Zscaler Internet Access Reviews

Primarily, it was to replace our existing on-premises box infrastructure. That's what it started with. And lately, we've been using it more for secure web gateway purposes.

It's primarily meant for perimeter security and the ability to securely access the internet and SaaS applications. So that has definitely helped us get rid of our bulky firewall hardware firewalls, at least for internet access. So that's a cost optimization. And performance. It definitely helps us boost performance.

The ease of deployment is the most valuable feature. All it takes is building a few QRE or ITC tunnels and installing agents. It's a piece of cake. 

And the policies are very intuitive and easy to configure, with very little possibility of messing things up. I also like the great analytics and good visibility into the traffic that goes out of my organization. 

Shadow ID Discovery is also great for finding out what SaaS applications people in my organization are trying to access.

One thing that needs to be improved is their presence in China. I'm not sure if that's a Zscaler thing or if it's a problem with all vendors in this space, but it would be nice to have better coverage in China.

This concern is a common one for vendors across the board when dealing with the Chinese market. So, currently, there is the Great Firewall of China. This firewall can significantly impact internet performance for users in China. A better presence in China from Zscaler could mean more breakout points between China and the rest of the world. 

This would help to improve internet performance for users in China and make Zscaler a more viable solution for organizations with a presence in China.

I started using it in 2015, but then I used it intermittently for the next couple of years. But lately, I've been using it quite a lot. So I've been working with it for about seven years now.

Occasionally, I've faced challenges with applications going down, but these incidents don't usually result in disconnections. 

If I were to rate its stability on a scale of one to ten, with ten being the most stable, I would place it around a seven, I suppose.

I've never encountered challenges where a client exceeded the bandwidth or processing limits of Zscaler. When you reach your peak, the solution is flexible enough to handle it. 

If necessary, you can provision another circuit to increase your Internet bandwidth and set up an additional enforcement point, which is essentially a Zscaler reinforcement point. So, it's highly elastic and scalable.

I would give scalability a perfect ten out of ten rating.

The customer service and support are fairly good. 

In terms of their technical capabilities, response times, and issue resolution, we've had positive interactions with their support.

Positive

The primary alternative for Zscaler is Prisma Access. It stands out as the strongest contender. Additionally, there's NetScope in the mix, although it's not a direct comparison. Another player is Blue Coat, or rather Symantec, now Broadcom. They also compete in this space. However, from what I've observed, most clients transitioning from traditional proxy setups tend to gravitate towards either Zscaler or Prisma.

Prisma Access extends beyond mere web security. This puts it in a separate category, making a direct comparison with Zscaler Internet Access somewhat challenging. Prisma offers a broader array of features, including threat profiling, threat intelligence, diverse integrations, endpoint security evaluations, and deep packet inspection. These are areas where Zscaler Internet Access falls short. Zscaler, essentially a cloud proxy, serves a specific purpose. 

On the other hand, Palo Alto Networks not only operates as a proxy but also incorporates firewall functionality. It functions as a service, includes VPN replacement capabilities, and encompasses features like antivirus, anti-spyware, and IPS for threat filtering. Palo Alto holds an advantage in these aspects. However, if your primary aim is to replace an on-premises proxy, Zscaler is the way to go. Opting for Prisma Access exclusively for proxy functionalities might prove cost-prohibitive.

I would rate my experience with the initial setup an eight out of ten, where one being difficult and ten being easy to setup.

With regard to complexity, it largely depends on the number of redundancies that you require. For example, if you just have a standby setup with maybe two or three Zscaler enforcement nodes that your tunnels need to terminate on, it's fairly simple. 

However, the more redundancy and higher availability requirements that the company has, the more complex it gets. So it can get pretty complicated if you have some crazy requirements with regard to high availability and redundancy.

You just need one person to deploy the solution. One person can mostly do it. A lot of parts as well. 

You would require an endpoint specialist; someone who manages the endpoints. Additionally, you might need someone from your SOC to ensure that you're able to ingest all the logs and security alerts that are being dumped into the same solution. Perhaps one or two individuals for testing purposes. The policy installation process is quite straightforward and shouldn't take a lot of time. One person should be sufficient for that.

