Zscaler Internet Access Reviews

We use the solution for web security services such as DLP, VPN, BPA, ZIA, and CASB.

We needed a solution to control the user traffic on the internet earlier. But now, with Zscaler's help, we can adequately handle the data using CASB. Also, we can control URLs and Web accesses with the help of its web security gateway feature. Along with this, we are controlling the data leak assessment on the internet with DLP's help.

The solution's most valuable feature is the well-structured functioning of services. It allows us to monitor things in the best possible way. It has all the features separated well from each other. For instance, they have a separate portal in case one wants to control anything on the internet. The other valuable feature is its ability to audit the reports well.

They recently improved a few things with the new version. They should enhance the audit reporting feature. They are providing a very basic DLP solution, but it needs improvement. If they improve the DLP solution, it will be a better solution in the future. They should work on the bandwidth of the CASB solution as well. 

We started the solution's POC in October but it is not yet fully deployed.

The solution’s customer service is good.

Positive

I have done the POC for Cisco Umbrella and Netskope before. Netskope is a user-friendly solution. But Zscaler is better than other solutions regarding its monitoring services.

The solution’s setup is pretty straightforward, but it depends on your experience with Zscaler. It would get a bit difficult for a new buyer owing to multiple profile setups and configurations during the process. I rate the solution’s initial setup as a nine.

I rate the solution's pricing as seven. It is costlier than other solutions. They have multiple standard licenses, but there is no additional cost included.

If you want to establish the right controls from a web security perspective, it's one of the best products in the market. Again, opting for the solution depends on the particular requirement. If you are looking for a solution for banking services, then, you should go with Symantec Blue Coat for a better DLP solution. But if you need a mix of VPN, CASB, and Web Security Gateway, then Zscaler is the better solution.

I rate the solution as an eight out of ten.

Zscaler Internet Access is used for internet access, security related to internet access, and in some cases, connecting to online applications.

The most valuable features I found in Zscaler Internet Access are the restriction of users for a particular URL, the security feature related to stopping DDoS, and the VPN.

What could be improved in Zscaler Internet Access is its price. It could be cheaper.

I'm working for TCS, which is a service management company, so we manage services for our clients. From my perspective, I've been working with Zscaler Internet Access for six months, but the client could be using it longer than that period. In my case, I've been working with this particular client on Zscaler Internet Access for six months. My company TCS is a partner of Zscaler.

Zscaler Internet Access is quite stable.

I have not had any issues with the scalability of Zscaler Internet Access. I have not encountered scalability issues, but my company has not scaled up that much to encounter problems with scalability, so I can't really comment on how scalable the solution is.

Zscaler Internet Access has good technical support. We have not had an issue where multiple escalations were needed from the support team. The issues were normally quite straightforward and were able to be sorted out with minimum intervention. Whatever support we have requested from Zscaler, we had a very good experience.

The initial setup for Zscaler Internet Access is straightforward. On a scale of one to five, with one being the worst and five being the best, I'm rating my experience with its setup a four.

The pricing for Zscaler Internet Access could be made cheaper.

My advice for people looking into implementing Zscaler Internet Access is that it's quite stable. Its features are quite mature, so I would recommend for people to go for the implementation of the solution.

Zscaler Internet Access is deployed on the cloud, particularly on Zcaler's cloud: the ZIA. It's a SaaS solution.

You can have mobile employees who forward traffic into a Zscaler client, or you could use a PAC file. So, if users connect at the beach, a hotel, coffee shop or something outside their actual office, it will give them protection.

You can use it with a secured Internet using a web gateway to deliver to the cloud.

The benefits of Zscaler Internet Access are the speed of the solution and never having performance issues or limitations. The fact that none of my end users are experiencing any threats, zero-day, bots, or malware says a lot about the solution. 

Zscaler Internet Access enables the inspection of traffic, including SSLs. You want to make sure that nothing is coming in through your HTTPS traffic. For anything that is coming in that might be a threat, you want to ensure that you are using a good proxy for that. There is malicious traffic out there, so you want to make sure you are tracking and viewing that. There are a lot of threats that come through as well as a lot of programming languages, so you definitely need to inspect traffic.

