Zscaler Zero Trust Exchange Platform Reviews

We can use Zscaler Private Access as a recipient for external communication. Zscaler Private Access can help users sitting in our organization domain and trying to access their own internal company sources. The traffic is forwarded to us through the Zscaler Private Access node, which we can have in our own infrastructure, or it can be hosted on the Zscaler private cloud.

We are using Zscaler Private Access to build our own Zscaler private node. Although this node is maintained and managed by Zscaler, it resides in our own data center or domain. So the traffic forwarded from the user system towards any internal resource will go through this private node.

Zscaler Private Access is a platform that eliminates the complexity of VPN configuration. Zscaler Private Access is easy to configure and manage and takes less time to configure. We can manage our own application or secure our application and our own internal traffic. We can create a security node in our own infrastructure.

We are getting some issues with internet access. Authenticating or onboarding something on Zscaler Private Access manually is a troublesome task. Users report application access or latency issues with Zscaler Private Access.

I have been using Zscaler Private Access for the last two and a half years.

I rate Zscaler Private Access eight and a half out of ten for stability.

I rate Zscaler Private Access an eight out of ten for scalability.

Zscaler Private Access' initial setup is not as easy as ZIA, but it's okay compared to other platforms.

Zscaler Private Access will ease your task, equal to a VPN. Lots of companies are using their own VPN access.

Overall, I rate Zscaler Private Access an eight out of ten.

We manage multiple customers using ZIA and ZPA to access internal resources and secure their own web applications. It acts like a VPN access connectivity, and ZIA is used as an internet gateway for users.

Sandboxing, DLP, and SSL inspection engine are the most valuable features of Zscaler SASE. Zscaler SASE is an easy-to-use tool that manages the cloud security architecture.

Currently, we are using APIs, and we need some enhancement on the script running with the Zscaler SASE cloud API. Also, it would be better if we could integrate with other vendors. We often face performance and latency issues with Zscaler SASE.

I have been using Zscaler SASE for the last four years.

I rate Zscaler SASE a seven and a half out of ten for stability. We face performance issues if there is any anomaly on the nodes bonded with our architecture from some location. We also face some routing and latency issues on Zscaler SASE that need to be rectified. In addition, there are no dedicated Zscaler nodes in countries like China and Dubai.

I rate Zscaler SASE a six out of ten for scalability.

Zscaler SASE's deployment time depends upon your design, architecture, and infrastructure size. If you have a small network of offices, the deployment will take at least three to four days. But if you have a larger architecture, deployment time will depend upon your planning, staging, and implementation.

With Zscaler SASE, we can manage multiple features in a single platform. We can manage all allocations that we have in our architecture on a single platform. This reduces the operation cost and takes fewer resources to deploy because we have APIs in Zscaler SASE. API would be the simplest way to configure anything across our sites if we have a larger retail architecture.

ZPA is configured on our architecture, but ZIA's traffic goes to the Zscaler-hosted cloud.

Overall, I rate Zscaler SASE an eight out of ten.

I use Zscaler Cloud DLP since my company's clients use Zscaler Cloud Proxy in their environments. I deal with Zscaler Cloud DLP since it meets the requirements of my company's clients and helps to manage data breaches. In general, my company takes care of the configuration part of Zscaler Cloud DLP and provides it to our company's clients as a service.

With Zscaler Cloud DLP, my company benefits from the granular control it provides us. My company provides Zscaler Cloud DLP to our clients as per their requirements, and moreover, we can filter out and deny or allow providing the features related to DLP for a specific user or a location. Basically, Zscaler Cloud DLP provides general control to a person over which files a person wants to allow or deny for a specific user or location. Zscaler Cloud DLP is very easy to configure. With just a few clicks, one can easily take care of the configuration part related to the product.

As of now, no improvements are required in the solution. Though not an improvement from a product perspective, there is no documentation related to Zscaler Cloud DLP on the internet. You won't find anything that can help you with the configuration part and other areas related to the product if you search for proper or exact details of Zscaler Cloud DLP online in very easy language. In short, you can't find any documentation about the product which is exactly arranged in a proper manner. Availability of knowledge related to the product is not there in the public domain.

I have been using Zscaler Cloud DLP for more than three years. My company has a partnership with Zscaler, so we provide solutions from Zscaler to our clients.

Stability-wise, I rate the solution a nine out of ten. I did not have any issues related to the product. For some of the tag-related cases opened with the support team, no proper support was available.

