Human error is a leading cause of security breaches. Whether it’s phishing or hidden malicious payloads on suspicious sites, users will continue to make errors in judgment unless they receive real-time, continuous, and effective coaching, complete with justifications and alternative guidelines. This approach not only enhances awareness but also boosts productivity.
A key initiative for security operations teams is delivering continuous security training for everyone in the organization. Continuous coaching helps reinforce positive behaviors and best practices, providing real-time feedback and guidance. This immediate intervention allows employees to correct mistakes on the spot and adopt safer online habits, fostering a security-first culture within the organization. By correcting users when they attempt to visit risky sites, convert sensitive data formats, or upload sensitive data to the cloud, real-time security alerts have enabled the CISO team to significantly enhance the employee security posture. This helps companies not only stop threats before they cause harm and keep sensitive data safe in today’s risky digital landscape but also provide time back to the SOC teams to focus on other priorities. If you haven’t already, it might be time to check if your security tooling offers these kinds of instant pop-ups—they could be your first line of defense!
Understanding End-User NotificationsZscaler has comprehensive inline and out-of-band coaching frameworks. The inline notifications are primarily used for real-time custom notifications to coach the violating user on violations against URL filtering, cloud app controls, cloud app activity controls, and DLP notifications for web inline and endpoint DLP policies with justification. The out-of-box coaching framework includes workflow automation, and a custom alert is sent to the violating user’s email, Slack, or Teams messages, and to their manager or assigned escalation path based on the severity of the incident.
Let’s discuss the inline coaching that is delivered by browser-based and client-made notifications. You can build a default inline notification into your global configuration that makes it easy to push out everywhere; you can also use template-based notifications to attach specific customized messages to individual policies.
Common Use Cases
Recommendations
Caution Access with URL filtering policy for Miscellaneous or Unknown categories
Caution notifications are great for coaching users who attempt to access non business sites during initial deployment, or to notify users of upcoming changes to access policies.
Isolation further reduces device interaction with likely risky sites, bringing proactive posture controls that reduce client-side risks associated with outdated or vulnerable browsers.
Block notifications for outdated or vulnerable browsers.
Enforcing the use of secure browsers reduces client-side infections. It is critical to block old versions of Edge, Firefox, Chrome, Opera and Safari for managed devices with the ZCC client.
Custom Quarantine notification when the Sandbox is processing an unknown file for final verdict
This informs users that they may need to wait for a possible malicious file verdict. You can deploy Sandbox Quarantine with Isolation and AI Instant Verdict to provide instant, de-risked access (via a sanitized, flattened file) while the original file is under the Sandbox analysis process.
Block or caution notifications for using Public LLM for AI/ML Categories
The user can be cautioned or blocked using cloud app controls and guided to predefined, sanctioned apps for compliant access and data control.
Caution or block sensitive file uploads to unsanctioned applications based on DLP policies.
Block or caution users regarding sensitive data uploads to personal applications or other unsanctioned instances or applications, including applications that might not support HTML rendering for browser-based notifications.
Browser and/or client block notifications for Malware violations
Use browser-based block notifications to inform users of malware policies. Client block notifications are very helpful for non-web applications like Slack, or API applications like Google Drive downloads
Custom block notifications for Internal Applications for specific FQDN, path, or URL filtering-based criteria controls with ZPA
It is critical to log requests to private applications, perform SSL inspection and apply anti-malware controls to application traffic, and prevent exfiltration of sensitive data.
All these customizations can be created for ZPA traffic with ZIA-based notification templates.
Endpoint DLP notifications with justifications
Notify users of Allow or Block for endpoint DLP channels including Network Shares, Personal Cloud Storage, Printing and Removable Media. Each of these is configurable per policy using templates.
The default option today is to ask the user to Confirm their action.
Example of a browser-based block notification a user would receive when using an unsanctioned AI app
Example of an endpoint DLP notification when a user attempts to transfer sensitive data
Example of a client-based notification a user would receive when downloading from personal storage
Example of a browser isolation notification when the end user attempts to visit a risky website
Workflow Automation and API AccessLet’s review the out-of-band alerting for policy violations connected with APIs for Posture, Malware, and DLP controls. Workflow Automation is an application that enables governance admins to automate the management and resolution of Data Protection incidents, Business Insights events, and ZDX alerts within their organization.
