Table of Contents
Table of Contents

Join Cimcor and Zscaler to learn how to strengthen threat detection, secure access, and maintain compliance by combining real-time integrity monitoring with cloud-native security solutions. Explore practical use cases and see a live demo showcasing the integration of these technologies to protect your enterprise from evolving threats.

The webinar can be viewed in its entirety below.

 

Jessica Raguso-Failla  00:00

Good afternoon, everyone. My name is Jessica Raguso-Failla, and on behalf of Carahsoft Technology Corporation, I would like to welcome you to our Cimcor and Zscaler webinar, Beyond Visibility: CimTrak and Zscaler’s Integrated Approach to Zero Trust. 

 

At this time, I would like to introduce our speakers for today's presentation, Robert Johnson, the President and CEO at Cimcor; Mark Allers, VP of Business Development at Cimcor; and Hansang Bae, Federal CTO at Zscaler. With that, I'd like to turn it over to our presenters of the day. Gentlemen, the floor is all yours.

 

Mark Allers  00:40

Thank you, Jessica. Hello. Welcome to the webinar on achieving Zero Trust with CimTrak and Zscaler. I'm excited to be joined by our expert panelist, Robert Johnson, as mentioned, President and CEO of Cimcor, as well as Hansang Bae, who's the Public Sector CTO for Zscaler. Welcome, and thank you both for participating.

 

Hansang Bae 01:03

Thank you.

 

Robert Johnson, III  01:04

Thank you. 

 

Mark Allers  01:07

Zero Trust architecture has become a critical topic in today's threat landscape. Today we'll explore how these two solutions work together to help organizations implement Zero Trust effectively. So, we have a number of panel questions here that I'll just dive right into. And the first one is really focused more on strategic alignment and partnerships. So, this one's for you, Rob. Rob, could you start by giving the audience a quick overview on CimTrak? Specifically curious to know how CimTrak's approach utilizing integrity management helps catch risks that might slip through traditional security tools.

 

Robert Johnson, III  01:50

Thanks, Mark. The CimTrak integrity suite is a cyber security and compliance platform that helps you identify unwanted and unexpected changes to your infrastructure. So traditional tools are needed. They're a critical part of your security stacks, but we believe there's still this glaring gap in folks' cyber security strategy, and to illustrate that, Mark, IBM and Ponemon actually performed a study is often required, referred to as IBM Ponemon report, where they did a study of large companies, organizations that most certainly have the money, the skill and able to make the investments, that have the best tools in place, the right processes in place. And that study unveils this sobering fact, the average amount of time before you realize you've been breached is 204 days. That's what the best of tools, best of breed tools in place. So right now, we're all talking about zero-day attacks, but really, if you think about it, we're kind of looking at it from the wrong frame of reference because it's really a 204-days-ago-attack. 

 

So, it's really saddening, considering it's 2025, and it's really kind of hard to believe this is where we are, but this is what the data shows. But you know what? If you think about it, it becomes pretty obvious that there is a gap. For instance, let me ask just a couple of simple questions. Just think about the most important server you've ever managed in your career. Now imagine that you had all these best-of-breed tools in place, and then some bad actor launched a customized target attack on that asset, and let's say he modified some things. Now, not obvious things like “Joe Hacker was here.” That's not what I mean. I mean, changes that the pros would actually make, changes that are not blatant and not obvious, changes to behavior, the more nefarious changes like back doors or altering configuration changes, or what if it's an OT environment, changing key parameters and set points. These are the types of changes that slip by our current defenses. And this is exactly the type of problem we're trying to solve. This is the reason we have this 204-day problem, and this is exactly what CimTrak helps you identify. CimTrak's mission is to help you identify and have visibility into unwanted and unexpected changes to your systems, to your network devices, to your databases, your active directory, and much more and not get visibility within 204, days. CimTrak’s objective is to provide you with visibility within seconds.

 

Mark Allers  05:01

Fantastic. One quick question: The 204 days, is that a new statistic that has deviated from five days to 204? Or is it more than 204? Give us some context on those 204 days. Is that right the past 10 years?

 

Robert Johnson, III  05:16

Well, believe it or not, over the last 10 years, it's actually gotten worse. At one point, it was 190 days. Then it went up to 201 days, and now it's 204. So, believe it or not, with all the best-of-breed tools and all the advancements that we're making as an industry, we're actually going the wrong way.

 

Mark Allers  05:34

Yeah, hear that quite often. Thanks, Rob. Hansang, I'd love to hear about Zscaler's role in this partnership. How do your cloud-delivered solutions ensure secure access across organizations?