We deployed the solution ourselves. We have a team of in-house experts who can troubleshoot any issues that may arise. We have also used Zscaler's professional services team on occasion, for example, to help us with sizing and design, or when there are complex requirements from our clients. But for the most part, we're able to handle the ZIA deployment ourselves.

Most standard deployments take around two weeks. For example, I deployed Zscaler Internet Access (ZIA) for my previous organization, with 20,000 users in two weeks. However, I've also seen deployments for 50,000 to 60,000 users that took at least three to four months. 

The exact deployment time will vary depending on the size of the deployment, the complexity of the environment, and the specific requirements of the organization.

In a typical deployment process, the first step is to procure licenses. You can either do this yourself, or Zscaler can do it for you. Once the licenses are procured, Zscaler will create a tenant for your organization. This tenant will include the enforcement nodes that will be used to process traffic for your users.

Following this, the installation of Zscaler tunnels transpires, along with the deployment of the Zscaler Client Connector (ZCC) on user machines. Configuration of policies is then carried out, encompassing aspects such as policy definitions and potential additional inspection of HTTPS traffic. 

Moreover, ancillary facets are incorporated. These entail the establishment of compatible streaming services and TLS inspection. Integration with the corporate identity provider (IdP) is also a crucial step. 

Furthermore, if automation is a consideration, additional automation or orchestration components can be implemented to facilitate automatic policy enforcement. While integration with Extended Detection and Response (XDR) systems is conceivable, this is an aspect I have not personally done. This more or less encapsulates the overall process.

I would suggest knowing the use cases beforehand. Many customers I've seen aren't entirely clear about their specific use cases. They often dive into the product first and then work backward to identify whether Zscaler Internet Access aligns with their needs. Understanding your use cases is essential; it serves as a foundation for determining if Zscaler Internet Access is the right solution. If the required capabilities are already available, or if a few API integrations or lines of code can sustain the existing solution, that's worth considering. This advice isn't exclusive to Zscaler, but I've witnessed clients who become uncertain because they lack the necessary set of use cases that would justify their investment.

Overall, I would rate the solution a seven out of ten for two reasons, namely, the China issue for the improvement section and the pricing is expensive. I am not sure about the exact price, but it is expensive.

The main use cases that our clients typically have and why we propose and implement the solution is for a proxy solution. It's designed to create a proxy site-to-site tunnel between the computer trying to access any resources on the Internet or within the offices. Most organizations have a significant number of remote workers - around 30 to 40 percent of their workforce is remote - and they log in from different locations globally, such as Japan, the US, Europe, and Asia. So they need one solution to cover these remote locations and provide a proxy solution.

In addition, we need to have minimum bandwidth latency, and Zscaler is the most suitable product we see. Whenever a customer comes to us with a large geographical spread in terms of their workforce, we propose and implement this solution across the cloud, as required.

One feature that is valuable to me from an implementation point of view is that it's very easy to implement. We just had to route in some IPs, and it automatically hops into the nearest Zscaler nodes, which they call it. They have more than 150 nodes across the globe. Essentially, if I'm trying to access a server in India at this point in time, and the server I'm trying to access is somewhere in Singapore or Tokyo, it creates a lot of internet latency. But with Zscaler, it's not the case because they have a server in almost every major hotspot in the world. In India, if you're connecting, they will automatically route to their nearest server. Since they have servers in so many places in the world, we can easily configure them to the nearest server. 

The end-user who's using it doesn't feel the latency, and it's really minimal, less than three milliseconds, six milliseconds, whereas the competition has more than ten milliseconds and eleven milliseconds as latency.

There are a couple of areas of improvement in the solution. Firstly, there are some performance issues when we add on additional controls. Zscaler Internet Access is a plain vanilla solution that allows you to add CSV or DLP on top of it. However, once you add these modules, the performance degrades for a bit, and the latency increases significantly. We're talking about a two-fold or three-fold increase in latency. They need to work on this. So the performance goes down when using a lot of features simultaneously.

Moreover, the implementation interface is not very good. It has some minor bugs, and it's not properly streamlined. However, these are not software issues that cannot be resolved. A simple reboot or a call to the reseller personnel can guide you in resolving these issues. But the experience can be more seamless if the interface is improved.

I have hands-on experience with Zscaler Internet Access, a cloud proxy solution similar to Cisco's proxy solution.