Zscaler Internet Access (ZIA) captures the Data Protection incidents generated from the DLP policies defined in ZIA.
To assist with the review and remediation process of incidents on the Incidents page, Workflow Automation utilizes workflow management features. Admins can use these features to:
Notify the end user involved in an incident, requesting justification for the incident.
Escalate the incident to an end user’s manager or another approver, requesting justification.
Zscaler Digital Experience (ZDX) generates enriched tickets for different events triggered when the predefined threshold for alert rules defined in ZDX is reached.
By utilizing all the ZDX alert features provided in Workflow Automation, admins can proactively monitor end-user experience and productivity metrics that might fluctuate due to device and network issues within the organization.
This application also aids them in taking necessary steps to resolve and improve end-user performance.
Business Insights manages the usage of the SaaS application licenses provisioned to end users.
This integration also provides the capability to group individual events into event groups and assign priorities to these groups. Admins can configure workflows in Workflow Automation to notify the end user about the event regarding their unused application licenses, request justification, and create a ticket in ServiceNow to deprovision the users based on their response.
Common Use Cases
Remarks
Saas API connectors can send direct messages to users violating DLP policies
For Slack, the custom Slack bot notifies the users.
For Microsoft Teams, the Microsoft Teams bot notifies the users.
For Webex Teams, the custom Webex Teams bot notifies the users.
Workflow automation can send an email, Slack, or Teams message to the violating user and their manager to inform and get justification for incident management
Admins can view and remediate data protection incidents that have occurred in their organization. The users, managers, and approvers respond to the actions (e.g., notify user and escalate) generated by a workflow in the same way as if those actions were manually performed by an admin on the Incidents page or Incident Details page.
Posture Controls for Connected Apps
Admins can initiate an end user review for all users or individual users of a connected app. Depending on the platform (e.g., Google), access to the app can be automatically revoked. For example, if an individual user confirms the app is not in use and the platform supports the Revoke action, individual user access is automatically revoked.
Example of an app access review notification
Example of a Slack-based DLP notification
The Importance of Continuous Real-Time Coaching for Compliant Internet AccessStaying Updated with Regulatory Compliance
Compliance regulations like GDPR, HIPAA, and CCPA are dynamic, often undergoing revisions and updates. These regulations enforce strict data protection and privacy standards, with heavy penalties for non-compliance. Real-time coaching ensures that employees are consistently updated on the latest compliance requirements and best practices, greatly minimizing the risk of accidental violations.
Resolving Issues Promptly
When employees face a security or compliance issue, immediate intervention is essential to prevent potential breaches or violations from worsening. Real-time coaching offers the necessary guidance, enabling employees to make informed decisions swiftly. This proactive approach significantly strengthens the organization’s overall security stance.
Enhancing Productivity
Real-time coaching enables employees to quickly address issues and proceed with their tasks, reducing downtime. This prompt support alleviates frustration and boosts productivity, allowing employees to concentrate on their primary duties while ensuring compliant internet access.
Cultivating a Proactive Security Culture
Continuous real-time coaching promotes a proactive security culture within the organization. Employees become more alert and proactive in recognizing and addressing risks. This cultural transformation is vital for building a resilient organization that can adapt to new threats and regulatory shifts.
The Bottom Line: Real-Time Alerts Are Crucial!In the digital age, proactive security and compliance measures are essential. Continuous real-time coaching plays a critical role in achieving this. By ensuring that employees are consistently equipped with the latest knowledge and tools, organizations can securely and compliantly navigate the complex internet landscape. Investing in continuous coaching not only enhances the security posture but also ensures regulatory compliance and cultivates a culture of vigilance and resilience.
In conclusion, the path to secure and compliant internet access is continuous. Real-time coaching is not merely a necessity; it is a strategic advantage that enables organizations to remain proactive and adaptive in an ever-evolving digital environment.
For more information on how to configure End-User Notifications within Zscaler, please see our help documentation.