It is worth it. It works. I don't need multiple alerts, because it is set up with the right policies. Definitely, it is a beneficial device which doesn't always need constant monitoring. It inspects the encrypted traffic and verifies what threats are coming in. It intercepts incoming traffic and decrypts it, then reviews it. So, why have antivirus scanning or web filtering if Zscaler can do it? It protects me from man-in-the-middle attacks as well. When you use a firewall, you have alerts and false positives, but Zscaler Internet Access pretty much decreases those errors and alerts.

There isn't congestion on your network when you are inspecting traffic with Zscaler Internet Access. 

• The integration of the gateway that inspects all ports and protocols. So, there is threat prevention. 
• The cloud sandbox
• VNS security
• Access control that will protect URL filtering and the cloud firewall. 
• Data protection that will protect your gateway, like your CASB or your cloud DLP. The capabilities of this will point your traffic to Zscaler Cloud.

The proxy architecture is the way to go. Zscaler uses it to protect their applications on the cloud. So, if you are using Box, Office 365, or even have an end user using LinkedIn or YouTube, then it will give you updated threat updates. It will also inspect all your traffic so you don't get compromised.

Advanced Threat Protection on Zscaler Internet Access has a few functionalities. It has ways to find threats. So, if they are actually hiding, you could do an inspection of your SSL traffic. You also have DNS security in Zscaler Internet Access that will help you route suspicious command-and-control attacks as well as detect threats when it does a full inspection. 

Zscaler Internet Access protects using data loss prevention. If you have a CASB exposing your cloud out into the network, then Zscaler Internet Access will go ahead and control that unknown cloud application in the CASB, protecting it. There is also data detection with exact data match. This improves the data coming into your cloud so you are protecting it. 

It offers a Cloud Browser Isolation feature, which exfiltrates browser activities from the end user's device. This feature can eliminate our exposures on that.

I like its features because they help me eliminate firewalls. I don't need to have firewalls, SIEMs, or an IPS/IDS. So, if all my end users are remote and using Office 365, I am already protecting them because they are in the cloud. I just have to attach the security application, which makes sure that any user who is mobile or remote is protected, without spending money on other solutions.

I wish there were a lot less products to learn, because there are a lot. They just keep surprising me with new features, even in the SaaS arena, and they keep improving in every facet. We are Zscaler partners, so I got certified in two platforms, but there is a lot room for improvement. There is just too much training, where they focus a lot on protecting the Internet as everyone is moving to the cloud. I would love for the training to be shortened.

I have been exposed to it for a year.

My clients have never really called to tell me that stability has been an issue. Feedback has always been positive. 

It is a scalable solution. It is easy to scale and secure remote users. If a company hires 100 more people, I don't think it would be a problem.

The largest environment, which I reviewed, had 2000 employees.

I would rate their professional services or technical support as five out of five based on their experience and expertise. They know how to answer all my client's problems. They are really quick to trigger and understand the client's needs as well as be very supportive. They do very well when helping their clients.

Positive

What I have seen when I am doing PoCs is you need some perimeters to start building this platform and integrating policies from day one. 

An improvement would be if they could provide an out-of-the-box experience, like 20 to 30 features all ready to go. In comparison, LogRhythm offers out-of-the-box features. With Zscaler Internet Access, there is firewall IPS, multiple security services, filtering, DLP, and CASB browser isolation. These are things that all users are going to be using. However, when an administrator or architect would start building this, I would definitely need to engage professional services to help clients do it.

Every customer is different. On average, it could be a two-week deployment. If you are using other devices, like Fortinet SD-WAN deployment, you definitely have to make sure your configured IPsecs are correct. You might have to review policies and your SD-WAN roles. You need to do a lot of cleaning up before you start deploying.

We have a client who wants to start deploying the Cloud Browser Isolation feature. You can embrace this cloud platform using IPAC Files, which is just a clean way of deploying it.

I have personally worked for other vendors doing professional services as part of a professional services team. Every client decided to purchase professional services because deploying Zcaler Internet Access is too complex.

I am saving money right now because I am not using old technology, like when we had everything on-premise and in the data center. Now, I just have to direct my end users to the Zscaler file and make sure that they are connected and secure. So, I am eliminating the total cost of ownership and the headaches of on-premise devices. I am also reducing their risk by making sure that they are protected in real-time.