We've been working with Zscaler Internet Access for almost three years now. We use the basic Zscaler Internet Access with add-ons like CASB and DLP. This is the solution we sell and implement the most.

I would rate the stability an eight out of ten. 

It is a scalable solution. I would rate it a ten out of ten. There are more than 15,000 users under different organizations. They are small and medium-sized businesses. The largest organization that deployed Zscaler had 8,000 users. 

The customer service and support team is good. 

Positive

I would rate the initial setup an eight out of ten, where one is difficult and ten is easy. The deployment process is quick, around 6 to 8 weeks. But that depends on the geographical locations we need to cover. If we only need to cover two to three locations, it's good enough.

The deployment process involves building the Zscaler package, which can be vanilla or vanilla plus bundle, and then remotely pushing it to the client machine using Microsoft Intune or whatever it is. Meanwhile, we have to build the configuration and policy based on the client's requirements.

First, what we do is we build the ZScaler package. The package includes the features that will be going through the solution. Once the package is built, it is pushed into the endpoints or machines, such as computers, laptops, and desktops, through Microsoft Intune or SCCM, or any other patching solution that they have. Meanwhile, we configure Zscaler to the nearest hub that the reseller has. They have more than 150 nodes across the globe, so we configure the nearest hub for them. Once that configuration is done, we have established a connection, and the systems have gone online, then you can actually use the solution.

So, it's basically a two-step process. Rolling out the package, rolling out the agent, and configuring the reseller to the nearest hub. That's it. It's a smooth process.

Zscaler is transparent about its pricing model. However, it is not a cheap solution. I would rate the licensing model a seven out of ten. 

My advice, generally, is that if a client has a growth prospect with an increasing number of employees moving across the globe, then Zscaler advises having a product that is scalable and fast. By fast, I mean it has low latency, making it very scalable. Zscaler Internet Access is a completely cloud-based product and is highly scalable. It is a reliable solution to have in your IT stack. 

Overall, I would rate Zscaler an eight out of ten. Zscaler Internet Access is highly scalable and has low latency, making it one of the most reliable products with good market support and presence. I rated it an eight and not a ten because there are a couple of constraints in scaling certain things. For example, some customers, such as federal institutions of the US, state of clutter, or some banks, want an on-premise solution. They want more control because Cloud will always have a security issue somewhere or the other, and Zscaler Internet Access does not have an on-prem solution. Also, when you increase the features, it does lag a bit, which should not happen.

We can use the solution for users that are working from home. It allows us to manage control over security. We install an agent and can set the domains that are allowed on the network. It helps ensure security.

It can be easily accessed by the cloud. Users can easily work from home while maintaining company security.

The servers are hosted in the cloud, and it maintains security for Azure. It's like having double security - one for the cloud and one for the user.

It is simple to use. We can create multiple tunnels with ease. It's simpler to use than a VPN.

The solution is stable.

We'd like for them to include some sort of antivirus tool. It would help if that came bundled with this product from a security standpoint. 

We'd like to have a server connector without ht need for multiple micro tunnels. 

We just completed a POC. I just started with the company.

The stability is good. The solution is reliable. We've had no issues with stability. I'd rate the stability eight out of ten.

We have almost 300 users.

I'd rate the scalability six out of ten. The policy creation is difficult. It's complicated to add them, and therefore scaling may take a while. 

I don't really deal with technical support. We get support from a third-party vendor, not Zscaler directly.

We have used a different solution in the past. Zscaler, we can deploy on VM servers.

We've only completed a POC and plan to roll out a full implementation soon. In the past, I have implemented it completely as well. We are planning to deploy for the sales users first. 

It's not a difficult process. Once the agent is installed, it needs to be verified with the console. The deployment takes between 30 to 45 days, depending on the level of support needed to complete the task. The issue is our sales team are work from home users. That can make the process longer. 

We also need to create user policies before the full deployment happens. Different policies are needed for different users. We may need to create three to four different policies for different user sets. 

We have a third party that we get the solution. 

We have yet to receive the cost from Zscaler. We've only done a POC. My understanding is the solution is reasonably priced. I'd rate the pricing eight out of ten.

We are an end-user. We may be a future partner.

It is good for a small environment of 80 to 100 users. I'm not sure if it works for very large organizations. This solution requires less maintenance and makes server access easy - instead of, for example, standalone VPN access.

I'd rate the solution ten out of ten.