[#item_full_content] [[{“value”:”Human error is a leading cause of security breaches. Whether it’s phishing or hidden malicious payloads on suspicious sites, users will continue to make errors in judgment unless they receive real-time, continuous, and effective coaching, complete with justifications and alternative guidelines. This approach not only enhances awareness but also boosts productivity.
A key initiative for security operations teams is delivering continuous security training for everyone in the organization. Continuous coaching helps reinforce positive behaviors and best practices, providing real-time feedback and guidance. This immediate intervention allows employees to correct mistakes on the spot and adopt safer online habits, fostering a security-first culture within the organization. By correcting users when they attempt to visit risky sites, convert sensitive data formats, or upload sensitive data to the cloud, real-time security alerts have enabled the CISO team to significantly enhance the employee security posture. This helps companies not only stop threats before they cause harm and keep sensitive data safe in today’s risky digital landscape but also provide time back to the SOC teams to focus on other priorities. If you haven’t already, it might be time to check if your security tooling offers these kinds of instant pop-ups—they could be your first line of defense!
Understanding End-User NotificationsZscaler has comprehensive inline and out-of-band coaching frameworks. The inline notifications are primarily used for real-time custom notifications to coach the violating user on violations against URL filtering, cloud app controls, cloud app activity controls, and DLP notifications for web inline and endpoint DLP policies with justification. The out-of-box coaching framework includes workflow automation, and a custom alert is sent to the violating user’s email, Slack, or Teams messages, and to their manager or assigned escalation path based on the severity of the incident.
Let’s discuss the inline coaching that is delivered by browser-based and client-made notifications. You can build a default inline notification into your global configuration that makes it easy to push out everywhere; you can also use template-based notifications to attach specific customized messages to individual policies.
Common Use Cases
Recommendations
Caution Access with URL filtering policy for Miscellaneous or Unknown categories
Caution notifications are great for coaching users who attempt to access non business sites during initial deployment, or to notify users of upcoming changes to access policies.
Isolation further reduces device interaction with likely risky sites, bringing proactive posture controls that reduce client-side risks associated with outdated or vulnerable browsers.
Block notifications for outdated or vulnerable browsers.
Enforcing the use of secure browsers reduces client-side infections. It is critical to block old versions of Edge, Firefox, Chrome, Opera and Safari for managed devices with the ZCC client.
Custom Quarantine notification when the Sandbox is processing an unknown file for final verdict
This informs users that they may need to wait for a possible malicious file verdict. You can deploy Sandbox Quarantine with Isolation and AI Instant Verdict to provide instant, de-risked access (via a sanitized, flattened file) while the original file is under the Sandbox analysis process.
Block or caution notifications for using Public LLM for AI/ML Categories
The user can be cautioned or blocked using cloud app controls and guided to predefined, sanctioned apps for compliant access and data control.
Caution or block sensitive file uploads to unsanctioned applications based on DLP policies.
Block or caution users regarding sensitive data uploads to personal applications or other unsanctioned instances or applications, including applications that might not support HTML rendering for browser-based notifications.
Browser and/or client block notifications for Malware violations
Use browser-based block notifications to inform users of malware policies. Client block notifications are very helpful for non-web applications like Slack, or API applications like Google Drive downloads
Custom block notifications for Internal Applications for specific FQDN, path, or URL filtering-based criteria controls with ZPA
It is critical to log requests to private applications, perform SSL inspection and apply anti-malware controls to application traffic, and prevent exfiltration of sensitive data.
All these customizations can be created for ZPA traffic with ZIA-based notification templates.
Endpoint DLP notifications with justifications
Notify users of Allow or Block for endpoint DLP channels including Network Shares, Personal Cloud Storage, Printing and Removable Media. Each of these is configurable per policy using templates.
The default option today is to ask the user to Confirm their action.
Example of a browser-based block notification a user would receive when using an unsanctioned AI app
Example of an endpoint DLP notification when a user attempts to transfer sensitive data
Example of a client-based notification a user would receive when downloading from personal storage
Example of a browser isolation notification when the end user attempts to visit a risky website
Workflow Automation and API AccessLet’s review the out-of-band alerting for policy violations connected with APIs for Posture, Malware, and DLP controls. Workflow Automation is an application that enables governance admins to automate the management and resolution of Data Protection incidents, Business Insights events, and ZDX alerts within their organization.
