Zscaler Zero Trust Exchange Platform Reviews

I use Zscaler Cloud DLP since my company's clients use Zscaler Cloud Proxy in their environments. I deal with Zscaler Cloud DLP since it meets the requirements of my company's clients and helps to manage data breaches. In general, my company takes care of the configuration part of Zscaler Cloud DLP and provides it to our company's clients as a service.

With Zscaler Cloud DLP, my company benefits from the granular control it provides us. My company provides Zscaler Cloud DLP to our clients as per their requirements, and moreover, we can filter out and deny or allow providing the features related to DLP for a specific user or a location. Basically, Zscaler Cloud DLP provides general control to a person over which files a person wants to allow or deny for a specific user or location. Zscaler Cloud DLP is very easy to configure. With just a few clicks, one can easily take care of the configuration part related to the product.

As of now, no improvements are required in the solution. Though not an improvement from a product perspective, there is no documentation related to Zscaler Cloud DLP on the internet. You won't find anything that can help you with the configuration part and other areas related to the product if you search for proper or exact details of Zscaler Cloud DLP online in very easy language. In short, you can't find any documentation about the product which is exactly arranged in a proper manner. Availability of knowledge related to the product is not there in the public domain.

I have been using Zscaler Cloud DLP for more than three years. My company has a partnership with Zscaler, so we provide solutions from Zscaler to our clients.

Stability-wise, I rate the solution a nine out of ten. I did not have any issues related to the product. For some of the tag-related cases opened with the support team, no proper support was available.

It is a very scalable solution. Scalability-wise, I rate the solution a ten out of ten.

I work in a large organization, so I think more than 1,000 users use Zscaler Cloud DLP.

The solution's technical support is easy for my company to reach out to, and they are also very supportive. I rate the technical support a ten out of ten.

Positive

I have experience with Palo Alto Networks Firewall.

The product's initial setup is easy.

The solution can be deployed in ten to twenty minutes.

The solution is deployed on a private cloud.

Zscaler Cloud DLP offers cutting-edge technology and is easy to configure and use. People should opt for Zscaler Cloud DLP if they have the opportunity.

Considering that there is always some room for improvement, I rate the overall tool a nine out of ten.

Private Cloud

Unlike unconventional data that's being exposed, data loss prevention can become very difficult. Several of the old technologies, such as Symantec and McAfee, can cause a range of problems. On top of that, it derives from a lot of fines for customer loss. You can go through legal ramifications and damage to your company brand when data is exposed. Zscaler creates a significant bypass of security controls. It helps you with your compliance. Basically, it will then help you protect sensitive data.

Zscaler's Cloud DLP will also assist the users off-network, protecting them against data loss. The Cloud DLP will inspect all the traffic including SSL, which will give you protection and visibility. Zscaler Cloud DLP will also allow for compliance. It'll give you compliance for all major regulations that you have to go through.

Their technology can monitor and inspect data on the corporate level. It protects all the sensitive data from within the organization. You could definitely review anything that is on the network and verify the DLP tools by setting alerts and rules in order to mitigate risks such as losing your customers' PAI.

It's a pretty solid solution.

It connects to the cloud, so it's really fast. It obviously is going to bypass the gateway, give you security controls, and also allows SSL traffic to be hidden.

You can close your data protection gaps with Zscaler. You can quickly find all the classified, sensitive data across the cloud. You can also have protection using advanced features like Exact Data Match, and that's document matching as well as machine learning.

The pricing of the solution is very good.

The solution is very stable.

The initial setup is pretty straightforward.

The product scales well.

Zscaler is an integrated platform, so it's fully integrated with zero-day protection to all the users working from home or in our offsite network, and it's going to make customers close that security gap.

Zscaler will protect PII for all users regardless of their geolocations as well it will simplify compliance requirement's by eliminating complexity of legacy systems and securing your cloud data across all channels data in motion, at rest,
and across endpoints and clouds.

I've been dealing with the solution for almost two years at this point. 