 

Hansang Bae  05:51

Yeah, I think, you know, the first thing I would say is people hear “cloud-delivered” and they say, “Well, I have an SAP on-prem, and so I don't need that,” and that's not it at all. So, cloud-delivered is more a philosophy than anything else. Yes, we have a cloud presence, but it's not, you know, people ask me, “Hey, Hansang, I've been around the block. What's the difference between web hosting and cloud? Are they the same thing, right?” So those of you who remember back in the day, there were companies that did web hosting. Were they not cloud? And what's the difference? And my answer was if you don't use a server and you're still paying for it, that's web hosting. But if you stop paying for it, then it's cloud, right? So, the idea of a cloud, it's a physical infrastructure somewhere operated by somebody dedicated to that. And so that's the difference. However, the biggest difference of that mindset is what Rob just talked about, right? The 200 days or so. Why is that? Because cybersecurity, and security in general, is finding that handful of transactions in a trillion—a tsunami of data. So if you think that a human being can do that on their own, the answer is no, right? And as a troubleshooter, if given the right focus, the right tool, and the right amount of time, yeah, I can find the problem, but not when there's a tsunami of data to sift through. So, the idea of Zscaler from the very beginning was, whatever we're doing, it's not working. The empirical evidence is all the breaches and the attacks that are still to this day, very successful. So, let's try something different, and that something different is it's a location-independent, device-independent and data-independent security, right? Let the security follow the user. Don't make the users come to security to be serviced. And I think, fundamentally, that's what differentiates the cloud-first, Zscaler approach from your traditional security tools.

 

Mark Allers  08:02

Love it. I like that explanation. Hopefully, that'll clarify for anyone who's ever asked that question. Rob, when we talk about Zero Trust these days, everyone has their own take, right? How do you see this partnership strengthening Zero Trust implementation of companies that adopt both solutions?

 

Robert Johnson, III  08:23

Well, Mark to be honest, we're very excited about this partnership because we believe that when companies implement both solutions, CimTrak plus Zscaler, and that they integrate them, what's amazing is I think we can actually solve problems in ways that the industry has never seen before, and I think that's why, you know, we're also just excited about what we're doing. I feel like we're kind of pioneering a new way of thinking about things. You know, in a way, we're taking Zero Trust and Zero Trust strategy, and we're finding a way to make it more fluid and adaptable to changing situations on the ground. So, you know, think about it. Your assets are not static. Systems change. Devices change, and with CimTrak providing Zscaler all the real-time information about key changes in the security posture of assets and organization, now you can make decisions, and this creates this opportunity to dynamically adopt Zero Trust rules at network, network layer, responsive to what's actually happening on the ground. So that kind of paradigm shift that these aren't static sets of rules. These come alive based on what's really happening. And just to me, that's really exciting. You know, just think about fire rules thinking about that mentality. They never change until a human goes and makes the next set of rules. Well, we're saying something. Different now, let's have these Zero Trust rules get activated at the times that make sense. So, it's kind of exciting paradigm. I'm kind of pumped to see where this goes and all the things we can do.

 

Mark Allers  10:14

Fantastic. And Hansang kind of your take too interested to understand the strategic vision behind this partnership, what led to integrating Zscaler’s cloud security platform with Cimcor and its monitoring and compliance capabilities.

 

Hansang Bae  10:32

Yeah, to put it simply, it's to go where Zscaler doesn't go, right. So think of us as Zscaler as an armored Uber service with MRI and X ray machines on board, I'll safely transport you to and from I'll diagnose and look at imaging to make sure that things been tampered with or you not trying to bring in, you know, suspicious material. We do that to the tune of 500 billion transactions a day. What we don't do is the passenger. We're not the passenger word delivery service and protect and protection service. So, the file is changing, users accessing a particular thing that they shouldn't, or changing something on the system that's we don't. So, extending our security boundary, the Zero Trust boundary, farther and farther towards the user and towards the systems, the servers, the application. That's a win, win. So, to me, that's what's exciting, is that customers adopting both can extend the solution farther and farther. Gives them better protection. Better protection leads to less breaches.

 

Mark Allers  11:37

Love that analogy. I'm gonna have to steal that the trademark. Do I trademark now? I like it, though. Thanks. Compliance Rob many of our viewers kind of juggle compliance requirements. How does this integration make life easier for teams that are trying to meet frameworks like NIST 801 71 CMMC or ISO 27001?

 

Robert Johnson, III  12:07

I think I get what you're asking. Our integration actually automates compliance management. So, what we do is we actually leverage CIS benchmarks and just the sticks, these are hardening standards to make sure that systems are configured according to industry best practices. And we use that data to provide insight into users through the lens of whatever compliancy they're interested in, such as CMMC or 801 71 so they can kind of so they can basically understand where they are in their compliance journey, at least from a technical controls perspective.

 

Mark Allers  12:47

So is CimTrak providing the evidence?