We have Windows 10 laptops. We wanted help securing our laptops for remote work, but we don't have the server for this infrastructure. Whereas, with this solution, the cloud server is managed by Zscaler. 

It is a pretty lean solution. We only need to manage the agent and some very small tools on the laptops.

Currently, we have an on-premise firewall. However, most of the time, users are not working in the office. Therefore, we need to use something, like a Secure Access Service Edge (SASE), to help users. So, we are trying to protect users without a corporate firewall.

We just wanted laptops to have more secure features to help users and protect the company's data. There are two major things deployed on our laptops: Zscaler Internet Access and endpoint detection response (EDR).

Zscaler Internet Access has helped enable our digital transformation.

When you try to access suspicious websites, they will give you a warning. This helps us with user access without our office network.

Its cyberthreat protection is important for our needs. We use it for Internet access control, e.g., accessing web pages. We also use it when a user downloads or uploads files from the Internet.

When a user goes to the Internet to browse or download something, it is secured by this tool. This is important to us because it is another layer of protection.

They could provide more time for the onboarding the training of an IT person.

We did run into some compatibility issues. We just needed to test its configurations on the web portal and that detected the issues.

I have been using it for half a year.

We haven't had any issues with stability.

No maintenance is required.

We have 120 users. We have never tested it to go above 1,000 users. It shouldn't have problems because it is an agent working on the laptops using a centralized online server. 

The technical support is very good. We create a ticket every week or two.

Positive

We didn't have an Internet access control solution previously, only anti-malware for endpoint protection.

Our legacy systems only protected our on-premise network.

The initial setup was straightforward. It took about three days to set up.

Zscaler Internet Access has helped us reduce the time that we spend managing security policies by about four hours a week. We can use this time to focus on other things, especially the IT team.

Versus deploying and managing traditional network security hardware, the solution has saved us about four hours a week.

The solution has helped us reduce the number of infected devices in our organization by proactively preventing attacks because some users were unaware of some malware sites.

We evaluated two or three different vendors, but finally selected Zscaler Internet Access due to its reputation. Also, the GUI for Zscaler Internet Access was very clear when we tested it.

We are not using the solution for data loss prevention.

When you select this product, test it with other tools running on your machine to ensure there are no compatibility issues between different products.

I would rate it as nine out of 10.

I like the granularity of the control of all the traffic, including SSL inspection. I also like the fact that the user interface is intuitive.

The latencies with Zscaler are minimal compared to those of any other competitor. Other competitors do not really have the global scale that Zscaler has and cannot promise low latencies.

Zscaler should continue to make the user interface better. They should also improve the backup network and continue to expand it so that it can handle larger numbers of customers.

We've been working with this solution since 2017. Our customers use a cloud deployment of this solution.

The stability overall in the developed regions, such as the US and Europe, is fairly good. In certain regions, such as South Africa, Zscaler has not been stable for some time.

It is easy to scale. Additional sites and licenses can be added quickly and easily.

Zscaler's technical support is not too bad. They have been helpful when I have had issues, but I have not had to contact them much.

The initial deployment process is quite easy. I've implemented Zscaler Internet Access in large, multinational corporations and recently at a company that is in 64 countries in the world. The deployment is always fairly quick. I have also worked with smaller clients, and Zscaler deployment is even easier in these cases.

Zscaler is an expensive solution, but it's worth the price. 

Their services are unmatched by competitors. Some may come with half the features that Zscaler can offer and be much cheaper. However, they do not have the global coverage that Zscaler has, and they will not provide the same low latencies and the same speeds that Zscaler can.

My advice would be to ensure that you have a good implementer and reseller who can provide guidance. The reseller should be aligned with those who work in security and needs to be aware of anything that might need an exception that needs to be created. This will help avoid any surprises when the solution is live. The other important aspect to consider is training.

Overall, I would rate Zscaler at eight on a scale from one to ten.

One of the use cases is VPN replacement. Zscaler Private Access replaces the VPN solution.

Zscaler covers all the features needed to replace a VPN or proxy solution. They are good. They've been on the market for 15 years now, so they are mature enough.

Zscaler needs to add client-to-client communication. It's always client-to-server communication. The cloud and branch connectors could be improved because we're still dependent on traditional firewalls. They should eliminate this. They should also provide WAN devices should to compete with the SD-WAN solutions also.