When I talk to clients, they mention that there is a return of investment from improving the real-time protection. There is no need anymore to buy: 

• An antivirus
• A third-party vendor to protect your DNS, like Cloudflare. 
• Check Point SandBlast 
• Symantec DLP, Forcepoint, or Netskope since you already have DLP protection. 
• LogRhythm or Splunk for logging.

Those are the benefits. I have a lot of clients explaining this to me that this is the reason to have this solution. Zscaler Internet Access is transforming all that for web traffic security.

The pricing is fair based on its competitive market.

Palo Alto's vulnerability assessment requires an on-prem solution to work with your cloud. Zscaler Internet Access has already been bundled up to provide no-hassle, free Internet network connectivity that ensures protection. When you are using Palo Alto and want to assess vulnerability in your network, you probably need to use on-prem and cloud workloads. There is no reason to do that with Zscaler Internet Access.

Zscaler Internet Access has ease of development, like minimal setups needed for connectivity. You can continue securing protection, allowing your remote users to have access to your applications. Then, it is pretty quick to set up for Zscaler Internet Access. Some companies don't have many tools, so there are no delays there. When it comes to LogRhythm, there are a lot of things that you have to deal with. You have to deal with your log server as well as setting up your authentication server, firewalls, policies, rules, and zones, then you need to get it running and customize it based on your company's needs. Because LogRhythm has 30-plus features ready to go, it can be easier and smoother to deploy. However, there will always be a couple things where you have to do some preliminary requirements before you continue.

Overall, it is a secure platform.

I actually interviewed with Zscaler to work with them because I have been impressed with their technology overall, especially over Palo Alto Networks technology who is their competitor and has a SaaS solution as well. From the top to bottom, Zscaler Internet Access is a great security product that protects my end users and remote users in the cloud.

If you want total cost of ownership and zero-trust architecture, Zscaler is the right solution to fit the needs of any environment.

I would rate the solution as 10 out of 10.

Our customer already had the product, which they got from another vendor. They were facing some issues with their existing policies. Our role was to optimize the policy. So we optimized Threat Protection, DLP, and CASB policies per the customer’s requirements. In their environment, G Suite was completely allowed for some users, but they wanted only to allow a specific corporate domain. As per the recommendation, CASB policy must have been in place, but it wasn’t. So we optimized the tool as per their requirement and delivered it.

The product has different modules like SWG, CASB, DLP, and Threat Protection. The most valuable feature of the solution is SWG traffic. The product is very good in web traffic.

Cloud App’s database should be improved. Currently, they only support and provide granular controls to around 1000 cloud applications. In Netskope, it is more than 3000. Around 65,000 applications are visible to the users in Netskope, but Zscaler only supports around 3000 to 4000. Cloud App is not good. UI is not as easily understandable as Netskope. Netskope has a source, destination, and action policy. In Zscaler, we have to click multiple tabs to get it. It's a bit tricky compared to Netskope. Once we understand it, it's simple.

I have been using the solution for four to five months.

I rate the solution’s stability an eight out of ten.

I rate the product’s scalability an eight out of ten. Currently, the product is facing major issues in scalability because the company is over ten years old. The data center they have in India goes down frequently. VLANs also go down frequently. Due to this, the product gets turned off completely, and sometimes, the users go to different traffic. If it’s an on-prem user, they go via a firewall, which increases the pain for the customers. They have a problem with DC. VLANs go down sometimes. That's why the user faces complete disconnection issues for the proxy. Two people in the organization are using the solution.

The initial setup is straightforward. It is just a plug-and-play process. When the Zscaler client is installed on the machine, it works like a normal proxy. They're connected to the cloud. The solution is deployed on all the users’ machines, and the management and policy creation is done at the cloud level. It's a cloud proxy.

The deployment is just a plug-and-play process. The policy is very simple.

We acquired a customer for optimization. Overall, I rate the product a seven out of ten.

The main use cases that our clients typically have and why we propose and implement the solution is for a proxy solution. It's designed to create a proxy site-to-site tunnel between the computer trying to access any resources on the Internet or within the offices. Most organizations have a significant number of remote workers - around 30 to 40 percent of their workforce is remote - and they log in from different locations globally, such as Japan, the US, Europe, and Asia. So they need one solution to cover these remote locations and provide a proxy solution.