The stability is good. Every function of the Zscaler DLP performs very quickly. It's very stable, and it's powered by AI. When it comes to threat and data leakage, it's on a packet-by-packet basis. You have a zero-trust exchange and it's a complete data loss prevention or protection package. It does a full inline inspection, including SSL and TLS traffic.

The scalability is good. The transformation for scalability is based on IT operations. It is easy to add and deploy from branches. It will reduce the architecture for MTLS cost without adding any burden to the actual upgrade of your deployment.

I haven't directly dealt with technical support. I can't speak to how helpful or responsive they are as I have no direct experience with them.

I've previously used Symantec SLP. That was a couple of years ago. 

There are a few key differentiators for Zscaler. Obviously, it's faster, and it's secured. You're routing traffic directly to the internet when you use Zscaler, and in that way, you are reducing cost. There is no reason to spend a lot of money on MPLS. There is no need to buy that. You could deploy and manage security appliances or any new generation firewalls on each branch, and you're providing more security without compromising cost. You're centralizing an overall zero-trust architecture by enforcing policies just a few clicks away.

The good thing about the setup is you don't really need hardware appliances to deploy it. All you need to do is connect your Zscaler services, which is pretty simple, and forward all of your internet traffic to the Zscaler services. That's how you secure all your internet traffic. You can apply policies accordingly.

As far as the pricing, it's very competitive. The more users you have, the cheaper it ends up being annually.

Let's say you have 100 users, it'll cost $39.69 a user. And if you have 10,000 users, it will cost you $19.15 per user. The more users you have, the cheaper they are individually. If you have a ZIA Professional bundle, the pricing is pretty affordable.

The struggle from old IT infrastructure is that you're dealing with a lot of legacy hub-and-spoke architecture and companies used to spend a lot of money on MPLS say 10, five years ago. If you're using old technology and your on-premise, you're forcing to pay twice for your internet-bound traffic. Those are the reasons why customers are rethinking their current solutions and moving to an easy solution like Zscaler in a cloud.

I'm a reseller.

I'd rate the solution at a nine out of ten. I'd advise that this is one of the layers of security that most people need to have.

There's a different mechanism and modules. For example,  ZIA is primarily for internet access from the user's side. We can forward the traffic using the ZIA client connector agent installed on user machines like laptops and desktops. 

Users can log in using their credentials and even use single sign-on. Once logged in, their traffic is forwarded to the Zscaler cloud. 

Based on the user profile, we can define policies on what type of content they can access, like streaming or specific file types. It provides data protection as well. 

Alternatively, there's another configuration. If we can't install an agent, we can forward traffic using a PAC file URL to Zscaler servers.

With Zscaler, there are various modules like ZIA, private access, and digital exchange. All focus on internet access, but there's a concept where all traffic is forwarded using the Zscaler agent. 

Previously, they used a different portal where traffic from tools like Jira and FortiGate was allowed. The issue was that third-party applications weren't always supported. We had to configure them manually, and often we had to forward traffic to the Zscaler Cloud.

On the improvement side, when we bypass certain internet traffic types, it's currently recommended to have a one-click option, but audio and video aren't always supported. Thus, we need to bypass that kind of traffic. So, it is an area of improvement.

Another issue is with DNS exclusions and internet bypasses. Even if we put some URLs into DNS exclusion, it doesn't always work. So we often have to use a VPN gateway bypass. If they provided functional DNS exclusions and internet bypasses, it'd be much smoother.

I have been using it for the last three years. 

If I had to provide a rating between one to ten, I'd give it a seven out of ten. Some areas need improvement, like classification understanding, general and fingerprinting. Some classifications aren't adequately addressed by the DLP rules they provide.

The customer service and support are very good because we have dedicated team support on that and a dedicated customer success manager also. If the technical team doesn't resolve within the alert timing, I can escalate, and they assign a senior person to the call.