It is a very scalable solution. Scalability-wise, I rate the solution a ten out of ten.

I work in a large organization, so I think more than 1,000 users use Zscaler Cloud DLP.

The solution's technical support is easy for my company to reach out to, and they are also very supportive. I rate the technical support a ten out of ten.

Positive

I have experience with Palo Alto Networks Firewall.

The product's initial setup is easy.

The solution can be deployed in ten to twenty minutes.

The solution is deployed on a private cloud.

Zscaler Cloud DLP offers cutting-edge technology and is easy to configure and use. People should opt for Zscaler Cloud DLP if they have the opportunity.

Considering that there is always some room for improvement, I rate the overall tool a nine out of ten.

Private Cloud

Unlike unconventional data that's being exposed, data loss prevention can become very difficult. Several of the old technologies, such as Symantec and McAfee, can cause a range of problems. On top of that, it derives from a lot of fines for customer loss. You can go through legal ramifications and damage to your company brand when data is exposed. Zscaler creates a significant bypass of security controls. It helps you with your compliance. Basically, it will then help you protect sensitive data.

Zscaler's Cloud DLP will also assist the users off-network, protecting them against data loss. The Cloud DLP will inspect all the traffic including SSL, which will give you protection and visibility. Zscaler Cloud DLP will also allow for compliance. It'll give you compliance for all major regulations that you have to go through.

Their technology can monitor and inspect data on the corporate level. It protects all the sensitive data from within the organization. You could definitely review anything that is on the network and verify the DLP tools by setting alerts and rules in order to mitigate risks such as losing your customers' PAI.

It's a pretty solid solution.

It connects to the cloud, so it's really fast. It obviously is going to bypass the gateway, give you security controls, and also allows SSL traffic to be hidden.

You can close your data protection gaps with Zscaler. You can quickly find all the classified, sensitive data across the cloud. You can also have protection using advanced features like Exact Data Match, and that's document matching as well as machine learning.

The pricing of the solution is very good.

The solution is very stable.

The initial setup is pretty straightforward.

The product scales well.

Zscaler is an integrated platform, so it's fully integrated with zero-day protection to all the users working from home or in our offsite network, and it's going to make customers close that security gap.

Zscaler will protect PII for all users regardless of their geolocations as well it will simplify compliance requirement's by eliminating complexity of legacy systems and securing your cloud data across all channels data in motion, at rest,
and across endpoints and clouds.

I've been dealing with the solution for almost two years at this point. 

The stability is good. Every function of the Zscaler DLP performs very quickly. It's very stable, and it's powered by AI. When it comes to threat and data leakage, it's on a packet-by-packet basis. You have a zero-trust exchange and it's a complete data loss prevention or protection package. It does a full inline inspection, including SSL and TLS traffic.

The scalability is good. The transformation for scalability is based on IT operations. It is easy to add and deploy from branches. It will reduce the architecture for MTLS cost without adding any burden to the actual upgrade of your deployment.

I haven't directly dealt with technical support. I can't speak to how helpful or responsive they are as I have no direct experience with them.

I've previously used Symantec SLP. That was a couple of years ago. 

There are a few key differentiators for Zscaler. Obviously, it's faster, and it's secured. You're routing traffic directly to the internet when you use Zscaler, and in that way, you are reducing cost. There is no reason to spend a lot of money on MPLS. There is no need to buy that. You could deploy and manage security appliances or any new generation firewalls on each branch, and you're providing more security without compromising cost. You're centralizing an overall zero-trust architecture by enforcing policies just a few clicks away.

The good thing about the setup is you don't really need hardware appliances to deploy it. All you need to do is connect your Zscaler services, which is pretty simple, and forward all of your internet traffic to the Zscaler services. That's how you secure all your internet traffic. You can apply policies accordingly.

As far as the pricing, it's very competitive. The more users you have, the cheaper it ends up being annually.

Let's say you have 100 users, it'll cost $39.69 a user. And if you have 10,000 users, it will cost you $19.15 per user. The more users you have, the cheaper they are individually. If you have a ZIA Professional bundle, the pricing is pretty affordable.

The struggle from old IT infrastructure is that you're dealing with a lot of legacy hub-and-spoke architecture and companies used to spend a lot of money on MPLS say 10, five years ago. If you're using old technology and your on-premise, you're forcing to pay twice for your internet-bound traffic. Those are the reasons why customers are rethinking their current solutions and moving to an easy solution like Zscaler in a cloud.