In addition, we need to have minimum bandwidth latency, and Zscaler is the most suitable product we see. Whenever a customer comes to us with a large geographical spread in terms of their workforce, we propose and implement this solution across the cloud, as required.

One feature that is valuable to me from an implementation point of view is that it's very easy to implement. We just had to route in some IPs, and it automatically hops into the nearest Zscaler nodes, which they call it. They have more than 150 nodes across the globe. Essentially, if I'm trying to access a server in India at this point in time, and the server I'm trying to access is somewhere in Singapore or Tokyo, it creates a lot of internet latency. But with Zscaler, it's not the case because they have a server in almost every major hotspot in the world. In India, if you're connecting, they will automatically route to their nearest server. Since they have servers in so many places in the world, we can easily configure them to the nearest server. 

The end-user who's using it doesn't feel the latency, and it's really minimal, less than three milliseconds, six milliseconds, whereas the competition has more than ten milliseconds and eleven milliseconds as latency.

There are a couple of areas of improvement in the solution. Firstly, there are some performance issues when we add on additional controls. Zscaler Internet Access is a plain vanilla solution that allows you to add CSV or DLP on top of it. However, once you add these modules, the performance degrades for a bit, and the latency increases significantly. We're talking about a two-fold or three-fold increase in latency. They need to work on this. So the performance goes down when using a lot of features simultaneously.

Moreover, the implementation interface is not very good. It has some minor bugs, and it's not properly streamlined. However, these are not software issues that cannot be resolved. A simple reboot or a call to the reseller personnel can guide you in resolving these issues. But the experience can be more seamless if the interface is improved.

I have hands-on experience with Zscaler Internet Access, a cloud proxy solution similar to Cisco's proxy solution.

We've been working with Zscaler Internet Access for almost three years now. We use the basic Zscaler Internet Access with add-ons like CASB and DLP. This is the solution we sell and implement the most.

I would rate the stability an eight out of ten. 

It is a scalable solution. I would rate it a ten out of ten. There are more than 15,000 users under different organizations. They are small and medium-sized businesses. The largest organization that deployed Zscaler had 8,000 users. 

The customer service and support team is good. 

Positive

I would rate the initial setup an eight out of ten, where one is difficult and ten is easy. The deployment process is quick, around 6 to 8 weeks. But that depends on the geographical locations we need to cover. If we only need to cover two to three locations, it's good enough.

The deployment process involves building the Zscaler package, which can be vanilla or vanilla plus bundle, and then remotely pushing it to the client machine using Microsoft Intune or whatever it is. Meanwhile, we have to build the configuration and policy based on the client's requirements.

First, what we do is we build the ZScaler package. The package includes the features that will be going through the solution. Once the package is built, it is pushed into the endpoints or machines, such as computers, laptops, and desktops, through Microsoft Intune or SCCM, or any other patching solution that they have. Meanwhile, we configure Zscaler to the nearest hub that the reseller has. They have more than 150 nodes across the globe, so we configure the nearest hub for them. Once that configuration is done, we have established a connection, and the systems have gone online, then you can actually use the solution.

So, it's basically a two-step process. Rolling out the package, rolling out the agent, and configuring the reseller to the nearest hub. That's it. It's a smooth process.

Zscaler is transparent about its pricing model. However, it is not a cheap solution. I would rate the licensing model a seven out of ten. 

My advice, generally, is that if a client has a growth prospect with an increasing number of employees moving across the globe, then Zscaler advises having a product that is scalable and fast. By fast, I mean it has low latency, making it very scalable. Zscaler Internet Access is a completely cloud-based product and is highly scalable. It is a reliable solution to have in your IT stack. 

Overall, I would rate Zscaler an eight out of ten. Zscaler Internet Access is highly scalable and has low latency, making it one of the most reliable products with good market support and presence. I rated it an eight and not a ten because there are a couple of constraints in scaling certain things. For example, some customers, such as federal institutions of the US, state of clutter, or some banks, want an on-premise solution. They want more control because Cloud will always have a security issue somewhere or the other, and Zscaler Internet Access does not have an on-prem solution. Also, when you increase the features, it does lag a bit, which should not happen.