 

Robert Johnson, III  12:51

CimTrak is providing the evidence, and that evidence tied with this integration now allows you to do things like activate enforcement rules when certain assets are no longer in compliance with one of those frameworks that you mentioned earlier, or if it's no longer hard and according to cis benchmarks, or just the sticks when, when the sub track detects deviations from CIS benchmarks, or just The stakes or from the compliancy that you're interested in. In this integration, this is our opportunity to send a signal to Zscaler, whether it's the IA or zpa, to actually enforce and activate certain Zero Trust rules. So, looking at its big picture, this automation or in integration, from at least from a compliance perspective, as it reduces the manual effort. And, you know, I'm sure folks would be happy to realize that this is something that can occur 20 hours a day, because humans aren't required, and it helps organizations continuously meet their can their compliance requirements.

 

Mark Allers  14:01

Great. This dovetails to a question for Hansung here: What security gaps can now be addressed together that neither company could fully solve on its own?

 

Hansang Bae  14:15

Yeah, so it's more information, more signals coming from again, things that Zscaler might not have been privy to in the past. So that's a win-win. And I agree with Robert that, you know, the saying that I have is “automate or die”. And so, if in a couple different facets, number one, on the compliance side, everybody over rotates and says, I'm going to do a million things because I want my compliance to pass with flying colors. The problem with a million things is you need artifacts for those million things. And when it's time to pass the audit and someone says, “Show me the receipts,” you're scrambling, like most of us that do taxes coming around the corner. You know, digging through shoe boxes don't work anymore. So having thorough audit automation, everything is time stamped and received and filed away in a place that you can show to compliance that you're doing what you said you're doing. 

 

The other thing is, you know humans. You know, depending on humans at 0300, you know during a change control to remember every single thing again and again and again is a recipe for disaster. You know, everybody in infrastructure knows that Black Monday, you know, weekend you do the change in Monday you're dreading because something's about to break. And my experience, it's always, almost always, change-related, right? So through automation, check out, right? And same thing with compliance, doing that check out, having that receipt, knowing that you can go to bed because the automation fact-checks you and backed you up with everything that you need for compliance and change control, etc. and those are the fundamental blocks of Zero Trust and compliance, not compliance shouldn't be an evil word. I know everybody hears compliance and they go “Ugh compliance,” But trust me, it's there for a reason. It's why, you know airline pilots who've flown 10,000 hours still use a checklist before they take off, right? And so, the one thing I would say is, let's not do the STIG anymore. Let's do a real-time or Arctic. Maybe that's a better word, right? Not one and done, because it's an evolving threat, evolving landscape, and so your threat posture and your STIGs of the world should be able to respond in real-time. And that's what you know the two solutions coming together provides is real-time feedback, real-time enforcement.

 

Mark Allers  16:46

So back to this little bit off-script. So back to Rob relative to the real-time for STIGs and benchmarks. Can you address that real quick? Because Hansang brought that up.

 

Robert Johnson, III  16:58

Sure, sure, we believe CimTrak is probably the easiest way to actually implement that our STIG or basically continuous compliance, leveraging CIS Benchmarks or DISA STIGs, and understanding as your configuration drifts from your expected state. I mean, because that's when you know that gives you the opportunity to actually take action, do something now, whether it's something manual that you take action just to tweak the setting or so or use it to actually enforce actions on the Zscaler side, from a Zero Trust perspective.

 

Mark Allers  17:34

Fantastic. Thanks. Changing a little bit of the topic more towards Oh, sorry, question. Have to ask this question: Has your organization allocated a budget for implementing a Zero Trust stack or solution? And as everyone's answer that, I'll jump to the next question here. We're going to change topics a little bit more into the trust challenges, Zero Trust challenges and solutions. So, Rob, what kind of hurdles are you seeing organizations face when implementing a Zero Trust architecture?

 

Robert Johnson, III  18:10

Well, NIST 800-207, which is basically the official definition of Zero Trust and Zero Trust architecture, they actually lay out seven key tenants of a Zero Trust architecture. Now tenant number five states, “The organization must monitor and measure the integrity and security posture of all owned and related assets.” Now this is this tenant, this thought process you don't hear often in the terms of Zero Trust conversations, do you? And because of that, I think that until now, implementing the integrity component of your Zero Trust strategy has perhaps been the most difficult. There wasn't a great way to tie it into the entire process. And I really that's really the massive paradigm shift in what we're doing here with this integration.

 

Mark Allers  19:06

Fantastic. So, this is a good parlay for Hansang here. In your conversation with customers, what are the biggest challenges around maintaining system integrity, and how does this integration help address kind of those pain points.

 

Hansang Bae  19:24

Yeah, I think the biggest issue is inertia. So, you know, a body in motion stays in motion, right? And it's hard to deviate from that. So that inertia of faith in, hey, nothing's happened so far, the inertia of I have, you know, security is already deployed. It's not like I'm running out there without a firewall. Oh, I have the EDRs. Oh, I have this vendor who says they can do the A to Z of everything. I have VDI. I'm fine. And we can talk about a lot of those things. VDI is kicking the can down the road. VDI takes care of secure access to a terminal, if you will. So, I'll give you that. But what happens after that? They're on the network, right? Once you get inside the VDI, nothing has changed. They have unfettered access, and in fact, now they have 10 gig data center core attached access to their exploitation, right? 

