Zscaler Zero Trust Exchange Platform Reviews

There's a different mechanism and modules. For example,  ZIA is primarily for internet access from the user's side. We can forward the traffic using the ZIA client connector agent installed on user machines like laptops and desktops. 

Users can log in using their credentials and even use single sign-on. Once logged in, their traffic is forwarded to the Zscaler cloud. 

Based on the user profile, we can define policies on what type of content they can access, like streaming or specific file types. It provides data protection as well. 

Alternatively, there's another configuration. If we can't install an agent, we can forward traffic using a PAC file URL to Zscaler servers.

With Zscaler, there are various modules like ZIA, private access, and digital exchange. All focus on internet access, but there's a concept where all traffic is forwarded using the Zscaler agent. 

Previously, they used a different portal where traffic from tools like Jira and FortiGate was allowed. The issue was that third-party applications weren't always supported. We had to configure them manually, and often we had to forward traffic to the Zscaler Cloud.

On the improvement side, when we bypass certain internet traffic types, it's currently recommended to have a one-click option, but audio and video aren't always supported. Thus, we need to bypass that kind of traffic. So, it is an area of improvement.

Another issue is with DNS exclusions and internet bypasses. Even if we put some URLs into DNS exclusion, it doesn't always work. So we often have to use a VPN gateway bypass. If they provided functional DNS exclusions and internet bypasses, it'd be much smoother.

I have been using it for the last three years. 

If I had to provide a rating between one to ten, I'd give it a seven out of ten. Some areas need improvement, like classification understanding, general and fingerprinting. Some classifications aren't adequately addressed by the DLP rules they provide.

The customer service and support are very good because we have dedicated team support on that and a dedicated customer success manager also. If the technical team doesn't resolve within the alert timing, I can escalate, and they assign a senior person to the call.

The current era is moving towards having a single agent manage everything. We can set up the SAP. Previously, we were using the proxy solution. This is on-prem and very hectic to manage. And policy synchronization was also a challenge. 

Zscaler is a SaaS-based solution, making it easy for users from any location to connect. It's very easy to use with minimal operational challenges. Not just Zscaler, but other SaaS solutions like NetScope and Palo Alto as well.

As for the DLP, there's a web-based version and a hosted ERP version. I haven't tested the OS DLP capabilities yet, but the web-based version is in line.

There are around 50,000 end users in our organization. In my organization, I'm part of the COE group, Centralope Accelerate, and I'm in charge of projects, implementations, and escalated support issues.

I have three team members under me at a proxy level, and then there are about ten people at level one. They handle basic troubleshooting, and if they can't resolve issues, they escalate to level two or even to me.

When I look back two or three years, I feel it's worth it. The product has been good for our infrastructure and has positively changed our user experience. 

However, in the current scenario, we need to think more strategically and consider integrating other services like private access, DLP, CASB, etc.

It's expensive currently. But when purchasing for a large number of users, there's room to negotiate. It's really up to the procurement team. 

From my experience, it's a pricey product, but with a larger user count, there's flexibility in the pricing.

If your requirements are at an intermediate level and you need to access DMC, then I would recommend this solution. If you require more detailed data classification, you might want to consider Netscope as they provide very granular classification. However, it really depends on the company's needs and requirements.

Overall, I would rate the solution an eight out of ten. 

Zscaler offers a point-to-site or point-to-point connectivity to a dedicated service in a secure way. The DNS encryption is based on the identity of users or the identity of a group of users.

It's a cloud solution. We use Zscaler App Connector to manage the solution. As a company, we need to manage connectors. Some are attached to the virtual machine.

Typically, we have 200 fixed users. We can increase the number of users by 10% each year.

The integration with cloud providers, like Azure or GCP, is easy. The Live Logs are a cool feature. We can directly identify issues and divert user traffic.

I have used this solution for four years.

It's stable, but sometimes we need to do things manually to get access. For example, if there is a new user, they need to log out and log back in to enforce updates.

It's scalable.

I would rate technical support as four out of five. We don't always get the desired answer because of the limitations of the product.

We have also used Azure Point-to-Site.

Setup is a bit complex because there are many steps that need to be taken before onboarding and activating the solution. The difficulty of setup will depend on the use cases.

It took at least one hour to activate everything and deploy the solution.

The cost is expensive. It depends on the number of users. There is a license for basic encryption. If we want to add new features, we have to pay to activate them. We have two types of licenses: a license for users and a license for our subscription.

