User Experience

Feature Validation is a great way to quickly and easily test the Zscaler service. The page below outlines how an end-user or administration may evaluate the web browsing performance and access control functionality of the service.

The following steps describe the different user account types, the applicable security mechanisms and access control policies restricting web browsing, along with some useful links which can help demonstrate the effectiveness of the Zscaler service.

1   User Accounts Permissions

In an email sent to you by your Zscaler Sales Engineer you'll find several sets of credentials. Each set of credentials can be used to authenticate with the service, though the access control permissions for each are slightly different.

 Account Type Restriction Level
Executive Low - can access all business appropriate websites as well as those typically classified as potentially a productivity loss
Sales Medium - can access all business appropriate websites though with restrictions around websites classified as a liability to the organization
Contractor High - can access only business/role appropriate websites

For extended user testing we recommend the Executive account be used as it has access controls which will be unlikely to restrict a user from their day-to-day business activities.

2   SSL Inspection

In order to detect and block threats over HTTPS, as well as apply granular policies on a per-Cloud Application basis, SSL inspection is automatically enabled for evaluation with Feature Validation.

Please note that for Feature Validation that all websites in both the Finance and Health categories are automatically bypassed from SSL inspection.

3   Security / Threat Protection

Zscaler provides protection against both unknown and known threats using a layered security methodology, protecting against traditional malware, advanced threats, and using the Zscaler Cloud Sandbox, unknown 0-day threats.

Security Preview - using Zscaler's own security tool, you can quickly analyze the effectiveness of our solution with stopping threats, protecting your users and safeguarding your company's intellectual property. 

EICAR Test File - an industry wide standard for testing anti-virus solutions, is a completely benign file which can be used to trigger malware blocks with the Zscaler service. Through the ability to perform SSL inspection, Zscaler will detect this (as well as any other security threat) whether downloaded over HTTP or HTTPS.

Cloud Sandbox - an in-line, Cloud-based sandboxing system which can be engaged whenever a suspicious object can't be 'vouched for' using our in-line scanning and Threat Intelligence systems. A quarantine test block can be triggered using an auto-generated test file.

4  Internet Access Control

Using Zscaler, you can decide what sorts of content you are (or aren't) comfortable with your users accessing, and what Cloud App functionality they should or should not have access to. 

To give you an idea of the user experience when coming across different policy actions the below table outlines the respective user accounts and actions for different websites.

Policy Action Executive Sales Contractor
Allow  Google Google
Zillow
Block Weapons-Universe Weapons-Universe Weapons-Universe
Caution Monster
Override The White House

Users will see an end user notification for the block, caution, and override actions. Caution will allow the user to continue after accepting the terms of a warning message while Override will require administration authorization to continue.

5  Data Loss Prevention

The Zscaler Data Loss Prevention system allows our Cloud to actively scan and inspect the information your users are broadcasting to the Web, and proactively allow or block that content based on your policies around whatever data your organization might be sensitive to or protective of.

DLPTest.com - using the DLPTest.com sample data, Zscaler will detect and block the confidential data whether using the HTTP or HTTPS post/upload tests.