 

So, the idea here is that Zero Trust is a living, breathing thing, but people are very analysis to paralysis mode because there's so many vendors claiming Zero Trust, Zero Trust. So, when you break it down to those pillars that Robert mentioned, it's in the NIH, it's a literal document. And I'm not using that word figuratively. It's a literal document. Don't over-rotate. And also, the other complaint that I see customers face, or challenges they're faced with, is I'm too busy to implement this, and my answer to that in my head is, well, you or your replacement, when you fail, will execute this, right? So, the right Zero Trust solution doesn't have to be onerous, doesn't have to be manpower intensive. And here's a key litmus test, do you have to make a routing infrastructure change? If the answer is yes, that may not be a Zero Trust solution, that may be more along the lines of traditional legacy solution that we have, right? So, because Zero Trust solution isn't about protecting the network, network becomes immaterial. I'm not saying it's not important. Of course, it's important. But again, I say it, you know, it's akin to breathing. We don't think about breathing. No one consciously says, breathe in, breathe out, unless you're at a hot yoga studio. Okay, outside of that, we just do it. But again, if it stops, all hell breaks loose, and you have about 90 seconds before you die. So yes, network is important, but that is the wrong place to focus your security on. The security should be on what device has changed. Investigate that, because it shouldn't have changed. What server has changed. Investigate that because those are the handful of things that you know, tsunami of data. So, we need a way of giving users a hey, come look at this. And we can do that by monitoring the right places at the right time, and it is not the network where you need to monitor, it's the user, the intent, the exceptions, and, of course, the malwares and the phishing attacks. Those are elementary we do that, you know, billions a day. So, I'm not worried about that. It's that human policy and the belief that the security I have is good enough because I haven't been attacked yet, right? So those are the two challenges our customers face.

 

Mark Allers  22:51

And Rob, one thing I hear from security games is the challenge of maintaining visibility across these different environments. How does this integration improve that visibility between cloud and on-prem systems?

 

Robert Johnson, III  23:05

Well, that is a source of anxiety for teams, and it's really no different than anxiety that that parents actually feel. Think about that time you sent your kid off to summer camp, or your son or daughter off to college. You know they're away, and perhaps you in a better environment and something they can grow in which you still worry, because it's not in your immediate environment anymore. They've moved off that on-prem your home into another facility. So, visibility is important. We've all felt it as parents, but, you know IT professionals, security professionals, feel that same level of anxiety as our assets move from all on-prem environments into hybrid or cloud environments. So, CimTrak offers this unified view of integrity across all assets, and Zscaler does as well. So, in both cases, we're able to provide this seamless view, whether it's in the person's home using ZIA, or, you know, in your own data center, or in the cloud using CimTrak, it really doesn't matter. You're able to provide the seamless view of everything that's occurring in your environment, but then, as events occur, regardless of location, now we have this unique opportunity to merge our data and then take action and Actually, finally start adding this level of response and resiliency to our infrastructures, even though our infrastructures are more complex because they are now in many different locations. So, this gives security teams as you indicated, great visibility, but it also provides that rapid response capability across multiple environments.

 

Mark Allers  25:00

So, let me ask a follow-up question now, more into the technical side of the equation: How does CimTrak actually work with Zscaler to enhance that real-time threat detection and response?

 

Robert Johnson, III  25:12

Oh, sure. From a technical perspective, CimTrak integrates directly into ZIA and ZPA, of course, CimTrak, using drivers, a variety other methods can monitor files, configurations, even your compliance posture. But when something unauthorized occurs, or a threat occurs, or as a system shifts away from an authoritative state in terms of say for in terms of compliance, or a stick, as we were just speaking about, CimTrak alerts Zscaler via Zscaler’s, quite robust API, and that is the secret sauce that enables us to provide those updates to Zero Trust, access policies and activate them and activate rules in this dynamic fashion. And that gives, of course, the result is it gives us the ability to block threats before they propagate, limit lateral movements, and help your organization's infrastructure automatically adapt to a dynamically changing threat landscape.

 

Mark Allers  26:24

Fantastic. I do have a couple more questions, and we're going to actually show a demo. So, I think Jessica, do you have to pop up another question here, because we're going to transition into the technical side of the equation here a little bit. So, as people are answering those questions. I'll preface Hansang with a question here, could you walk us through a real-world example? Maybe paint a picture of how an enterprise benefits from having both Zscaler’s, cloud security and Cimcor’s integrity management offering working together?

