---
title: "Modern security ops with zscaler and Sumo Logic"
page_name: "Modern security ops with Zscaler and Sumo Logic"
type: "blog"
slug: "modern-security-ops-with-zscaler-and-sumo-logic"
published_at: "2021-08-16"
modified_at: "2026-03-24"
url: "https://www.sumologic.com/blog/modern-security-ops-with-zscaler-and-sumo-logic"
canonical: "https://www.sumologic.com/blog/modern-security-ops-with-zscaler-and-sumo-logic"
markdown_url: "https://www.sumologic.com/blog/modern-security-ops-with-zscaler-and-sumo-logic.md"
lang: "en"
excerpt: "With Sumo Logic’s cloud-native Continuous Intelligence Platform and Cloud SIEM, it’s now easier than ever to integrate with Zscaler’s Internet and Private Access platforms to gain visibility across your cloud apps with out-of-the-box content, respond in real time to correlated security incidents and monitor your ZTNA deployment."
taxonomy_blog_category:
  - "SecOps &amp; Security"
---

[ All blogs ](https://www.sumologic.com/blog "blog")[SecOps &amp; Security](https://www.sumologic.com/blog/secops-security)

# Modern security ops with Zscaler and Sumo Logic

[Drew Horn](#blog-author-block-105)

August 16, 2021

4 min read 

[SecOps &amp; Security](https://www.sumologic.com/blog/secops-security)

##### Table of contents

 

 

 

The move to modernize security operations to keep up with the proliferation of complex, highly ephemeral apps and infrastructure has become more daunting than ever with the added explosion of remote work and the resulting acceleration of lift-and-shift and hybrid-cloud initiatives. With Sumo Logic’s cloud-native Continuous Intelligence Platform and Cloud SIEM, it’s now easier than ever to integrate with Zscaler’s Internet and Private Access platforms to gain visibility across your cloud apps with out-of-the-box content, respond in real time to correlated security incidents and monitor your ZTNA deployment. We’ve worked closely with Zscaler to deliver a simplified integration process, completely overhauled dashboards for ZIA and an all new Sumo App for ZPA to help security teams cost-effectively reduce risk and alert fatigue at the speed and scale required to protect your users and defend your apps from external threats.

At a high level, with these two new apps for Zscaler, you can now:

- Monitor, alert and respond to incidents from across your security stack at scale using cloud-based services.
- Correlate Zscaler Internet Access logs and events with data collected from other endpoint and security machine data to analyze behavioral patterns to identify anomalies and vulnerabilities, as well as the health and performance of your security architecture.
- Audit and monitor your Zscaler Private Access deployments to assure compliance, avoid misconfigurations and maintain uptime for a seamless user experience.
- Correlate blocked and allowed ZTNA traffic events from your Private Access deployments with user data and out-of-the-box threat intelligence for real-time, automated threat detection.
    
    ## How does it work?
    
    ## Collection
    
    Sumo Logic has released separate apps for Zscaler Internet Access and Zscaler Private Access. The process of cloud-to-cloud log collection for each platform is slightly different, so we have provided instructions on how to configure each app separately:
    
    
    - [Collect Logs for the Zscaler Internet Access App](https://help.sumologic.com/07Sumo-Logic-Apps/22Security_and_Threat_Detection/Zscaler_Internet_Access/Collect_Logs_for_the_Zscaler_Internet_Access_App)
    - [Collect Logs for the Zscaler Private Access App](https://help.sumologic.com/07Sumo-Logic-Apps/22Security_and_Threat_Detection/Zscaler_Private_Access/Collect_Logs_for_the_Zscaler_Private_Access_(ZPA)_App)
    
    ## App Use Cases
    
    Let’s walk through some of the key use cases for these two new Zscaler apps for Sumo Logic. While Zscaler Internet and Private Access products are both geared towards securing your digital properties and workforce, the apps for Sumo Logic have slightly different use cases.
    
    ### ZIA
    
    The app for Zscaler Internet Access (ZIA) is primarily a tool for security ops teams, analysts and engineers to monitor, alert and respond to external threats.
    
    #### Anomaly detection for blocked traffic and geographic hotspots
    
    Identifying threats amongst benign traffic distributed across the globe has become a machine-scale problem. Sumo Logic has provided out-of-the-box dashboards that aggregate data from ZIA and perform outlier detection to reduce alert fatigue and provide valuable context to optimize the incident response process. The ZIA overview dashboard provides an excellent starting point for configuring alerts.
    
    
    
    In addition, drill-down dashboards for blocked traffic are included for security analysts to deep dive into specific events.
    
    
    
    #### Traffic Behavior Analysis
    
    Another challenge that arises when attempting to secure modern applications at a large scale is analysis of allowed traffic patterns and trends to identify security events or incidents of interest. The Behavior dashboard analyses these traffic patterns in multiple dimensions with simplified time series visualizations that security engineers can leverage for alerting and response. Users can now easily intuit deviations from normal traffic patterns by user, content type, content category, super category and bandwidth.
    
    
    
    #### File Classification, Threats and DNS Analysis
    
    Detailed analytics and insights on threats is also made available through additional dashboards focused on classification of blocked files, URLs, server locations, threat categories, threat risks and individual transactions.
    
    
    
    To learn more about these three dashboards, see our documentation on ZIA [here](https://help.sumologic.com/07Sumo-Logic-Apps/22Security_and_Threat_Detection/Zscaler_Internet_Access/Install_the_Zscaler_Internet_Access_App_and_view_the_Dashboards).
    
    ### ZPA
    
    The app for Zscaler Private Access (ZPA) is a tool to help IT and Ops teams monitor and optimize their ZPA deployments to ensure a Zero Trust model without affecting user productivity. From a single dashboard, IT and Ops personnel can get immediate visibility into the health and performance of their ZPA deployment.
    