The current era is moving towards having a single agent manage everything. We can set up the SAP. Previously, we were using the proxy solution. This is on-prem and very hectic to manage. And policy synchronization was also a challenge. 

Zscaler is a SaaS-based solution, making it easy for users from any location to connect. It's very easy to use with minimal operational challenges. Not just Zscaler, but other SaaS solutions like NetScope and Palo Alto as well.

As for the DLP, there's a web-based version and a hosted ERP version. I haven't tested the OS DLP capabilities yet, but the web-based version is in line.

There are around 50,000 end users in our organization. In my organization, I'm part of the COE group, Centralope Accelerate, and I'm in charge of projects, implementations, and escalated support issues.

I have three team members under me at a proxy level, and then there are about ten people at level one. They handle basic troubleshooting, and if they can't resolve issues, they escalate to level two or even to me.

When I look back two or three years, I feel it's worth it. The product has been good for our infrastructure and has positively changed our user experience. 

However, in the current scenario, we need to think more strategically and consider integrating other services like private access, DLP, CASB, etc.

It's expensive currently. But when purchasing for a large number of users, there's room to negotiate. It's really up to the procurement team. 

From my experience, it's a pricey product, but with a larger user count, there's flexibility in the pricing.

If your requirements are at an intermediate level and you need to access DMC, then I would recommend this solution. If you require more detailed data classification, you might want to consider Netscope as they provide very granular classification. However, it really depends on the company's needs and requirements.

Overall, I would rate the solution an eight out of ten. 

Public Cloud

We use Zscaler CASB for DLP and shadow IT.

The most valuable features of Zscaler CASB are API integration and DLP.

Zscaler CASB should include integrations with other SaaS applications.

We just bought Zscaler CASB a week ago.

I rate Zscaler CASB a nine out of ten for stability.

Zscaler CASB has good scalability. I rate Zscaler CASB a seven out of ten for scalability.

The solution's technical support provides a late response; otherwise, it's fine.

Neutral

I have previously worked with McAfee. Compared to Zscaler CASB, McAfee needs to upgrade a lot of things. We chose Zscaler CASB because of more applications and information that we could get to do some fine-tuning on the policies.

The solution's initial setup is supposed to be fairly easy since it's an API.

We haven't yet started to deploy the solution. We will seek the help of professional services to deploy Zscaler CASB.

Zscaler CASB is an expensive solution. On a scale from one to ten, where one is less expensive and ten is more expensive, I rate Zscaler CASB's pricing a seven out of ten.

I recommend users consider the cost and benefit, integration, and supported applications before choosing Zscaler CASB.

Overall, I rate Zscaler CASB a seven out of ten.

Public Cloud

Microsoft Azure

It ensures a secure online environment for our users, irrespective of their location. By routing all internet traffic through the Zscaler Cloud, users can browse safely, shielded from malicious content. Whether connected from the office or home network, Zscaler enforces our defined policies consistently.

Our users experience a safe and secure internet connection, whether they are in the office or connecting via their home Wi-Fi network or a public network. The Zscaler policy governs their internet access consistently, eliminating the reliance on individual IPs.

We utilize a shared security VPN for users to establish a connection between their devices and the Zscaler Cloud, enabling them to access the office network. This secure connection allows users to connect to the Zscaler VPN and access the resources on the office network, making it a highly valuable component of our system.

Occasionally, issues arise in the LogStack by a third party, particularly for government websites accessed by numerous users. This can trigger false positives, causing certain IP ranges to be perceived as a security threat or associated with malicious activities, resulting in blocks. In such instances, we often find ourselves waiting for the block to be lifted or having to engage with the concerned website administrators. This is where Zscaler's expertise becomes crucial in addressing false positive blocks, as these incidents might not necessarily indicate malicious intent but could be errors affecting access to the platform. It is recommended that they incorporate EDR features into their offerings.

We have been working with it for more than a year.

It demonstrates overall stability and effectively upholds the smooth functioning of the entire infrastructure. We haven't encountered any issues with it. I would rate it nine out of ten.

