Integrating the Zscaler Platform with D3 Smart SOAR enables rapid orchestration of firewall actions to protect users, endpoints, and data, no matter where they are. With Smart SOAR, threat intelligence and uncovered IOCs can be turned into Zscaler updates via automated playbooks, with no screen-switching or manual data entry required.
When a potential phishing email is detected, Smart SOAR strips out all of the elements for analysis, including the URL of any links in the email. The elements are checked against threat intelligence and historical incident data and given a risk score. If any URLs are found to be malicious, Smart SOAR can blacklist them in Zscaler, directly from the automated playbook. The playbook will also orchestrate any other necessary tasks across the security infrastructure, such as blocking the sender’s domain, deleting the email from inboxes, and scanning for any other affected endpoints.
Updating firewall Allowlists and Denylists to respond to new threat intelligence or internal policies can be a time-consuming process. When done manually, Allowlists and Denylists usually need to be updated one-by-one. When a Zscaler user needs to make bulk updates to their firewall rules, they can run an automated playbook in Smart SOAR to make all of the updates at once, including assigning URLs to categories within Zscaler.