I would rate this solution as nine out of ten.

We use the solution to restrict uploading over public sites. We control the users’ actions through DLP. Only users who have access can upload files. We manage multiple policies.

The policies are very easy to implement. It's very easy to understand. We have the option to assign time limits to the access we provide. For example, we can implement a policy for one year for a particular user. Once it expires, we can disable it.

We have some limitations while checking logs. The product must allow users to check logs for an entire year in the local console. Currently, we can check logs only for the previous three to four months.

Forcepoint provides multiple services separately, but Zscaler does not provide separate DLP. It will be good if Zscaler provides the DLP module separately.

I have been using the solution for the last two years.

I rate the tool’s stability a ten out of ten.

The tool is very scalable. I rate the scalability a ten out of ten. Approximately 5,200 people are using the solution in our organization.

We are also using Forcepoint.

The initial setup is very easy.

The product is a little more expensive than other tools.

We do not face any challenges with the product. If we have any problems, the vendor helps us. The product is everywhere. Everyone is using it. It's very, very flexible. It provides a single solution for multiple modules like DLP, proxy, and firewall. Overall, I rate the tool a ten out of ten.

We use Zscaler Private Access to authenticate our applications, which provides a more secure way to access the Internet from our work environment. We have multiple policies for different types of users. When new users join the company, they authenticate the VPA application to access the Internet. We use SSL bypass policies, tenant restrictions policies, and Microsoft tenant cloud application policies. We also use File Type Control Policy for all categories of files, and our traffic goes to the WAPAC file and the application. We are using services as per the requirements of our clients.

The most valuable features are the File Type Control and SSL bypass policies. We have multiple options, such as very flexible policies and modules in Zscaler. We will define them based on our requirements and the active Internet. We also have geolocation users. For example, a user from Singapore moves to Dubai. When the user tries to access the Internet, Zscaler automatically detects the geolocation and drives our traffic to the other channel. There is no issue here. 

When using a Blue Coat, we have some problems. Sometimes, some of our users have some issues, but once we update the agent, the traffic goes to the current geolocation without any problems, and they can access it. Sometimes, we have some URL categories blocked in our environment, but HPE sometimes removes the block. We request that the vendor to remove the block from the correct URL category. They provide a suitable solution based on the findings.

There is some issue while accessing the portal. It takes too long. It will take longer if I am on the URL Cloud App category and switch to other tabs.

I have been using Zscaler Private Access for five years.

If something happens, they have integration and they send notifications. I rate the solution’s stability a ten out of ten.

If I need to switch the policy to another task, the solution takes time. I rate the solution’s scalability a nine out of ten.

Compared to other proxies, such as Glook and IronPort, Zscaler Private Access is very easy to handle.

The initial setup is easy. You need to configure the proxy tool for the network configuration. They can forward multiple services based on the client's requirements. If we need to use the VPA, we need to authenticate. It takes one day to implement the solution, but for smooth running, it takes around a month because of timely revision.

The solution is expensive.

The categorization issue is dependent on the end user. For example, if I am trying to access a categorized URL but need to access it for work, I should be able to request a change to the categorization. Forcepoint can change the categorization itself, or the client team can do it for me. This is enough to change the categorization to meet the requirements. Overall, I rate the solution a ten out of ten.

We are currently using Zscaler Cloud DLP internally and it provides us with a robust and highly configurable Data Loss prevention engine, which meets our specific data handling needs.

We experienced many benefits, including improved visibility and the ability to identify vulnerabilities in existing configurations. Its impressive scalability allows the combination of multiple dictionaries and using them as one engine, resulting in narrower data loss gaps. There are significant enhancements in email and file confidentiality, particularly with integration to MCAS solution, which provides insights into permissions and access control for files stored in OneDrive and SharePoint.

The most valuable features are its robustness and high configurability, particularly in relation to existing DLP dictionaries. The ability to choose and utilize specific dictionaries for various purposes, such as credit card checks or monitoring file permissions and transmissions within the corporate network. The platform allows the administrator to monitor who is sharing files and who has access to them, providing a proactive approach to data security.

The customers would benefit from more robust documentation and conversations around configurations, as it is slightly complex. Also, there should be an option for acquiring DLP as a standalone product rather than bundling it with packages, as this would provide more flexibility for customers who only need specific features. They should also provide more reviews and guidance on selecting the best-rated engines and dictionaries, as well as facilitating reporting for DLP violations and integrations with other cloud storage solutions. 

We have been using it for a year now.