 

Hansang Bae  26:59

Yeah, you know before for the audience here, before the webinar started, we were joking and talking about how much a fan of Star Trek I am. So let me tie that into the webinar. Imagine that something on a web server or router or firewall, or some on-premises device, some signature changes, okay? And it's suspicious. I don't know quite yet what it is, but I know something changed, and it shouldn't have changed. What if I just said “Shields up,” right? Like Captain Kirk used to say, “Shields up!” Okay? And my shield’s up is instantly in real-time. Nothing static about this. Everybody gets browser isolated to on-premises or cloud-facing, web-based applications. So, the shield’s up is you can still look, in fact, depending on what group you're in, in Active Directory or AD or IDP, some of you may, out of necessity, have read-write access. Some of you may only have read access. Some of you might have different so we can have very bespoke, granular rules for different groups. But the idea is something fishy happened. Let me go to shields up and then figure it out. We can do that today using the integration that between Cimcor and Zscaler have, and that alone is huge. The next zero-day vulnerability is going to have something to do with log in, with web access, the browser, etc., right? We can probably figure out that, because that's the most common use case these days, and that's the most common vector. So, when that happens, can you go shields up? And if the answer is no, you should come talk to us, because we can provide that capability.

 

Mark Allers  28:45

Again, I’d like to steal that one too. Shields up.

 

Hansang Bae  28:49

10 cents royalty

 

Mark Allers  28:50

I like it. And then, Rob, how specifically can security teams leverage this automated remediation and response with this joint solution.

 

Robert Johnson, III  29:06

Well, security teams can leverage it really in terms of just immediate corrective actions or actions to prevent additional movements or actions by bad actors. So, it literally is that shields up philosophy. So if think, for example, if CimTrak detects noncompliance or unauthorized file changes, or say, a new unexpected user is added to Okta or privileges have been changed in some way for an existing IDP user, CimTrak would detect it right away, and then Zscaler is what we use to restrict that access, isolate endpoints, quarantine systems, until the issue has been remediated, all without manual intervention. And on top of all that, CimTrak maintains that audit trail with forensics, as Hansang mentioned earlier, “the receipts” of all of all those changes so and that becomes just the perfect starting point for an investigation.

 

Mark Allers  30:09

Good. And how do your micro segmentation capabilities complement? Just like what Rob was discussing, there about CimTrak’s integrity monitoring kind of to create that robust Zero Trust environment.

 

Hansang Bae  30:25

Yeah. So, you know the idea is that going back to the Zero Trust conversations, this may be a little bit of a controversial statement, but there's no such thing as Zero Trust. If someone's going to do you harm, someone's going to do you harm. Our job is to reduce that blast radius to nothing burger, instead of the entire casino shutting down, instead of the entire hospital shutting down, instead of the entire pipeline shutting down, instead of the entire database being shut down. I could just go on and on and on. So how do we do that? We do that by micro-segmenting everybody. Remember that armored Uber service that I talked about? What if every transaction by every user to every application was done via that armored Uber service? If one we detect one armored Uber service as being compromised, 99.9% of the folks are fine. Why? Because they didn't have lateral movement because you're not using the network. You're going through the network. But again, you're sitting in an armored Uber. You don't know how you got there. You don't care how you got there. You just know that you got there securely. So again, the micro-segmentation isn't about a granular access list. It can't be done at the IP address or TCP ports. Why? Because there is no field in TCP header. There is no field in an IP header or protocol number that says identity, that says application, it doesn't exist. So, we have to do it elsewhere. And if you micro-segment, meaning every user, every application, gets an HOV lane on demand and is inspected on demand in real-time. You can create that micro-segmentation. Otherwise, you're going to be trying it at every network solution. I've tried them all, and you may be able to do it once, but within 10 minutes, it's outdated because some new application needs or some users need different access, so it's operationally impossible. So that's the other good lesson on Zero Trust is that the operational burden, it's one thing to build, it's another thing to maintain that operational burden significantly reduces with the right Zero Trust solution.

 

Mark Allers  32:39

Love it. So, let's do this. Let's dive into a demo. Nothing's better than the you know the proofs in the pudding here, right? So, Rob, I'm going to turn this over to let you take control of the screen, and we'll show you what we've been discussing.

 

