vs. reenabling the service in Client Connector.

Z-Sync - Cyberthreat Protection Lab Guide © 2015-2024 Zscaler Inc., All rights reserved 19
Lab 2: Reducing Risk by Isolating Risky Websites
Browser Isolation (BI) is a feature that addresses needs in both Cyberthreat Protection and Data Loss Prevention. BI policies can
dictate if a site should be run within isolation, and if so, whether you allow cut/paste and download capabilities for the user. An
isolation container is instantiated for each user in the cloud and only pixels are transmitted to the user’s browser. Sites may be
isolated due to a configured URL category or Cloud App control policy or due to suspicious destinations (if Smart Browser Isolation
is enabled).

Task 1: Test Browser Isolation User Experience & Threat Prevention Capabilities
To test the end user experience when accessing websites in different URL categories, follow these steps:
1. On the Client PC VM, make sure you are logged into the Zscaler Client Connector as one of the test users.
2. Open a new browser window and go to a site in the Consumer and Online Shopping category, e.g. https://www.bestbuy.com.

Note: Browser Isolation opens seamlessly - allowing access to the destination but now the user is running in an isolated
session and the user’s device is only receiving pixels from the destination. The site is rendered safely in the Isolation
Environment - air gapped from potential dangers.

Z-Sync - Cyberthreat Protection Lab Guide © 2015-2024 Zscaler Inc., All rights reserved 20
Lab 2: Reducing Risk by Isolating Risky Websites
3. Go to a suspicious looking destination, e.g. https://www.fakebankstatement.co.uk. This URL is categorized as a suspicious
destination and will be automatically isolated if Smart Browser Isolation is enabled.
4. Now go to a risky software download site, e.g. https://www.eicar.org. This URL was defined in a custom URL category
(“Malicious Download Test”).
5. Select DOWNLOAD ANTI MALWARE TESTFILE to trigger a block by the Zscaler Intrusion Protection System (IPS).

Note: Even with Isolation protection, Zscaler still applies your security protections and rules to traffic.

Z-Sync - Cyberthreat Protection Lab Guide © 2015-2024 Zscaler Inc., All rights reserved 21
Lab 2: Reducing Risk by Isolating Risky Websites

6. Go to https://file-examples.com/index.php/sample-documents-download/sample-doc-download/ and click on 100kB


DOCX file.
7. Open the downloaded file.

Note: Isolation is able to render Word DOCX, PPTX and XLSX into PDF for viewing. Full list (keep an eye out on this
page, we’re adding support for more extensions).

Z-Sync - Cyberthreat Protection Lab Guide © 2015-2024 Zscaler Inc., All rights reserved 22
Lab 2: Reducing Risk by Isolating Risky Websites

Task 2: Review Browser Isolation Configuration & Settings


To check the current Isolation settings, follow these steps:
1. In the ZIA Admin Portal, go to Policy > URL & Cloud App Control.
2. Under Cloud App Control Policy, look at the Consumer / Online Shopping rule.
3. Select the icon to view policy details.
4. Note the Application Access Action (Isolate) and the Isolation Profile (TZTE Render Only).
5. Review other policies here, as well as in the URL Filtering Policy area (e.g. view the Browser_Isolation_Malicious rule for eicar
site control).
6. Note the Isolation Profile selected in each of the policies that controls user experience within Isolation.

7. Go to Policy > Secure Browsing > Smart Isolate to review Enable AI/ML based Smart Browser Isolation one-click setting.

Z-Sync - Cyberthreat Protection Lab Guide © 2015-2024 Zscaler Inc., All rights reserved 23
Lab 2: Reducing Risk by Isolating Risky Websites

User experience within Isolation such as “Isolation Banner”, “Copy/Paste”, “Print”, "File Upload/Download” etc. are controlled with an
Isolation Profile assigned to each policy.

8. To review the Isolation Profiles, go to Administration > Browser Isolation.


9. Under Isolation Profiles, select the icon for the TZTE Render Only profile.

10. Click Next to review the profile configuration, especially the Security settings.
11. Review the configured Isolation Banners.

Z-Sync - Cyberthreat Protection Lab Guide © 2015-2024 Zscaler Inc., All rights reserved 24
Lab 2: Reducing Risk by Isolating Risky Websites

Z-Sync - Cyberthreat Protection Lab Guide © 2015-2024 Zscaler Inc., All rights reserved 25
Lab 3: Inspecting Unknown Files through Advanced Cloud Sandbox
Any Threat Protection solution needs to include Sandboxing to protect against unknown files. Zscaler offers an inline sandbox with
inline quarantine and AI-Driven prevention to accurately identify downloads with malicious intent and block before the user
downloads it.