We have been building our competency and trying to sell Zscaler to customers for almost two years. We are doing this in our labs also, and we have one customer now. 

Zscaler is scalable. 

Zscaler is a cloud-based solution, so it's scalable. 

We worked with Zscaler support initially for some professional services. That service was excellent, but later we had to wait for them to make some changes, so that could be tricky. I rate Zscaler support seven out of 10. 

Neutral

Deploying Zscaler is quick and straightforward. You can easily onboard end-users to Zscaler Private Access once you deploy the application. There is a virtual application in your private data centers that detects the applications, and you can control access.

We have two or three engineer to deploy the solution. Two are usually needed  because there are different roles from a backup point of view, and we have a different set of people during the design stage. We need some people who understand identity solutions. We have a combination of two or three engineers who normally do deployment for around 1,500 users. One person is usually more than sufficient for maintenance because we don't get that many inquiries unless some changes are needed.

We work on a business case, not on ROI, so if the customer sees a positive savings on their business case after the five years or six years, they normally go for Zscaler.

The license is per user, and there's a minimum license per user per year. It's costly if you compare it to the traditional solutions like Symantec or Bluecoat. It's about 20 to 30 percent costlier than the traditional solution, but it gives you the flexibility to work from anywhere, and everything becomes effortless. 

I rate Zscaler Internet Access eight out of 10.

Our customer already had the product, which they got from another vendor. They were facing some issues with their existing policies. Our role was to optimize the policy. So we optimized Threat Protection, DLP, and CASB policies per the customer’s requirements. In their environment, G Suite was completely allowed for some users, but they wanted only to allow a specific corporate domain. As per the recommendation, CASB policy must have been in place, but it wasn’t. So we optimized the tool as per their requirement and delivered it.

The product has different modules like SWG, CASB, DLP, and Threat Protection. The most valuable feature of the solution is SWG traffic. The product is very good in web traffic.

Cloud App’s database should be improved. Currently, they only support and provide granular controls to around 1000 cloud applications. In Netskope, it is more than 3000. Around 65,000 applications are visible to the users in Netskope, but Zscaler only supports around 3000 to 4000. Cloud App is not good. UI is not as easily understandable as Netskope. Netskope has a source, destination, and action policy. In Zscaler, we have to click multiple tabs to get it. It's a bit tricky compared to Netskope. Once we understand it, it's simple.

I have been using the solution for four to five months.

I rate the solution’s stability an eight out of ten.

I rate the product’s scalability an eight out of ten. Currently, the product is facing major issues in scalability because the company is over ten years old. The data center they have in India goes down frequently. VLANs also go down frequently. Due to this, the product gets turned off completely, and sometimes, the users go to different traffic. If it’s an on-prem user, they go via a firewall, which increases the pain for the customers. They have a problem with DC. VLANs go down sometimes. That's why the user faces complete disconnection issues for the proxy. Two people in the organization are using the solution.

The initial setup is straightforward. It is just a plug-and-play process. When the Zscaler client is installed on the machine, it works like a normal proxy. They're connected to the cloud. The solution is deployed on all the users’ machines, and the management and policy creation is done at the cloud level. It's a cloud proxy.

The deployment is just a plug-and-play process. The policy is very simple.

We acquired a customer for optimization. Overall, I rate the product a seven out of ten.

We use ZIA for outbound internet connectivity. The internet traffic of on-prem users will be directed to the ZIA cloud for security checks and web filtering. 

Zscaler does not provide dedicated IPs to each customer. Hence, they share a pool of IPs provided by Zscaler. There is a chance of blacklisting these IPs. I also do not like the multi-management portal. 

I have been working with the product for a couple of years. 

The product's stability is fine. 

ZIA is not scalable due to the limitation of bandwidth. My company has over 100 users for the product. 

ZIA's support is good. 

Positive

ZIA's setup is not easy because of the multiple clouds. 

ZIA follows a subscription model pricing and charges you based on the number of users. I would say its price is good. 

I would rate the product a seven out of ten. I haven't seen any unique competitive advantage for ZIA over its competitors. ZIA's offerings are offered by competitors as well. However, the product has good security features. However, I wouldn't recommend this product to organizations that require high-security features. I would recommend Palo Alto in those cases.