Robert Johnson, III  32:56

Sure. All right. Thank you, Mark. All right. So again, CimTrak identifies unexpected and unwanted changes throughout the enterprise. So, it is Active Directory, IDPs, servers, network devices, and it has several different modes for doing that, whether it's just logging that something happens, or stopping—even blocking certain changes from occurring to some of your critical systems. And we could even take a more aggressive approach, where, as something changes that we don't expect, we can actually fix it automatically and change things right back to how it was, how it was so, and setting all of that up with our product CimTrak is very simple. It was designed to be very simple and easy to use. So, imagine that someone went and modified, they actually deleted all of those files, or say they were encrypted. CimTrak would literally bring all these changes right back to how it was. Or here, we're adding a virus CimTrak detects it and removes it out of your system, or said, we just can open the file, modify it, or delete it content from a file within a second CimTrak changes that file right back to how it was now, after that, when we switch over to the management console, you'll see all the forensic information, all the receipts, exactly what occurred, whether it was modified, what was modified, who made to change, even the process that made to change. And then we can analyze it using something such as Virus Total or other threat solutions to actually identify if it's been identified as a threat by one of those other solutions. Now ZIA, this is where things get very interesting. Imagine we take the power of what you just saw in terms of detecting a change right away and then reacting inside a CimTrak, but imagine we blend that with Zscaler, a new set of possibilities occur. When that occurs. It's easy to set up by just adding API key in to CimTrak for ZIA, select what on your assets you like to monitor? Create a rule saying in Zscaler, if I detect a change, I want to trigger a particular rule in Zscaler. When that occurs, you just lock which is establishing the policy. And you can see the policies in Zscaler here. From that point on, let's add a virus and see what happens. What we'll see is that, in this case, CimTrak detected that virus, but then activated a policy in Zscaler directly, because we can see it's a threat. And when that policy is activated, what we can do is isolate, for instance, access, and this is a Zscaler browser isolation screen, because once that virus is there, it was compromised. Or limit access to different sites, or even block access to different apps or different websites. Now we can do the same thing for in terms of integrity, for ZPA and ZIA, and we can take it a step further in terms of compliance. Just think about DISA STIGs or CIS benchmarks if you have a Zero Trust network, and say you're using ZIA to allow folks on board to your into your network, if your system, if say it's a laptop or remote system, if it's no longer stick no or no longer meeting the requirements of CIS benchmarks, basically, it's not hard anymore. Doesn't meet your standards for your organization. Question is, should it still be able to access your Zero Trust network, even using ZIA? Does it make sense to onboard that system into your network? This is the type of rule that we're able to activate now and leverage using the ZPA and ZIA compliance monitoring. Now we're going to shift gears a little bit. So far, we've been speaking solely about changes to assets, whether it could have been a network device or database, or IDP cloud infrastructures. But now I'm going to have you think about something different. Zscaler is a large, very powerful, and extensive SaaS platform. And every aspect of Zscaler has a has a variety of settings that give you the power to implement all of those Zero Trust rules. Question is, do you have an audit trail, or do you have clear documentation for how your ZPA or ZIA environments have been configured? And do you know exactly when it's changed? And that's what we can also provide. We can actually monitor the ZPA and ZIA configuration itself. So, let's and it's very simple for us to do. Same easy steps. We make it very easy to monitor. Once again, we just enter the ZPA credentials, and in this case, these are all the types of settings that you have, that you have available in ZPA. Once you lock, which is us enabling a policy to monitor it, then it’s active. Well, let's go in and we're going to actually delete an application segment from ZPA. CimTrak will detect that, and we can actually view and see the Cimcor web application segment was removed, and we have the entire history of not just that, but all of the configuration settings within ZPA and reports to provide your history and audit trail the receipts of all that's happened in that environment. And we can do the same thing in ZIA. Same basic steps. And that's the key to CimTrak, is consistency. You monitor everything in exactly the same way. So, if you can monitor ZPA, you can monitor ZIA, the same steps, enter your API key, pick which of the configuration groups you would like to monitor for, enable the policy, and this is a very quick step. And then from there, we're going to go in and we're actually going to delete a user from ZIA. I'm ZIA, you can see it's been effectively deleted from ZIA. And if we switch over to CimTrak, we can see that this user has been deleted, as you can see, Gordon, Gordon Freeman has been removed from ZIA, along with all of the settings that were associated with that user. So again, all the every single setting in ZIA you have an audit trail for. And here is a list of all the configuration settings or groups of settings that we monitor both in ZPA and ZIA. And you can see it's quite extensive. I mean, Zscaler is such a powerful platform, so whether it's certificates in a certificate control or ZPA, or the micro tenant information or policy information or rules in ZPA, you’re covered, and you can understand what's happened over time. You have the audit trail, exactly what the settings were. Or in ZIA, same story. If your DLP rules have changed, or device screws or forwarding rules or traffic forwarding rules or policies, you will understand and have a log of all of the changes that were made to that ZIA environment. So incredible power here. This was also really great for meeting the requirements of 800-172 which requires government and federal organizations to have an audit trail and a log of all the settings that were in place for their SaaS applications.

 

Mark Allers  42:37

Okay, all right on son, anything to add to that, before I ask my kind of my last two questions here.

 

Hansang Bae  42:45

Yeah, I’d like to request a feature change. Just a “Shields Up” button would be great again. But I think what we saw was there's an external threat, right? Zscaler got you covered. Don't even bring it on-premises. What about the insider threat? That's a huge, so what you saw was an attack from the inside of either. Think about the ZIA model, not the Intel side, but confidentiality, integrity, availability. Availability doesn't get as much spotlight as the other two, and here deleting a user that impacts availability, and that's an insider threat, and being able to recover from that very, very quickly. Again, somebody is taking that handful of bad transaction in a tsunami of transaction and brought it surface that up for you and say, Come, take a look at this. I think that is incredibly powerful.