Task 1: Review Sandbox Configuration


To review Sandbox policy settings, follow these steps:
1. In the ZIA Admin Portal, go to Policy > Sandbox.
2. Select the icon for the Catch_All rule to view its settings.

Note: You can see that this policy looks at many file types, applies to all users, and will Quarantine a previously
unknown file, before allowing it to be downloaded.

Z-Sync - Cyberthreat Protection Lab Guide © 2015-2024 Zscaler Inc., All rights reserved 26
Lab 3: Inspecting Unknown Files through Advanced Cloud Sandbox

3. Explore other Sandbox policies.

4. Note the configured Criteria and Actions, e.g. the difference between ‘Quarantine First Time and Block Subsequent Downloads’
vs. ‘Allow and scan First Time and Block Subsequent Downloads’ actions.
5. Click Recommended Policy and review the suggested configuration.

Z-Sync - Cyberthreat Protection Lab Guide © 2015-2024 Zscaler Inc., All rights reserved 27
Lab 3: Inspecting Unknown Files through Advanced Cloud Sandbox
Task 2: View Sandbox Activity Report
To get a better understanding of the threats that are identified and blocked by sandbox policies, follow these steps:
1. In the ZIA Admin Portal, go to Analytics > Sandbox Activity Report.
2. Explore the various graphs. For example, check how many of the quarantined files were assessed to be malicious.

3. From the dropdown menu in the upper left, select Sandbox Files found Malicious.
4. Review the list of malicious files, including their File Type and Threat Name.

Note: Clicking a file’s Threat Name will open the Zscaler Threat Library and display more details about the identified
threat.

Z-Sync - Cyberthreat Protection Lab Guide © 2015-2024 Zscaler Inc., All rights reserved 28
Lab 3: Inspecting Unknown Files through Advanced Cloud Sandbox
5. In the table, click the unique MD5 value for a malicious file and then select View Sandbox Detail Report.

The Sandbox Detail Report provides different types of information about a file and its behavior, including
forensic details such as which registry keys were changed, which network connections were initiated, and
which files were read.
For each category, you can view additional details by clicking the Expand icon at the top right-hand corner
of each widget.

6. Go to Analytics > Web Insights and select the Logs tab.


7. Click Add Filter, select Sandbox and then select all Sandbox options.

Z-Sync - Cyberthreat Protection Lab Guide © 2015-2024 Zscaler Inc., All rights reserved 29
Lab 3: Inspecting Unknown Files through Advanced Cloud Sandbox

8. Click Done.
9. Click Apply Filters.

Note: You can add additional filters to quickly zero in on specific threats. For example, you could add the Policy
Action> Block filter to only display logs for files that were blocked by Sandbox.

Z-Sync - Cyberthreat Protection Lab Guide © 2015-2024 Zscaler Inc., All rights reserved 30
Lab 3: Inspecting Unknown Files through Advanced Cloud Sandbox

10. Scroll through the log details.


11. Change the Timeframe and click the icon to add/remove columns from the logs table.

You can also go to Dashboard > Security to view a list of Sandbox Patient Zero Events.

Z-Sync - Cyberthreat Protection Lab Guide © 2015-2024 Zscaler Inc., All rights reserved 31
Lab 4: Enforcing Safe Access to Internet & SaaS Applications using Content Filtering &
Access Control
Much of combating cyber threats is never letting them have a chance in the first place! Zscaler URL Filtering and Cloud App
Controls are tools that can be used to provide controls around which sites and applications users can reach on the Internet.

Task 1: View Content Filtering Controls


To familiarize yourself with the current URL Filtering and Cloud App controls, follow these steps:

1. In the ZIA Admin Portal, go to Policy > URL & Cloud App Control.
2. Under the URL Filtering Policy tab, review the currently defined policies, for example blocking URLs in the Social Networking
category and sending Miscellaneous traffic to Browser Isolation.
3. Under the Cloud App Control Policy tab, review pre-configured policies, including:
a. Unsanctioned Mail apps are sent to Browser Isolation
b. Streaming Media policies that will allow users in the Marketing department to view Zscaler’s YouTube channel, but block
access to any other YouTube videos
c. Social Networking policies that only allow users in the HR department to view and post to social media sites.

