Summary
This technical tutorial demonstrates how to secure applications accessed through Zscaler Private Access (ZPA) using two complementary approaches: AppProtection and ZIA inspection integration. AppProtection provides server-side security through inspection profiles that detect and prevent attacks mapped to the OWASP Top 10, apply threat intelligence from Zscaler Threat Labs, perform virtual patching for known CVEs, and protect Active Directory protocols including SMB, Kerberos, and LDAP. The session also covers browser session protection capabilities that use 27 indicators to create session fingerprints for anomaly detection. For business-critical applications, organizations can route ZPA traffic through Zscaler Internet Access (ZIA) enforcement nodes to leverage mature security controls including TLS inspection, sandboxing, and data loss prevention policies. This dual-layer approach provides comprehensive client-side and server-side protection against compromise, though ZIA inspection has specific prerequisites including certificate deployment and client connector version 4.4 or higher, with limitations on certain protocol types and access methods.