 

Mark Allers  43:42

It’s kind of like burning the hay to find the needles. That's right, right? So last couple of questions here, because we're getting to the end of our we have a polling question here, and so while you guys answer that, deployment and implementation. Rob, what does the integration look like for companies already using Zscaler or CimTrak? Are there certain deployment approaches you typically recommend?

 

Robert Johnson, III  44:08

Sure. Well, first of all, CimTrak is designed to be simple to use, and easy to deploy. And that doesn't, of course, mean that the product is, is simple in nature, it’s extremely complex. The challenge is taking something very powerful and finding a way to expose this capability in the simplest way possible. So, there's an art to that, and we think we've mastered that with CimTrak, so simple to use, easy to deploy, but in a similar fashion, CimTrak and Zscaler users can quickly integrate via the API connectors. As I mentioned earlier in the video, it is just an API key, and then we can start the integration process. You mentioned deployments. We typically recommend phase deployments because you can't boil the ocean many times in some organizations. So of course, what you would like what the ideal scenario is, to start with your most critical assets, and you will know what those are, and often those are defined inside of your risk analysis for your organizations and your business continuity plans. So, you would like to start with those critical assets and then incrementally expand your coverage. So, you know, this is also just an opportunity. This is a chance, finally, a chance for things, for teams, to think a little bit differently about how they respond to material threats in your organization. It's to rethink your response plan, and also, it's a great chance to say, for instance, you're using Zscaler already. It's an opportunity to create some new rules, unlock some new actions and capabilities in Zscaler that perhaps before, you weren't sure that you understood the right times to activate those capabilities. Well, now you can follow that shows-up methodology, and just at the right time, implement these new capabilities or these new rules that are at a greater level of strictness and leverage that power in your investment in Zscaler and at a greater level than ever before.

 

Mark Allers  46:24

So, you just brought up a couple things about around data sharing so on some what kind of API connections exist between Zscaler and CimTrak, and how do you ensure that data remains secure?

 

Hansang Bae  46:45

Sorry, amateur move there. There's other what I was saying was there's a two-part answer to that. One is on the vendor side. This is a litmus test that I'll you know for all you watching, every vendor will say, yes, we have restful, we have JSON. I get it the key. That's not the question to ask. The question is, is it a published API? The thing about being published is that once we publish an API, we can't change things willy-nilly, right? Because people have written rules around it. So, every vendor, trust me, has APIs and JSONs of the world, restful, whatever it may be, that's not the question. The question is, how much of it is published? So, we have extensive catalog that allowed the integration to happen. The other answer is, I go back to again, is this is your chance to automate or die, right? Those are your only two choices. You have to automate. Get that handful of transactions to bubble up quickly. And you saw that in the demo. And, you know, there was a question I just peeked at the Q&A - one question, where is the overlap, and how does it, you know, between CimTrak and Zscaler solution? And the idea, I'll give you a perfect example, I can't check for logic changes if you deleted something. Maybe that's what your job is. And how would Zscaler know, but CimTrak, Cimcor would know, right? So, this idea is the biggest problem that faces cybersecurity. Is a logic change, because something being on, something being off, something being deleted, something being not deleted. Those are logical changes that may happen as part of normal duty cycle, except when CimTrak says you're not supposed to change this, then it's no longer a logic change. It's a forbidden action, and I can do Shields Up, right? So that's where both solutions complement each other so well, because we extend that defensive perimeter to every user, every device, every application, and of course, we have the armored Uber. So don't worry about the network and the infrastructure.

 

Mark Allers  48:50

It's like creating a closed-loop environment, so to speak, for risk and change associated to that device.

 

Hansang Bae  48:58

Yeah, a closed-loop solution that actually works and is simple to implement, as opposed to a closed-loop system that you have to babysit, monitor, look for drips, do the plumbing, and do the fitting, and put the pressure valve on. Closed-loop systems are not easy to do unless you have the right solution. So I would say that is a difference between a closed-loop that works and, again, at being an engineer, it's hard to make something simple, and so I think the demo that you saw from Robert showed how simple things can be and hides the complexity for the end users.

 

Mark Allers  49:32

Now you guys for that response; that's good.

 

Robert Johnson, III  49:35

You guys both have spoken about closed-loops, and I think one key component of a closed-loop is its SIEM system, some ticketing systems, such as ServiceNow or Jira because that provides this form of documentation of what the intent is in your organization for changes and I and one thing I like to bring up is that CimTrak integrates to a variety of its SIEM system. Items, so this less is leverage ServiceNow, or JIRA, BMC, you know, BMC Remedy and others as this inflection point to understand more of the logic that Hansang spoke about. Should this change occur? Is this a window where changes should be occurring or not, and then reconcile what's happening to one of those tickets, or perhaps it's an incident, and that's one of the ways you can know as part of this closed-loop process.

