.jpeg){kind=logo}
This post was co-authored by Brad Woodberg, Sr. Director Product Management, Vectra AI, and Abhishek Gupta, Principal Field Product Management, Zscaler
The network has changed.
Users work everywhere. Applications live across SaaS, cloud, and private environments. Traffic is increasingly encrypted. And attackers have adapted faster than most security architectures.
Over the last several years, organizations have embraced Zero Trust and Security Service Edge (SSE) architectures to securely connect users to applications wherever they are. That shift has dramatically improved access security and reduced reliance on legacy VPNs and perimeter defenses.
But modern attackers don't stop at the access layer.
They hide command-and-control traffic inside encrypted sessions. They move laterally across hybrid environments. They compromise identities and abuse legitimate SaaS workflows. In other words, they exploit the gaps between what network teams can see and what security teams can investigate.
That is why Vectra AI and Zscaler have expanded our integration.
Together, we combine Zscaler's Zero Trust Exchange with Vectra AI's AI-driven threat detection and investigation capabilities to provide a unified view across internet traffic, private application access, cloud environments, and modern identities. The result is a shared operational picture that helps bridge the longstanding divide between NetOps and SecOps.
From Hunt Club to Zenith Live: A Shared Vision for Modern Network Protection
Earlier this year, we had the opportunity to present together at Vectra AI's Hunt Club customer conference, where we shared our joint vision for Modern Network Protection. The presentation focused on a simple reality: organizations have modernized access with Zero Trust and SSE, but attackers have modernized faster.
Today's attacks span internet traffic, SaaS applications, identities, cloud workloads, and private applications. Security teams need more than access controls—they need continuous visibility into attacker behavior across the entire attack lifecycle.
The Vectra AI and Zscaler partnership addresses this challenge by combining:
- Zscaler's Zero Trust Exchange for secure access and rich traffic visibility
- Vectra AI Attack Signal Intelligence for AI-driven threat detection, prioritization, and investigation
- Shared visibility across users, devices, identities, applications, and networks
- Operational alignment between NetOps and SecOps teams
For those interested in the technical details of the integration, we encourage you to read our joint technical deep dive:
Deep Dive Inside the Zscaler and Vectra AI Integration
https://www.zscaler.com/blogs/product-insights/deep-dive-inside-zscaler-and-vectra-ai-integration
Hunt Club Presentation: Modern Network Protection
The presentation expands on the architectural concepts discussed in this blog and demonstrates how organizations can use Zscaler and Vectra AI together to reduce blind spots across modern hybrid environments.
Three Ways Vectra AI and Zscaler Help Bridge NetOps and SecOps
For architects attending Zenith Live, here are three real-world use cases that demonstrate how the integration delivers value.
Use Case 1: Detecting Hidden Command-and-Control Traffic
One of the most difficult challenges for security teams is identifying "low-and-slow" command-and-control activity that intentionally blends into legitimate internet traffic.
Modern attackers frequently use techniques such as domain fronting, fast-flux infrastructure, and encrypted HTTPS communications to evade traditional URL filtering and reputation-based controls. The destination changes constantly, making detection difficult.
Zscaler provides rich visibility into internet-bound traffic and securely brokers user connections through the Zero Trust Exchange. Vectra AI then applies behavioral analytics and advanced fingerprinting techniques to identify suspicious patterns that remain consistent even when attacker infrastructure changes.
The outcome is precise detection without disrupting legitimate cloud services.
For the SOC, this means faster threat hunting and more confident investigations. For NetOps, it means maintaining user connectivity while security teams gain the evidence they need to act.
Most importantly, teams gain visibility into attacker behavior—not just destinations and indicators—which is increasingly critical in an encrypted world.
Deep Dive into this use case: https://www.zscaler.com/blogs/product-insights/deep-dive-inside-zscaler-and-vectra-ai-integration
Use Case 2: Connecting Internet Activity to Lateral Movement
Many attacks do not begin with ransomware. They begin with reconnaissance.