I'm a reseller.

I'd rate the solution at a nine out of ten. I'd advise that this is one of the layers of security that most people need to have.

There's a different mechanism and modules. For example,  ZIA is primarily for internet access from the user's side. We can forward the traffic using the ZIA client connector agent installed on user machines like laptops and desktops. 

Users can log in using their credentials and even use single sign-on. Once logged in, their traffic is forwarded to the Zscaler cloud. 

Based on the user profile, we can define policies on what type of content they can access, like streaming or specific file types. It provides data protection as well. 

Alternatively, there's another configuration. If we can't install an agent, we can forward traffic using a PAC file URL to Zscaler servers.

With Zscaler, there are various modules like ZIA, private access, and digital exchange. All focus on internet access, but there's a concept where all traffic is forwarded using the Zscaler agent. 

Previously, they used a different portal where traffic from tools like Jira and FortiGate was allowed. The issue was that third-party applications weren't always supported. We had to configure them manually, and often we had to forward traffic to the Zscaler Cloud.

On the improvement side, when we bypass certain internet traffic types, it's currently recommended to have a one-click option, but audio and video aren't always supported. Thus, we need to bypass that kind of traffic. So, it is an area of improvement.

Another issue is with DNS exclusions and internet bypasses. Even if we put some URLs into DNS exclusion, it doesn't always work. So we often have to use a VPN gateway bypass. If they provided functional DNS exclusions and internet bypasses, it'd be much smoother.

I have been using it for the last three years. 

If I had to provide a rating between one to ten, I'd give it a seven out of ten. Some areas need improvement, like classification understanding, general and fingerprinting. Some classifications aren't adequately addressed by the DLP rules they provide.

The customer service and support are very good because we have dedicated team support on that and a dedicated customer success manager also. If the technical team doesn't resolve within the alert timing, I can escalate, and they assign a senior person to the call.

The current era is moving towards having a single agent manage everything. We can set up the SAP. Previously, we were using the proxy solution. This is on-prem and very hectic to manage. And policy synchronization was also a challenge. 

Zscaler is a SaaS-based solution, making it easy for users from any location to connect. It's very easy to use with minimal operational challenges. Not just Zscaler, but other SaaS solutions like NetScope and Palo Alto as well.

As for the DLP, there's a web-based version and a hosted ERP version. I haven't tested the OS DLP capabilities yet, but the web-based version is in line.

There are around 50,000 end users in our organization. In my organization, I'm part of the COE group, Centralope Accelerate, and I'm in charge of projects, implementations, and escalated support issues.

I have three team members under me at a proxy level, and then there are about ten people at level one. They handle basic troubleshooting, and if they can't resolve issues, they escalate to level two or even to me.

When I look back two or three years, I feel it's worth it. The product has been good for our infrastructure and has positively changed our user experience. 

However, in the current scenario, we need to think more strategically and consider integrating other services like private access, DLP, CASB, etc.

It's expensive currently. But when purchasing for a large number of users, there's room to negotiate. It's really up to the procurement team. 

From my experience, it's a pricey product, but with a larger user count, there's flexibility in the pricing.

If your requirements are at an intermediate level and you need to access DMC, then I would recommend this solution. If you require more detailed data classification, you might want to consider Netscope as they provide very granular classification. However, it really depends on the company's needs and requirements.

Overall, I would rate the solution an eight out of ten. 

Public Cloud

We use Zscaler CASB for DLP and shadow IT.

The most valuable features of Zscaler CASB are API integration and DLP.

Zscaler CASB should include integrations with other SaaS applications.

We just bought Zscaler CASB a week ago.

I rate Zscaler CASB a nine out of ten for stability.

Zscaler CASB has good scalability. I rate Zscaler CASB a seven out of ten for scalability.

The solution's technical support provides a late response; otherwise, it's fine.

Neutral

I have previously worked with McAfee. Compared to Zscaler CASB, McAfee needs to upgrade a lot of things. We chose Zscaler CASB because of more applications and information that we could get to do some fine-tuning on the policies.

The solution's initial setup is supposed to be fairly easy since it's an API.

We haven't yet started to deploy the solution. We will seek the help of professional services to deploy Zscaler CASB.