 

Mark Allers  50:32

So, am I correct in assuming Rob that by flipping this model around? You know, everything that's good, and then everything else is managed by exception, as Hansang has mentioned before, is it's we're burning the hay off to find the needles. Is that a fair assessment? 

 

Robert Johnson, III  50:48

That's exactly right. You know, when you can take all of these tools and say you're integrating CimTrak and Zscaler and its ITSM system, what you're doing is you're also better leveraging your investment. Because when you connect all three of these tools together, and perhaps you tie into SIEM, when they're all truly integrated, that's when you start to really leverage and identify the value of each one individually. You know, of course, they have their value propositions, but it's more of a challenge for organizations to figure out what's the synergy, what's the synergistic opportunity when these great tools intersect, and I think this is a great example, or that synergistic opportunity that organizations can take advantage of.

 

Mark Allers  51:36

And it goes without saying, Rob, that one of the things that Hansang has said is automate or die, right? Everything that we've been discussing relative to this integration, as well as what you just brought up with ITSM vendors, ServiceNow, GR, BMC, that process is also automated through the change reconciliation change approval process that enables this closed-loop environment to essentially happen in a real-time manner and automated in a simple fashion, is that correct? 

 

Robert Johnson, III  52:12

That's vertically on point. That is absolutely correct. 

 

Mark Allers  52:17

So, we're sitting with four minutes left here. I would I did have one last question about the future roadmap, but maybe that'll be a separate conversation for both of you guys at some later date and time. Here, what I'd like to do is open it up for any additional Q&A, and I have one last little thing that I'll address here; thank you both for sharing your expertise today. For everyone attending, we're offering this special opportunity for a fully supported 30-day proof-of-value of CimTrak at no cost to help you see the solution in action in your own environment. This includes complete technical support to ensure that you get the most out of the valuation. So, I just want to preface that by saying, thank you for everyone joining the call here, and we'll open it up for Q&A. 

 

Jessica Raguso-Failla  53:29

Okay, so please feel free to use the chat box or the Q&A box at the bottom of your screen, but I do see a couple of questions in here. One of them might have been addressed already, but which areas of the Zero Trust framework does Zscaler fit in well strongly without duplicating the function of CimTrak, which will make sense for consideration for going in for both CimTrak and Zscaler as Zero Trust architecture partners.

 

Hansang Bae  54:04

Yeah, and we addressed this, but just to elaborate with a few more points is that Zscaler, again, we are data-independent and application-independent. We provide protection that way. We don't know what's supposed to happen on the server. We don't know if EXEs been etc., files have been modified. Could we do it? Yeah, but you know, I call that the can code problem. It can be done. It could be done with DLP policies and whatnot, and operationally impossible to do it, right? So why bother with that? Instead, use a dedicated tool like CimTrak and let it work. So, this is in a journey of an application and users double click on something that the device needs protection. We have EDR and also CimTrak watching those critical file system. Zscaler takes our maneuver service, we take you securely without with micro-segmentation built into that application. Again, extend that perimeter by monitoring the critical file systems of that server application data, and that is the true life of journey of every application of every user. And you have it all covered, and we have receipts. Both companies have robust and robust log capabilities that you can pass with your compliance and audit with flying colors. And the one final thing, I'll say everything that we talked about, Robert and the change control and ITSMs of the world. If the leadership does not dictate, if you make an unauthorized change and you bypass change control, you're fired without that draconian rule; people will find every excuse to circumvent the guard rails that you put in. So again, it comes down to a human being the weakest point. And it does take leadership to put their foot down and say, we are going to follow the process. And it may be rocky at first, but it will smooth itself out of necessity. So do that; otherwise, you'll be forever chasing a ghost.

 

Mark Allers  56:04

Well, thank you very much. I think that's a good comment and that we will end on so. Hansang, I really appreciate your participation in this. And Robert, thank you very much. We will get this presentation out to everybody that attended, and thank you again for your participation.

 

Hansang Bae  56:26

Absolutely. Thank you. Bye. 

Tags:
Zero Trust
Lauren Yacono
Post by Lauren Yacono
April 1, 2025
Lauren is a Chicagoland-based marketing specialist at Cimcor. Holding a B.S. in Business Administration with a concentration in marketing from Indiana University, Lauren is passionate about safeguarding digital landscapes and crafting compelling strategies to elevate cybersecurity awareness.

About Cimcor

Cimcor’s File Integrity Monitoring solution, CimTrak, helps enterprise IT and security teams secure critical assets and simplify compliance. Easily identify, prohibit, and remediate unknown or unauthorized changes in real-time