惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

TaoSecurity Blog
TaoSecurity Blog
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
F
Fortinet All Blogs
Cisco Talos Blog
Cisco Talos Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
S
Secure Thoughts
美团技术团队
雷峰网
雷峰网
Hugging Face - Blog
Hugging Face - Blog
博客园_首页
C
CXSECURITY Database RSS Feed - CXSecurity.com
Engineering at Meta
Engineering at Meta
人人都是产品经理
人人都是产品经理
月光博客
月光博客
T
Tor Project blog
P
Privacy & Cybersecurity Law Blog
Recorded Future
Recorded Future
I
Intezer
博客园 - 【当耐特】
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
GbyAI
GbyAI
罗磊的独立博客
V
V2EX
Google DeepMind News
Google DeepMind News
D
DataBreaches.Net
Last Week in AI
Last Week in AI
T
Tailwind CSS Blog
www.infosecurity-magazine.com
www.infosecurity-magazine.com
A
About on SuperTechFans
Scott Helme
Scott Helme
Vercel News
Vercel News
Spread Privacy
Spread Privacy
T
Threat Research - Cisco Blogs
Recent Announcements
Recent Announcements
Hacker News: Ask HN
Hacker News: Ask HN
C
CERT Recently Published Vulnerability Notes
G
Google Developers Blog
B
Blog
博客园 - 叶小钗
WordPress大学
WordPress大学
博客园 - 聂微东
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Jina AI
Jina AI
IT之家
IT之家
C
Cybersecurity and Infrastructure Security Agency CISA
P
Palo Alto Networks Blog
小众软件
小众软件
博客园 - Franky
Microsoft Azure Blog
Microsoft Azure Blog
AWS News Blog
AWS News Blog

Red Canary

Train, triage, repeat: The AI agent changing how we fight phishing | Red Canary Intelligence Insights: June 2026 | Red Canary The dual-use dilemma: Rethinking detection for remote access tool abuse | Red Canary How threat hunting evolves at scale Investigating suspicious AI workflows in Microsoft Entra Agent ID: Assistive agents Red Canary CFP tracker: May 2026 Investigating suspicious AI workflows in Microsoft Entra Agent ID: Agent’s user account Grading on a curve: How to assess a pentest Investigating suspicious AI workflows in Microsoft Entra Agent ID: Autonomous agents Intelligence Insights: May 2026 Investigating server compromises with cgroups: A Linux DFIR primer Spring cleaning your browser Red Canary CFP tracker: May 2026 How AI can streamline your security testing Intelligence Insights: April 2026 Identity, browsers, and node.js: Everything you missed in the Threat Detection Report miniseries AI in cybersecurity: The good, the bad, and the FUD Red Canary CFP tracker: April 2026 Scarlet Goldfinch’s year in ClickFix Intelligence Insights: March 2026 AI and browser threats stand out in the 2026 Threat Detection Report Moving up the Assemblyline: Exposing malicious code in browser extensions The RSAC 2026 Conference talks worth catching Hunting for malicious OpenClaw AI in the modern enterprise Breaking down a supply chain attack leveraging a malicious Google Workspace OAuth app Red Canary CFP tracker: March 2026
New: Use response actions to update Zscaler policies and block threats
Chris Brook · 2026-04-14 · via Red Canary

The intel teams here at Red Canary and Zscaler have seen some notable social engineering attacks recently. Bad actors get an employee email address and run a program to plug it into a bunch of legitimate sites that send mail—newsletter signups and the like. They get bombarded with emails. Then the adversary reaches out, either by phone or email, pretending to be IT and offering to help fix their spam problem. It’s something we’ve seen in the past—an elaborate hoax and one that’s easier to fall for because of the fatigue of endless email spam.

Attacks like these are complicated to defend against. Using social engineering, bad actors can get ahold of valid credentials. They appear to be just another user, making them particularly hard to detect. They also attack broadly, trying the same tactics against many employees.

Red Canary and Zscaler together have a distinct advantage against these, and many other types of attacks. And now with our latest release, that advantage has grown.

Trigger ZIA response actions in Red Canary

The new integration gives teams an easy way to update Zscaler Internet Access (ZIA) network policies using Red Canary response actions, so they can instantly enforce a network-wide perimeter around a threat, regardless of where the user is or what device they are using. It’s a straightforward way to turn “we confirmed this URL/domain/IP is malicious” into “it’s blocked for everyone,” without extra back-and-forth between tools.

Users can choose from a set of pre-built, expert-checked actions (like blocking a URL/domain/IP or removing a risky allowlist entry), and they can set these actions to trigger automatically or only after manual approval. Every action is tracked in both Red Canary and Zscaler, so teams can see what happened and why.

Key capabilities

  • Automated IOC blocking: Instantly add malicious IP addresses or domains to Destination IP Groups and apply ZIA policies to restrict access.
  • Unmanaged device isolation: Add internal IP addresses for compromised devices to Source IP Groups and apply ZIA policies to restrict network access.
  • Granular URL filtering: Add malicious URLs to custom URL Categories and apply ZIA policies to restrict access or enforce browser isolation.
  • Malicious file protection: Add malicious file hashes to the ZIA Sandbox Denylist and ensure that Zscaler quickly identifies and quarantines future instances of the file encountered in the wild.
  • Bi-directional automation: Every “add” action also has a supported “remove” action–easily revert actions once an investigation is closed and the threat is mitigated.

Why it matters

Remember that spam bombing campaign we started with? If that’s successful, the attacker gets their hands on valid credentials, meaning that the next steps can look almost indistinguishable from everyday work. It can look like a real user signing in, using trusted apps, and leaning on existing tools to stay under the radar. Luckily, Red Canary analytics are built to catch the quiet signals—logins and sequences of activity that don’t fit the user, and living-off-the-land behavior that hides in plain sight.

Combine that with new, in-workflow response actions, and detection turns into protection even faster. As soon as Red Canary verifies the threat, teams can push the right ZIA action—like blocking the malicious destination—without switching consoles or waiting on manual follow-up. You can also automate these actions with playbooks. The result is a tighter loop from “we see it” to “we stop it,” helping you contain an attack quickly and reduce the chance it spreads to more users. Crucially, because ZIA acts as the gateway, this protection extends to every device on your network, including unmanaged hardware and IoT where an endpoint agent cannot be installed.

That means:

  • Drastic reduction in MTTR—move from detection to network-wide block in seconds, not hours of manual ticket routing between security and networking teams
  • Broader, network-level protection, so no one hits a phishing page even if they click the link
  • Agentless enforcement at the edge instantly shields your entire environment, including unmanaged and IoT devices, where traditional EDR agents can’t go
  • Less manual work with fewer console pivots

Interested in how ZIA response actions in Red Canary can protect your organization?

Get a demo!