Zscaler Internet Access (ZIA) captures the Data Protection incidents generated from the DLP policies defined in ZIA.
To assist with the review and remediation process of incidents on the Incidents page, Workflow Automation utilizes workflow management features. Admins can use these features to:
Notify the end user involved in an incident, requesting justification for the incident.
Escalate the incident to an end user’s manager or another approver, requesting justification.
Zscaler Digital Experience (ZDX) generates enriched tickets for different events triggered when the predefined threshold for alert rules defined in ZDX is reached.
By utilizing all the ZDX alert features provided in Workflow Automation, admins can proactively monitor end-user experience and productivity metrics that might fluctuate due to device and network issues within the organization.
This application also aids them in taking necessary steps to resolve and improve end-user performance.
Business Insights manages the usage of the SaaS application licenses provisioned to end users.
This integration also provides the capability to group individual events into event groups and assign priorities to these groups. Admins can configure workflows in Workflow Automation to notify the end user about the event regarding their unused application licenses, request justification, and create a ticket in ServiceNow to deprovision the users based on their response.
Common Use Cases
Remarks
Saas API connectors can send direct messages to users violating DLP policies
For Slack, the custom Slack bot notifies the users.
For Microsoft Teams, the Microsoft Teams bot notifies the users.
For Webex Teams, the custom Webex Teams bot notifies the users.
Workflow automation can send an email, Slack, or Teams message to the violating user and their manager to inform and get justification for incident management
Admins can view and remediate data protection incidents that have occurred in their organization. The users, managers, and approvers respond to the actions (e.g., notify user and escalate) generated by a workflow in the same way as if those actions were manually performed by an admin on the Incidents page or Incident Details page.
Posture Controls for Connected Apps
Admins can initiate an end user review for all users or individual users of a connected app. Depending on the platform (e.g., Google), access to the app can be automatically revoked. For example, if an individual user confirms the app is not in use and the platform supports the Revoke action, individual user access is automatically revoked.
Example of an app access review notification
Example of a Slack-based DLP notification
The Importance of Continuous Real-Time Coaching for Compliant Internet AccessStaying Updated with Regulatory Compliance
Compliance regulations like GDPR, HIPAA, and CCPA are dynamic, often undergoing revisions and updates. These regulations enforce strict data protection and privacy standards, with heavy penalties for non-compliance. Real-time coaching ensures that employees are consistently updated on the latest compliance requirements and best practices, greatly minimizing the risk of accidental violations.
Resolving Issues Promptly
When employees face a security or compliance issue, immediate intervention is essential to prevent potential breaches or violations from worsening. Real-time coaching offers the necessary guidance, enabling employees to make informed decisions swiftly. This proactive approach significantly strengthens the organization’s overall security stance.
Enhancing Productivity
Real-time coaching enables employees to quickly address issues and proceed with their tasks, reducing downtime. This prompt support alleviates frustration and boosts productivity, allowing employees to concentrate on their primary duties while ensuring compliant internet access.
Cultivating a Proactive Security Culture
Continuous real-time coaching promotes a proactive security culture within the organization. Employees become more alert and proactive in recognizing and addressing risks. This cultural transformation is vital for building a resilient organization that can adapt to new threats and regulatory shifts.
The Bottom Line: Real-Time Alerts Are Crucial!In the digital age, proactive security and compliance measures are essential. Continuous real-time coaching plays a critical role in achieving this. By ensuring that employees are consistently equipped with the latest knowledge and tools, organizations can securely and compliantly navigate the complex internet landscape. Investing in continuous coaching not only enhances the security posture but also ensures regulatory compliance and cultivates a culture of vigilance and resilience.
In conclusion, the path to secure and compliant internet access is continuous. Real-time coaching is not merely a necessity; it is a strategic advantage that enables organizations to remain proactive and adaptive in an ever-evolving digital environment.
For more information on how to configure End-User Notifications within Zscaler, please see our help documentation.”}]]
