CrowdStrike and Zscaler Private Access Integrated Lab

WWT's ATC CrowdStrike and Zscaler Integrated lab exists to showcase the integration between CrowdStrike's Falcon Platform, Zscaler Private Access and Zscaler Client Connector through relevant use cases. It seeks to showcase how the integration delivers users secure, conditional access to applications based on granular access policies while giving administrators a real-time view of a device's security posture.

The CrowdStrike Falcon platform is a cloud based solution that provides valuable insights regarding the individual processes, files and behaviors on endpoint devices. Also leveraged in this lab Zscaler Client Connector (ZCC)  is an application that users have installed on their endpoints which enforces security policies and access controls. Finally Zscaler Private Access (ZPA) is used to create the security policies to provide zero trust access to internal corporate applications by applying the principles of least privilege to give users secure, direct connectivity while eliminating unauthorized access and lateral movement.

You will access the environment using a Windows-based jumphost, from which you can browse web consoles, open RDP/SSH sessions, etc. (see Lab Topology). 

The purpose of this lab is to help you develop proficiency in navigating the CrowdStrike UI and get hands on experience with the integration between CrowdStrike Falcon and Zscaler Client Connector. The lab guide provides a flexible framework for evaluating the integration and its behavior in a sample customer environment.

The lab environment allows you to:

• Login to the CrowdStrike Falcon cloud-based platform.
• Navigate the CrowdStrike consoles interface, alerts and workflow.
• Test conditional access with CrowdStrike Sensor.
• Test conditional access with CrowdStrike ZTA score.
• Access to the entire lab environment.

Software

• CrowdStrike Falcon
• Okta (Single Sign On)
• Zscaler Client Connector
• Splunk log collector
• ElasticSearch
• Palo Alto VM-Series firewall
• Active Directory (w/DNS)

Hardware

• 1x Windows Jumphost (Windows Server 2016)
• 4x Windows 10 Clients (Windows 10 Enterprise)
• 1x Windows 7 Client (Windows 7 Enterprise)
• 1x Red Hat Client (Red Hat Enterprise Linux 7)
• 1x Elastic Server (Ubuntu Server 18.04)
• 1x Splunk Server (CentOS 7)
• 1x Nessus Scanner (CentOS 7)
• 1x ZPA Connector (CentOS 7)
• 1x Attack Client (Kali Linux)

Technologies

• CrowdStrike Falcon platform
• Zscaler Client Connector
• Zscaler Private Access