Z-Sync - Cyberthreat Protection Lab Guide © 2015-2024 Zscaler Inc., All rights reserved 32
Lab 4: Enforcing Safe Access to Internet & SaaS Applications using Content Filtering & Access Control
4. Click the Advanced Policy Settings tab and review the recommended settings for Advanced URL Filtering options, such as
SafeSearch, Suspicious New Domains Lookup and AI/ML based Content Categorization.
5. Go to Administration > Tenant Profiles.
6. Review the settings of Zscaler’s YouTube channel, which was used in the Streaming Media policy you viewed previously.

Zscaler's Tenancy Restriction feature allows you to restrict access either to personal accounts, business
accounts, or both for certain cloud applications.
You can provide restricted access to the cloud applications that support tenancy restrictions by creating
Tenant Profiles for these apps and associating them with the respective Cloud App Control policy rules.

Task 2: Test End User Experience with Content Filtering


To test the end user experience when accessing websites and cloud apps, follow these steps:
1. On the Client PC VM, log into the Zscaler Client Connector as the Marketing user.
2. Browse to the Zscaler YouTube channel to test tenant restrictions
https://www.youtube.com/channel/UCSylwuqCXM_W13ARfzASm3Q
3. Go to https://linkedin.com to see if you can get to it.

Note: Based on the policies you reviewed earlier, a user in the Marketing department should be able to view Zscaler
YouTube videos and be Isolated when visiting social networking sites, like Twitter.

4. Log out of Client Connector and log back in as the HR user, repeating these same steps.

Z-Sync - Cyberthreat Protection Lab Guide © 2015-2024 Zscaler Inc., All rights reserved 33
Lab 5: Extending Zero Trust with Deception-Based Active Defense
Deception is a proactive defense approach that detects active threats by populating your environment with decoys: fake endpoints,
services, databases, users, computers, and other resources that mimic production assets for the sole purpose of alerting you to
adversary presence when they’re touched. Since decoys are hidden from valid users unaware of their existence, any interaction
with them is a high-confidence indicator of a breach. Security analysts and SOCs leverage deception-based alerts to generate
threat intelligence, stop lateral movement and orchestrate threat response and containment without human supervision.

Task 1: Review the Zscaler Deception Administrator Console


To familiarize yourself with the Deception Admin Console, follow these steps:
1. In a browser window, go to the Deception Admin Console https://zerotrust.illusionblack.com/ and select the Solutions Demo
Center Login tile.

Z-Sync - Cyberthreat Protection Lab Guide © 2015-2024 Zscaler Inc., All rights reserved 34
Lab 5: Extending Zero Trust with Deception-based Active Defense

2. Enter the Admin Username and Session Password and click Sign in.

3. Accept the End User Subscription Agreement.


4. On the Client PC VM, open a new browser window, and go to one of the decoys. In this example, we will use
https://swf20.thezerotrustexchange.com.
5. Enter User Name: admin and Password: user. Then, click Submit.

6. In the Deception Admin Console, watch for your username to show up.

Z-Sync - Cyberthreat Protection Lab Guide © 2015-2024 Zscaler Inc., All rights reserved 35
Lab 5: Extending Zero Trust with Deception-based Active Defense

7. In the top-right dropdown menu, select Last 10 minutes to see the latest logs.

8. Select your username to get more detailed information.

Note: The more times you attempt to access a decoy or a series of decoys, the Risk Score elevates.

Z-Sync - Cyberthreat Protection Lab Guide © 2015-2024 Zscaler Inc., All rights reserved 36
Lab 5: Extending Zero Trust with Deception-based Active Defense
9. Click View Extended Details to see more information about this user.

Z-Sync - Cyberthreat Protection Lab Guide © 2015-2024 Zscaler Inc., All rights reserved 37
Summary
Zscaler Cyberthreat Protection delivers always-on protection against ransomware, zero-day threats, and unknown malware. As a
cloud-native proxy, the Zscaler security cloud ensures that every packet from every user, on- or off network, gets fully inspected
from start to finish, with unlimited capacity to inspect SSL.

With an integrated suite of security services across Malware Detection, Advanced Threat Protection, URL Filtering, Cloud App
Control, Cloud Browser Isolation, Cloud Sandbox with Machine Learning, and Threat Intelligence, you’ll close security gaps and
reduce risks that result from other security solutions’ shortcomings.

With the addition of Zscaler Deception technologies, you can ensure that even your authenticated and authorized users are not
misusing their access.

Z-Sync - Cyberthreat Protection Lab Guide © 2015-2024 Zscaler Inc., All rights reserved 38

You might also like