Feature Validation is a great way to quickly and easily test the Zscaler service. The page below outlines how an end-user or administration may evaluate the web browsing performance and access control functionality of the service.
The following steps describe the different user account types, the applicable security mechanisms and access control policies restricting web browsing, along with some useful links which can help demonstrate the effectiveness of the Zscaler service.
1 User Accounts Permissions
In an email sent to you by your Zscaler Sales Engineer you'll find several sets of credentials. Each set of credentials can be used to authenticate with the service, though the access control permissions for each are slightly different.
|Account Type||Restriction Level|
|Executive||Low - can access all business appropriate websites as well as those typically classified as potentially a productivity loss|
|Sales||Medium - can access all business appropriate websites though with restrictions around websites classified as a liability to the organization
|Contractor||High - can access only business/role appropriate websites
For extended user testing we recommend the Executive account be used as it has access controls which will be unlikely to restrict a user from their day-to-day business activities.
2 SSL Inspection
In order to detect and block threats over HTTPS, as well as apply granular policies on a per-Cloud Application basis, SSL inspection is automatically enabled for evaluation with Feature Validation.
Please note that for Feature Validation that all websites in both the Finance and Health categories are automatically bypassed from SSL inspection.
3 Security / Threat Protection
Zscaler provides protection against both unknown and known threats using a layered security methodology, protecting against traditional malware, advanced threats, and using the Zscaler Cloud Sandbox, unknown 0-day threats.
Security Preview - using Zscaler's own security tool, you can quickly analyze the effectiveness of our solution with stopping threats, protecting your users and safeguarding
your company's intellectual property.
EICAR Test File - an industry wide standard for testing anti-virus solutions, is a completely benign file which can be used to trigger malware blocks with the Zscaler service. Through the ability to perform SSL inspection, Zscaler will detect this (as well as any other security threat) whether downloaded over HTTP or HTTPS.
Cloud Sandbox - an in-line, Cloud-based sandboxing system which can be engaged whenever a suspicious object can't be 'vouched for' using our in-line scanning and Threat Intelligence
systems. A quarantine test block can be triggered using an auto-generated test file.
4 Internet Access Control
Using Zscaler, you can decide what sorts of content you are (or aren't) comfortable with your users accessing, and what Cloud App functionality they should or should not have access to.
To give you an idea of the user experience when coming across different policy actions the below table outlines the respective user accounts and actions for different websites.
|Override||The White House|
Users will see an end user notification for the block, caution, and override actions. Caution will allow the user to continue after accepting the terms of a warning message while Override will require administration authorization to continue.
5 Data Loss Prevention
The Zscaler Data Loss Prevention system allows our Cloud to actively scan and inspect the information your users are broadcasting to the Web, and proactively allow or block that content based on your policies around whatever data your organization
might be sensitive to or protective of.
DLPTest.com - using the DLPTest.com sample data, Zscaler will detect and block the confidential data whether using the HTTP or HTTPS post/upload tests.