Zscaler sells internet access, not specifically DLP, so we had to build a point of presence for our location in Kenya due to latency issues.

It offers high scalability capabilities.

We faced some issues regarding the business support from them due to the lack of knowledge and understanding of troubleshooting processes, which may be time-consuming. However, after we submitted the tickets, they did provide their support and eventually, solved our issues.

Neutral

We tried a few different solutions, but we opted for Zscaler because we were already using other products from them.

The implementation process was straightforward, with good support and training provided by Zscaler. We found it easy to roll out the cloud connectors and configure policies for DLP. The whole process took about three weeks with the help of three individuals, including myself.

Zscaler DLP solution is expensive, with a fixed pricing structure that is billed annually and monthly. There are no additional costs for licenses.

I would recommend having a clearly defined objective and goal, which would facilitate choosing and implementing the solution effectively. I would rate it nine out of ten.

We use Zscaler CASB for DLP and shadow IT.

The most valuable features of Zscaler CASB are API integration and DLP.

Zscaler CASB should include integrations with other SaaS applications.

We just bought Zscaler CASB a week ago.

I rate Zscaler CASB a nine out of ten for stability.

Zscaler CASB has good scalability. I rate Zscaler CASB a seven out of ten for scalability.

The solution's technical support provides a late response; otherwise, it's fine.

Neutral

I have previously worked with McAfee. Compared to Zscaler CASB, McAfee needs to upgrade a lot of things. We chose Zscaler CASB because of more applications and information that we could get to do some fine-tuning on the policies.

The solution's initial setup is supposed to be fairly easy since it's an API.

We haven't yet started to deploy the solution. We will seek the help of professional services to deploy Zscaler CASB.

Zscaler CASB is an expensive solution. On a scale from one to ten, where one is less expensive and ten is more expensive, I rate Zscaler CASB's pricing a seven out of ten.

I recommend users consider the cost and benefit, integration, and supported applications before choosing Zscaler CASB.

Overall, I rate Zscaler CASB a seven out of ten.

We can use Zscaler Private Access as a recipient for external communication. Zscaler Private Access can help users sitting in our organization domain and trying to access their own internal company sources. The traffic is forwarded to us through the Zscaler Private Access node, which we can have in our own infrastructure, or it can be hosted on the Zscaler private cloud.

We are using Zscaler Private Access to build our own Zscaler private node. Although this node is maintained and managed by Zscaler, it resides in our own data center or domain. So the traffic forwarded from the user system towards any internal resource will go through this private node.

Zscaler Private Access is a platform that eliminates the complexity of VPN configuration. Zscaler Private Access is easy to configure and manage and takes less time to configure. We can manage our own application or secure our application and our own internal traffic. We can create a security node in our own infrastructure.

We are getting some issues with internet access. Authenticating or onboarding something on Zscaler Private Access manually is a troublesome task. Users report application access or latency issues with Zscaler Private Access.

I have been using Zscaler Private Access for the last two and a half years.

I rate Zscaler Private Access eight and a half out of ten for stability.

I rate Zscaler Private Access an eight out of ten for scalability.

Zscaler Private Access' initial setup is not as easy as ZIA, but it's okay compared to other platforms.

Zscaler Private Access will ease your task, equal to a VPN. Lots of companies are using their own VPN access.

Overall, I rate Zscaler Private Access an eight out of ten.

I use Zscaler CASB to get the visibility of the cloud application since everything is moving to the cloud these days. We use the solution to get complete visibility of what is happening on my drive and official applications. The solution also helps to restrict information shared with my other partners.

Zscaler CASB's latency and architecture are excellent.

Zscaler CASB needs to improve its applications or connectors. The solution's granularity should be improved because it has limited granular options to control, visible, allow, block, delay, and receive.

I have been using Zscaler CASB for one year.

Zscaler CASB is a stable solution.

Zscaler CASB is a scalable solution because it is a cloud-based solution. Around 30% of the industry people are using Zscaler CASB.

Zscaler CASB's technical support is good. The solution's support team is available, but they don't have much visibility of what is happening and take too much time to resolve it.

Positive

Zscaler CASB's initial setup is easy.

As per industry leads, Zscaler CASB is an expensive solution.

Zscaler CASB is deployed on-cloud in our organization.

I would recommend Zscaler CASB to other users. Zscaler CASB has a seamless deployment. The solution needs to improve on the navigation or user experience part.

Overall, I rate Zscaler CASB an eight out of ten.