    
    
    #### Connector Health and Performance Analytics
    
    One of the primary challenges in implementing and operating a modern, large-scale Zero Trust Network Access (ZTNA) solution is avoiding end-user disruptions in productivity. If a connector is overloaded with traffic or stops responding, workforce productivity is immediately impacted. The Connector and Performance dashboards for the ZPA app provide operators with detailed analytics and insights into their distributed ZPA deployment.
    
    
    
    Alerts can be configured to alert based on trends in connector performance in order to flag issues before they impact the end-user.
    
    
    
    #### Auditing and User Activity Monitoring
    
    While detailed auditing of any ZTNA deployment is useful, or even required, from a compliance perspective, it’s also an ideal way to track down operator misconfigurations or surface ways to optimize existing configurations based on end-user activity. In order to accommodate these use cases, we have provided an Audit and User Activity Dashboards.
    
    
    
    Monitoring user activity can help drive policy updates or configuration changes based on real-time policy blocks and timeout blocks. We’ve also included a panel that correlates connection details with out-of-the-box threat intelligence to determine potentially malicious connection attempts.
    
    
    
    To learn more about the content made available in the ZPA app for Sumo Logic, see our documentation [here](https://help.sumologic.com/07Sumo-Logic-Apps/22Security_and_Threat_Detection/Zscaler_Private_Access/Install_the_Zscaler_Private_Access_App_and_View_the_Dashboards).
    
    ## Get Started Now!
    
    The Sumo Logic apps for Zscaler Internet and Private Access help security engineers gain visibility across their cloud apps with out-of-the-box content, respond in real time to correlated security incidents and monitor your Zero Trust Network Access deployments. Prebuilt dashboards combined with realtime alerts and correlated threat intelligence make it simple to monitor and identify anomalous activities, vulnerabilities and respond to security incidents.
    
    To get started, check out the Sumo Logic [Zscaler Internet Access](https://help.sumologic.com/07Sumo-Logic-Apps/22Security_and_Threat_Detection/Zscaler_Internet_Access) and [Zscaler Private Access](https://help.sumologic.com/07Sumo-Logic-Apps/22Security_and_Threat_Detection/Zscaler_Private_Access) documentation. If you don’t yet have a Sumo Logic account, you can sign up for a[ free trial](https://help.sumologic.com/Start-Here/02Getting-Started/01-How-to-Sign-Up-for-Sumo-Logic) today.
    
    ## Additional Resources
    
    For more great security-focused reads, check out the[ Sumo Logic blog](https://www.sumologic.com/blog/).
    
    Download the [Sumo Logic Continuous Intelligence Report](https://www.sumologic.com/resource/report/state-modern-apps-report/) that quantitatively defines the state of the modern application stack and the shift in technology used by enterprises adopting Cloud and DevSecOps during the COVID-19 global pandemic.

### Article Tags

- [SecOps &amp; Security](https://www.sumologic.com/blog/secops-security)

Drew Horn

Director, Business Development, ISVs

As a Director of Business Development, Drew is responsible for providing leadership and evangelism for the App Intelligence Partner Program, helping independent software vendors successfully evaluate and integrate the Sumo Logic platform with their solutions.

Drew has over 15 years of experience in IT ranging from early stage startups to Fortune 500 enterprises across engineering, quality assurance, DevOps, customer success, solutions engineering and professional services.

Recently, Drew was the Senior Director of Automation at Applause (a Vista Equity Partners portfolio company) where he spearheaded the GTM strategy, customer success and professional services for their test automation offering. Prior to joining Applause, Drew lead the DevOps team at Amherst InsightLabs, facilitating the delivery and operation of data analytics platforms used to power Amherst’s broker dealer, asset management and single family buyer/renter platforms. Drew started his career in InfoSec, helping enterprise network security software development teams build, test and deliver high quality products. He holds a B.S. in Mathematics from the University of Texas, Austin.

[](https://www.sumologic.com/feed "RSS Feed")[](https://twitter.com/intent/tweet?text=Modern%20security%20ops%20with%20Zscaler%20and%20Sumo%20Logic&url=https%3A%2F%2Fwww.sumologic.com%2Fblog%2Fmodern-security-ops-with-zscaler-and-sumo-logic "X")[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.sumologic.com%2Fblog%2Fmodern-security-ops-with-zscaler-and-sumo-logic "Facebook")[](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fwww.sumologic.com%2Fblog%2Fmodern-security-ops-with-zscaler-and-sumo-logic "Linkedin")

[Previous blog

How to troubleshoot Apache Cassandra performance using metrics and logs in debugging](https://www.sumologic.com/blog/troubleshoot-apache-cassandra-performance)[Next blog

How to monitor NGINX deployments with Sumo Logic](https://www.sumologic.com/blog/how-to-monitor-nginx-deployments-with-sumo-logic)

People who read this also enjoyed

[  

The logs you need to investigate a phishing incident

July 2, 2026

 

 ](https://www.sumologic.com/blog/ai-phishing-logs-you-need)[  

Everything you need to know for a career in cybersecurity

June 30, 2026

 

 ](https://www.sumologic.com/blog/security-analyst-faq-career-cybersecurity)[  

AI across the security lifecycle

June 18, 2026

 

 ](https://www.sumologic.com/blog/ai-across-security-lifecycle)[  

Balance AI innovation and governance with Sumo Logic AI and ML apps

June 10, 2026

 ](https://www.sumologic.com/blog/sumo-logic-ai-ml-apps-governance)

[AI Instructions](https://www.sumologic.com/ai-instructions.md)