Zscaler CASB is an expensive solution. On a scale from one to ten, where one is less expensive and ten is more expensive, I rate Zscaler CASB's pricing a seven out of ten.

I recommend users consider the cost and benefit, integration, and supported applications before choosing Zscaler CASB.

Overall, I rate Zscaler CASB a seven out of ten.

Public Cloud

Microsoft Azure

It ensures a secure online environment for our users, irrespective of their location. By routing all internet traffic through the Zscaler Cloud, users can browse safely, shielded from malicious content. Whether connected from the office or home network, Zscaler enforces our defined policies consistently.

Our users experience a safe and secure internet connection, whether they are in the office or connecting via their home Wi-Fi network or a public network. The Zscaler policy governs their internet access consistently, eliminating the reliance on individual IPs.

We utilize a shared security VPN for users to establish a connection between their devices and the Zscaler Cloud, enabling them to access the office network. This secure connection allows users to connect to the Zscaler VPN and access the resources on the office network, making it a highly valuable component of our system.

Occasionally, issues arise in the LogStack by a third party, particularly for government websites accessed by numerous users. This can trigger false positives, causing certain IP ranges to be perceived as a security threat or associated with malicious activities, resulting in blocks. In such instances, we often find ourselves waiting for the block to be lifted or having to engage with the concerned website administrators. This is where Zscaler's expertise becomes crucial in addressing false positive blocks, as these incidents might not necessarily indicate malicious intent but could be errors affecting access to the platform. It is recommended that they incorporate EDR features into their offerings.

We have been working with it for more than a year.

It demonstrates overall stability and effectively upholds the smooth functioning of the entire infrastructure. We haven't encountered any issues with it. I would rate it nine out of ten.

In terms of scalability, our current setup is sufficient for our needs. We have a user base exceeding ten thousand. It's a ubiquitous tool for everyone in the business. Nearly all users utilize it for internet browsing every single day. I would rate it nine out of ten.

The technical support team effectively manages and provides robust support for the solution. I would rate it eight out of ten.

Positive

I used Websense before, but Zscaler maintains consistent policies whether users are in the office, at home, or in public places, offering a more convenient experience.

The initial setup process was time-consuming and encountered issues, particularly with logs. Although I wasn't present during the setup, it has been reported that significant time and numerous challenges were involved. On a scale of one to ten, I would rate it five.

The deployment itself didn't take much time, but the challenge arose in identifying and resolving issues faced by numerous users. It took considerable time to pinpoint these issues. Maintenance is handled with support directly from Zscaler, and our existing security admin team oversees the management of both Zscaler Cloud and their skills.

We have observed a return on investment in a stable setup, ensuring secure internet access for users and instilling trust in the solution.

I would recommend anyone contemplating this product to carefully consider it. They can evaluate and explore the solution by taking a demo to better understand the technology. Once satisfied with the demo, they can proceed with rolling out the solution. Overall, I would rate it eight out of ten.

Public Cloud

Other

We use the solution to build zero-trust networks. We use it to block everything except the trusted URLs. We get a bunch of URLs from the customers, whitelist them in the solution, and everything else is blocked automatically.

An URL must be whitelisted for users to access it. When a customer tells us they need a particular URL, we analyze it and send it for approval. Once it is approved, we whitelist the URL for the user. The solution is useful for zero-trust and DLP.

The UI is easy to use. All the options are accessible.

The product has limited features. We only have the option to monitor URLs and HTTPS logs. The tool must provide IP-blocking features.

I have been using the solution for more than three years.

The tool is stable. For the past three years, I haven't seen it break down. I rate the stability a ten out of ten.

I rate the tool’s scalability a seven out of ten. When we search for logs, it doesn’t take much time. It’s quite fast, even if we have a lot of logs. We use more than 1000 URLs in a day. Getting the logs in real-time is quite important. Four of our customers are using the solution. We have 30,000 to 40,000 users.

I have used Symantec DLP.

The engineering team sets up the tool. We use the tool to analyze user behavior during incidents. We can see whether URLs accessed by the users were approved by the organization.

The product is a bit expensive.

We take support from Zscaler and provide the service to our clients. We are partners. People who want to use the product must explore the options. We can do multiple things for a single URL. We can restrict URLs to only access the GET request or POST request. We can do HTTP control and SSL inspection. We can also access the threat intel. We can look up a URL and get the details in real-time. Overall, I rate the tool an eight out of ten.