zscaler
by dvmrry
Answer questions about the Zscaler portfolio — full operational depth (Tier 1, with SDK / TF / OneAPI exposure) on ZIA, ZPA (including AppProtection inline WAF/IPS and Browser Access), ZCC (Client Connector), ZDX (Digital Experience), ZBI (Zero Trust Browser / Cloud Browser Isolation), ZIdentity (unified identity + OneAPI authentication + step-up auth), Cloud & Branch Connector (ZTW/ZTC — VM-based traffic forwarding for cloud workloads and branch offices), and ZWA (Workflow Automation — DLP incident lifecycle); plus extended awareness with reasoning docs (Tier 2a, portal-only / no SDK) on Deception (decoys/honeypots for post-perimeter detection), Risk360 (cyber risk quantification / Monte Carlo / CISO board reporting), the AI Security family (AI Guard runtime guardrails for LLM prompt-injection / jailbreak / sensitive-data / toxicity / refusal detection plus AI Red Teaming / AI Guardrails / four-pillar governance), and ZMS (workload microsegmentation east-west, host-agent + WFP/nftables enforcement); plus paragraph-level awareness (Tier 2b) of ZINS (shadow-IT NSS Collector), EASM, Federal Cloud variants, ITDR, DSPM, Posture Control, and others. Covers URL category coverage, URL filtering rule precedence, wildcard matching semantics, SSL inspection ordering, cloud app control interaction with URL filtering, DLP three-layer model, sandbox / malware / ATP, firewall filtering, ZPA app-segment matching and policy evaluation order, AppProtection profiles / paranoia levels, Browser Access wildcard certificate rules, ZCC forwarding-profile / trusted-network decisions (which decide whether traffic reaches ZIA or ZPA in the first place), ZDX score / probe / diagnostic-session questions about user experience, browser isolation (Isolate action, Smart Browser Isolation, isolation profiles), Cloud Connector provisioning and activation, and Zscaler portfolio breadth ("what is X?", "does Zscaler do Y?"). Use whenever the user mentions Zscaler, ZIA, ZPA, ZCC, ZDX, ZBI, ZWA, ZTW, ZTC, CBC, Zero Trust Browser, Cloud Browser Isolation, Client Connector, AppProtection, Browser Access, Deception, Risk360, AI Guard, AI Guardrails, AI Red Teaming, AI Security, ZMS, microsegmentation, east-west traffic, ZINS, EASM, URL categories, URL filtering, cloud app control, SSL inspection, DLP, sandbox, app segments, forwarding profiles, trusted networks, ZDX score, probes, diagnostic sessions / deeptraces, isolation profiles, prompt injection, jailbreak detection, LLM guardrails, or asks "is $URL covered / blocked / allowed". Also use for "why does this rule win", "what happens when these policies overlap", "why is this user's app slow", "what happens when traffic gets isolated", "what is $product", or "does Zscaler have something for $use-case" questions, even if the user does not explicitly name Zscaler.