A suspicious download. An unusual authentication attempt. A user probing internal systems. Individually, each event may appear benign. Together, they often reveal the early stages of an attack.
This is where the combined visibility provided byVectra AI and Zscaler becomes especially powerful.
By correlating internet activity from Zscaler Internet Access (ZIA) with private application access data from Zscaler Private Access (ZPA), Vectra AI can identify attack progression across environments. Security teams can see when a device that triggered suspicious internet activity begins scanning internal resources, attempting SMB connections, or enumerating sensitive systems.
Instead of responding to isolated alerts, teams gain attack-stage context.
This allows SOC analysts to prioritize investigations based on attacker behavior rather than alert volume. At the same time, network teams can work from the same evidence to isolate affected assets and contain threats before they spread.
The result is exactly what modern organizations need: a shared workflow between NetOps and SecOps built around facts, not assumptions.
Deep Dive into this use case: https://www.zscaler.com/blogs/product-insights/deep-dive-inside-zscaler-and-vectra-ai-integration
Use Case 3: Detecting Compromised Identities and SaaS Abuse
Today's attackers increasingly bypass malware altogether.
Rather than breaking in, they log in.
Using stolen credentials, session hijacking, or sophisticated phishing techniques, attackers gain access to trusted SaaS applications and then use legitimate administrative functions to move quietly through the environment.
These attacks are difficult to detect because the activity often appears legitimate.
Vectra AI identifies abnormal identity behavior, such as unusual access patterns, privilege escalation attempts, or suspicious SaaS activity. Zscaler provides critical context about which applications are being accessed and whether those applications are unusual for that user.
Together, security teams gain visibility into both the identity and the activity.
This enables organizations to detect compromised accounts earlier, terminate risky sessions, enforce additional authentication requirements, and stop data loss before it occurs.
In a world where identity has become the new perimeter, this visibility is critical.
Deep Dive into this use case: https://www.zscaler.com/blogs/product-insights/deep-dive-inside-zscaler-and-vectra-ai-integration
Why This Matters for Network and Security Architects
One of the key themes from our Hunt Club presentation was that the traditional distinction between network operations and security operations is disappearing.
Network architects are increasingly responsible for enabling secure connectivity across distributed users, applications, and cloud environments. Security architects are increasingly dependent on network telemetry and context to understand attacker behavior.
The Vectra AI and Zscaler integration creates a common operational framework where both teams can answer critical questions:
- Is this user behaving normally?
- Is this application access expected?
- Is this encrypted traffic legitimate?
- Is this identity compromised?
- Is this activity part of a larger attack campaign?
By combining Zero Trust access controls with AI-driven attack detection, organizations gain both prevention and visibility—two capabilities that are increasingly inseparable.
A Shared Vision for NetOps and SecOps
Historically, network teams have focused on connectivity and performance while security teams have focused on risk reduction and threat response.
The reality is that modern attacks don't respect organizational boundaries.
Attackers move across cloud, SaaS, identity, internet, and private application environments as a single campaign. Defenders need the same unified perspective.
The Vectra AI and Zscaler integration helps organizations eliminate blind spots, accelerate investigations, and improve operational collaboration. It enables NetOps and SecOps teams to work from a common source of truth while maintaining the performance, user experience, and Zero Trust principles that modern enterprises demand.
As enterprises continue their digital transformation journeys, success will depend on more than secure access. It will require the ability to see, understand, and stop modern attacks wherever they occur. That's the vision behind the Vectra AI and Zscaler partnership—and we're excited to continue that journey with customers at Zenith Live.
To learn more about the technical integration, visit Zscaler's deep-dive blog: https://www.zscaler.com/blogs/product-insights/deep-dive-inside-zscaler-and-vectra-ai-integration
Additional Vectra AI + Zscaler Resources:
Vectra AI: Gain end-to-end visibility — north-south and east-west
Vectra AI: Vectra AI + Zscaler Secure Zero Trust Access
Zscaler: Two Magic Quadrant™ Leaders Become Partners: Zscaler and Vectra AI Combine Forces
Zscaler: Bridging the Gap Between NetOps and SecOps