In terms of scalability, our current setup is sufficient for our needs. We have a user base exceeding ten thousand. It's a ubiquitous tool for everyone in the business. Nearly all users utilize it for internet browsing every single day. I would rate it nine out of ten.

The technical support team effectively manages and provides robust support for the solution. I would rate it eight out of ten.

Positive

I used Websense before, but Zscaler maintains consistent policies whether users are in the office, at home, or in public places, offering a more convenient experience.

The initial setup process was time-consuming and encountered issues, particularly with logs. Although I wasn't present during the setup, it has been reported that significant time and numerous challenges were involved. On a scale of one to ten, I would rate it five.

The deployment itself didn't take much time, but the challenge arose in identifying and resolving issues faced by numerous users. It took considerable time to pinpoint these issues. Maintenance is handled with support directly from Zscaler, and our existing security admin team oversees the management of both Zscaler Cloud and their skills.

We have observed a return on investment in a stable setup, ensuring secure internet access for users and instilling trust in the solution.

I would recommend anyone contemplating this product to carefully consider it. They can evaluate and explore the solution by taking a demo to better understand the technology. Once satisfied with the demo, they can proceed with rolling out the solution. Overall, I would rate it eight out of ten.

Public Cloud

Other

We use this solution for traffic and establishing the connection.

It's deployed on-premises.

There are 60,000 people who use Zscaler in my organization.

The best feature is the ability to establish the connection between your public network and automatically connect to the intranet connection.

The stability could be improved.

I have worked with Zscaler Private Access for six months.

I would rate the stability as eight out of ten.

I would rate Zscaler as eight out of ten.

On-premises

Zscaler offers a point-to-site or point-to-point connectivity to a dedicated service in a secure way. The DNS encryption is based on the identity of users or the identity of a group of users.

It's a cloud solution. We use Zscaler App Connector to manage the solution. As a company, we need to manage connectors. Some are attached to the virtual machine.

Typically, we have 200 fixed users. We can increase the number of users by 10% each year.

The integration with cloud providers, like Azure or GCP, is easy. The Live Logs are a cool feature. We can directly identify issues and divert user traffic.

I have used this solution for four years.

It's stable, but sometimes we need to do things manually to get access. For example, if there is a new user, they need to log out and log back in to enforce updates.

It's scalable.

I would rate technical support as four out of five. We don't always get the desired answer because of the limitations of the product.

We have also used Azure Point-to-Site.

Setup is a bit complex because there are many steps that need to be taken before onboarding and activating the solution. The difficulty of setup will depend on the use cases.

It took at least one hour to activate everything and deploy the solution.

The cost is expensive. It depends on the number of users. There is a license for basic encryption. If we want to add new features, we have to pay to activate them. We have two types of licenses: a license for users and a license for our subscription.

I would rate this solution as nine out of ten.

We use the solution to restrict uploading over public sites. We control the users’ actions through DLP. Only users who have access can upload files. We manage multiple policies.

The policies are very easy to implement. It's very easy to understand. We have the option to assign time limits to the access we provide. For example, we can implement a policy for one year for a particular user. Once it expires, we can disable it.

We have some limitations while checking logs. The product must allow users to check logs for an entire year in the local console. Currently, we can check logs only for the previous three to four months.

Forcepoint provides multiple services separately, but Zscaler does not provide separate DLP. It will be good if Zscaler provides the DLP module separately.

I have been using the solution for the last two years.

I rate the tool’s stability a ten out of ten.

The tool is very scalable. I rate the scalability a ten out of ten. Approximately 5,200 people are using the solution in our organization.

We are also using Forcepoint.

The initial setup is very easy.

The product is a little more expensive than other tools.

We do not face any challenges with the product. If we have any problems, the vendor helps us. The product is everywhere. Everyone is using it. It's very, very flexible. It provides a single solution for multiple modules like DLP, proxy, and firewall. Overall, I rate the tool a ten out of ten.