What are the prerequisites for enabling ZIA inspection of ZPA traffic?

You need a ZIA tenant linked to your ZPA tenant, the ZIA inspection feature provisioned for ZPA (enabled via support request), the ZIA root certificate deployed to devices for SSL inspection, and client connector version 4.4 or higher. Note that this feature doesn't support browser access, privileged remote access, ICMP, double encryption, multi-session protocols, ZDX, machine tunnels, or partner tenants.

How does AppProtection's virtual patching capability work?

Virtual patching applies security controls to block specific attacks that are being leveraged by threat actors and reported as CVEs, allowing you to protect vulnerable applications without immediately applying vendor patches. This provides a temporary security layer while you plan and test actual patches in your environment.

Application Security in Zscaler Private Access

Name: Application Security in Zscaler Private Access
Uploaded: 2026-04-14T16:00:35-04:00
Duration: 3 min 46 s
Description: TL;DR AppProtection provides server-side security for ZPA applications through inspection profiles that detect OWASP Top 10 attacks, apply threat intelligence signatures, perform virtual patching for CVEs, and protect AD protocols with anomaly detectio...

Zscaler

04/14/2026

0 (0%)

Report Like Favorite

TL;DR

AppProtection provides server-side security for ZPA applications through inspection profiles that detect OWASP Top 10 attacks, apply threat intelligence signatures, perform virtual patching for CVEs, and protect AD protocols with anomaly detection.
Browser session protection creates fingerprints using 27 indicators to identify anomalous user sessions and provides dashboards showing users with high numbers of unique fingerprints for investigation.
ZPA traffic can be routed through ZIA enforcement nodes for business-critical applications to leverage mature security controls like TLS inspection, sandboxing, and DLP policies, providing comprehensive client-side protection when paired with AppProtection's server-side defenses.

Summary

This technical tutorial demonstrates how to secure applications accessed through Zscaler Private Access (ZPA) using two complementary approaches: AppProtection and ZIA inspection integration. AppProtection provides server-side security through inspection profiles that detect and prevent attacks mapped to the OWASP Top 10, apply threat intelligence from Zscaler Threat Labs, perform virtual patching for known CVEs, and protect Active Directory protocols including SMB, Kerberos, and LDAP. The session also covers browser session protection capabilities that use 27 indicators to create session fingerprints for anomaly detection. For business-critical applications, organizations can route ZPA traffic through Zscaler Internet Access (ZIA) enforcement nodes to leverage mature security controls including TLS inspection, sandboxing, and data loss prevention policies. This dual-layer approach provides comprehensive client-side and server-side protection against compromise, though ZIA inspection has specific prerequisites including certificate deployment and client connector version 4.4 or higher, with limitations on certain protocol types and access methods.

Chapters

0:00 - Introduction to Application Security
0:12 - AppProtection Overview
0:45 - OWASP Top 10 Prevention
1:21 - AD Protocol Protection
1:37 - Browser Session Protection
1:58 - ZIA Inspection Integration
2:34 - Prerequisites and Limitations

Key Quotes

0:17 "App Protection is an integral part of ZPA that allows you to identify and stop attacks against your applications."
1:04 "App Protection also leverages the Zetscaler Threat Labs research to generate Threat Labs control based on signatures from exploits that our security research team is seeing in the wild."
3:33 "Paired with app protection, this will allow you to provide complete client-side and server-side anti-compromise measures in order to fully protect your applications."

Categories:

Tags:

Show more Show less

Browse videos

Upcoming Webinar Calendar

05/12/2026

11:30 PM

05/12/2026

Implementing Effective Strategies for Active Directory Security and Data Protection

https://www.truthinit.com/index.php/channel/1888/implementing-effective-strategies-for-active-directory-security-and-data-protection/
05/13/2026

01:00 AM

05/13/2026

Transforming the Black Box: Reveal Hidden Threats and AI Risks through Data Lineage

https://www.truthinit.com/index.php/channel/1890/transforming-the-black-box-reveal-hidden-threats-and-ai-risks-through-data-lineage/
05/13/2026

05:00 AM

05/13/2026

Transforming the Black Box: Revealing AI Risks and Hidden Threats through Data Lineage

https://www.truthinit.com/index.php/channel/1894/transforming-the-black-box-revealing-ai-risks-and-hidden-threats-through-data-lineage/
05/19/2026

01:00 PM

05/19/2026

Establishing a Robust AI Governance Framework for GenAI Throughout Deployment Phases

https://www.truthinit.com/index.php/channel/1936/establishing-a-robust-ai-governance-framework-for-genai-throughout-deployment-phases/
05/20/2026

08:00 AM

05/20/2026

Establishing a Robust AI Governance Framework for GenAI Throughout Its Lifecycle

https://www.truthinit.com/index.php/channel/1937/establishing-a-robust-ai-governance-framework-for-genai-throughout-its-lifecycle/
05/20/2026

10:00 PM

05/20/2026

Establishing a Robust AI Governance Framework for GenAI Throughout Its Lifecycle

https://www.truthinit.com/index.php/channel/1953/establishing-a-robust-ai-governance-framework-for-genai-throughout-its-lifecycle/
05/21/2026

11:00 AM

05/21/2026

The Autonomous Era: Orchestrating a Resilient Enterprise

https://www.truthinit.com/index.php/channel/1372/the-autonomous-era-orchestrating-a-resilient-enterprise/
05/27/2026

04:00 AM

05/27/2026

Rivoluziona i rischi dell'AI in opportunità con Netskope AI Security

https://www.truthinit.com/index.php/channel/1925/rivoluziona-i-rischi-dellai-in-opportunità-con-netskope-ai-security/
05/27/2026

10:00 AM

05/27/2026

Harnessing AI: Transitioning from Illusion to Purposeful Mastery

https://www.truthinit.com/index.php/channel/1924/harnessing-ai-transitioning-from-illusion-to-purposeful-mastery/
05/28/2026

01:00 PM

05/28/2026

Harnessing AI for Smaller Teams: Strategies for Secure Implementation

https://www.truthinit.com/index.php/channel/1951/harnessing-ai-for-smaller-teams-strategies-for-secure-implementation/
06/02/2026

01:00 PM

06/02/2026

Spring of Satori: Delving into Recent Findings and the 2026 Threat Landscape

https://www.truthinit.com/index.php/channel/1930/spring-of-satori-delving-into-recent-findings-and-the-2026-threat-landscape/
06/04/2026

02:00 AM

06/04/2026

Mastering the Unseen: Managing Shadow AI and Agentic MCP Traffic

https://www.truthinit.com/index.php/channel/1948/mastering-the-unseen-managing-shadow-ai-and-agentic-mcp-traffic/
06/16/2026

07:00 AM

06/16/2026

Transforming Data Risk into Actionable Priorities: Essential Fixes First

https://www.truthinit.com/index.php/channel/1952/transforming-data-risk-into-actionable-priorities-essential-fixes-first/