We use the solution for internet access, web-based policies, and application-based policies. It has a device posture profile, which is new. 

DNS security is in progress now. I have done the test cases in my lab, however, now we are deploying it for 30,000 users. I'm working on that project as well. Apart from that, I have worked in ZIA's firewall and DLP.

The product is simple yet has a lot of features.

It offers a straightforward setup process. Setting up the solution is simple.

The solution is stable and reliable.

Users can scale the product.

There are some flaws which I don't like. Mostly I was an engineer for the proxy. In that case, there are limitations. There are limited categories and limited URLs which we can create.

We'd like to see a more user-friendly interface. 

Technical support could be better. They should be more technical. Also, they need to ensure when you ask for help, they communicate better amongst themselves what the issue is so that customers aren't constantly repeating themselves. 

I've been using the solution for about one year. 

It's quite stable and offers good performance. There are no bugs or glitches and it doesn't crash or freeze. It is reliable.

It's scalable and easy to expand. 

We have multiple clients that use the solution. We have between 8,000 and 50,000 clients. 

I've contacted technical support multiple times. They are okay. However, they could be better. We sometimes need more technical responses.

Often, our support person will change, and then we have to explain over and over the issue, what went wrong, and what's been done. It may take days to resolve things even if it is a simpler case due to the repetition and the fact we are changing from support staff to support staff. 

Neutral

The solution is very straightforward and simple to set up.

Users just decide if they want to connect via desktop or remote VDI servers, and that's it. They decide on what ports and protocols they want to connect. Once that question is clear, then they just have to just create the connection between the cloud and between the enterprise. After that, it's all about the configuration once you are done on the portal.

I don't deal with the licensing aspect. I can't speak to pricing. 

I'd rate hte solution seven out of ten. 

It's a proxy solution, and we use it for reverse proxy, DNS security, and storage security.

The users are at different locations, and Zscaler helps us to put the organization's central security controls on these roaming users.

The performance needs improvement. Some areas create performance issues and, depending on the use cases, require reconfiguration to perform again.

I've been using this solution for one and a half years.

It's on Zscaler cloud.

I find Zscaler to be very stable.

It's very scalable because it's the cloud version. We have 100,000 users across all levels.

I would give technical support an eight out of ten.

Positive

We previously used Westcon-Comstor, which was on-premises, but with Zscaler, we moved to the cloud solution.

The initial setup was pretty easy. The deployment took about three months.

Our team of two members along with Zscaler's team implemented the solution.

We have seen an ROI. This is a well published product, and you get value for your money.

Because it's a cloud solution, we pay on a yearly basis. It is affordable and includes tech support and all features.

Each use case is different, and you have to evaluate it and take the risk.

On a scale from one to ten, I would rate Zscaler Internet Access at nine.

In the past, I prepared a comparative stable between Zscaler and other concurrent or alternative solutions. I saw that Zscaler has a good mark in many criteria. We use Zscaler for centralized data loss prevention (DLP) for web, endpoint, and email. It also has the capacity for SD-WAN integration, threat installation, and is easy to deploy compared to other solutions.

Zscaler, by offering many solutions for workload and remote workforce connectivity, has improved our organization's productivity. It leverages AI for threat intelligence and malware detection, which enhances our security measures.

Zscaler offers a centralized DLP solution for web, endpoint, and email. It also provides SD-WAN integration and an inspection feature that inspects one hundred percent of traffic, ensuring it is secure and meets our connectivity needs.

There are many functionalities in Zscaler Internet Access that need improvements, such as an advanced firewall and logging capabilities to track calls.

I have been using Zscaler Internet Access for one year now.

The stability is rated an eight out of ten.

I rate the scalability of the solution as eight or nine out of ten.

Customer service sometimes is not helpful, with long waiting times when issues arise. However, in some cases, the support team is faster and satisfactory.

Neutral

Before using Zscaler Internet Access, we used another solution, which secured us with a gateway.

I'd rate the setup nine out of ten. It is a relatively easy setup process.

We have seen measurable benefits, such as improvements in security measures and productivity. However, experiences with customer service have been mixed.

Compared to other solutions, Zscaler Internet Access is higher in cost.

Based on my experience, I recommend Zscaler Internet Access.

I'd rate the solution nine out of ten.