Zscaler Zero Trust Exchange Platform Reviews

We use the solution to build zero-trust networks. We use it to block everything except the trusted URLs. We get a bunch of URLs from the customers, whitelist them in the solution, and everything else is blocked automatically.

An URL must be whitelisted for users to access it. When a customer tells us they need a particular URL, we analyze it and send it for approval. Once it is approved, we whitelist the URL for the user. The solution is useful for zero-trust and DLP.

The UI is easy to use. All the options are accessible.

The product has limited features. We only have the option to monitor URLs and HTTPS logs. The tool must provide IP-blocking features.

I have been using the solution for more than three years.

The tool is stable. For the past three years, I haven't seen it break down. I rate the stability a ten out of ten.

I rate the tool’s scalability a seven out of ten. When we search for logs, it doesn’t take much time. It’s quite fast, even if we have a lot of logs. We use more than 1000 URLs in a day. Getting the logs in real-time is quite important. Four of our customers are using the solution. We have 30,000 to 40,000 users.

I have used Symantec DLP.

The engineering team sets up the tool. We use the tool to analyze user behavior during incidents. We can see whether URLs accessed by the users were approved by the organization.

The product is a bit expensive.

We take support from Zscaler and provide the service to our clients. We are partners. People who want to use the product must explore the options. We can do multiple things for a single URL. We can restrict URLs to only access the GET request or POST request. We can do HTTP control and SSL inspection. We can also access the threat intel. We can look up a URL and get the details in real-time. Overall, I rate the tool an eight out of ten.

It ensures a secure online environment for our users, irrespective of their location. By routing all internet traffic through the Zscaler Cloud, users can browse safely, shielded from malicious content. Whether connected from the office or home network, Zscaler enforces our defined policies consistently.

Using ZPA VPN users can connect to internal Network in secured way. 

Our users experience a safe and secure internet connection, whether they are in the office or connecting via their home Wi-Fi network or a public network. The Zscaler policy governs their internet access consistently, eliminating the reliance on individual IPs.

We utilize a shared security VPN for users to establish a connection between their devices and the Zscaler Cloud, enabling them to access the office network. This secure connection allows users to connect to the Zscaler VPN and access the resources on the office network, making it a highly valuable component of our system.

Occasionally, issues arise particularly for government websites accessed by numerous users from all over country using Zscaler IP Range. This can trigger false positives, causing certain IP ranges to be perceived as a security threat or associated with malicious activities, resulting in blocks. In such instances, we often find ourselves waiting for the block to be lifted or having to engage with the concerned website administrators. This is where Zscaler's expertise becomes crucial in addressing false positive blocks, as these incidents might not necessarily indicate malicious intent but could be errors affecting access to the platform. Zscaler need to look into the solution, how Traffic getting generated towards such websites should not cross the threshold level of traffic getting generated from certain Zscaler IPs and getting resulted in block mode situation.

We are using it for more than four years.

It demonstrates overall stability and effectively upholds the smooth functioning of the entire infrastructure. We haven't encountered any issues with it. I would rate it nine out of ten.

In terms of scalability, our current setup is sufficient for our needs. We have a user base exceeding ten thousand. It's a ubiquitous tool for everyone in the business. Nearly all users utilize it for internet browsing every single day. I would rate it nine out of ten.

The technical support team effectively manages and provides robust support for the solution. I would rate it eight out of ten.

Positive

I used Websense before, but Zscaler maintains consistent policies whether users are in the office, at home, or in public places, offering a more convenient experience.

The initial setup process was time-consuming and encountered issues, particularly with logs. Although I wasn't present during the setup, it has been reported that significant time and numerous challenges were involved. On a scale of one to ten, I would rate it five.

The deployment itself didn't take much time, but the challenge arose in identifying and resolving issues faced by numerous users. It took considerable time to pinpoint these issues. Maintenance is handled with support directly from Zscaler, and our existing security admin team oversees the management of both Zscaler Cloud and their skills.

We have observed a return on investment in a stable setup, ensuring secure internet access for users and instilling trust in the solution.

I would recommend anyone contemplating this product to carefully consider it. They can evaluate and explore the solution by taking a demo to better understand the technology. Once satisfied with the demo, they can proceed with rolling out the solution. Overall, I would rate it eight out of ten.

In Qatar industries, the legacy systems like the Bluecoat Proxy is still being used, these solutions work at a limited capacity. For instance, one of our organization's customers is in the Oil & Gas transportation business with tankers, if a company like them wants to deploy a proxy solution, physical proxy deploy is very complicated for such companies, therefore our organization proposes a cloud proxy solution to them like Zscaler DLP. 

There are several cloud proxy solutions in the market, but Zscaler DLP provides the lowest latency rates due to the presence of global enforcement nodes in the solution. Whenever a potential customer approaches our company, which has a large workforce, has offices distributed across a wide geography and is in need of a cloud-based solution, we suggest Zscaler DLP for comprehensive global control. 

The in-line DLP feature is one of the most vital features of the solution. Data security is a global concern, like in Europe there is the EDPR, while Qatar has its own data protection laws, so at our organization while data gets classified using different tools like Boldon James, security control in transit remains a concern so the in-line DLP policy is a valuable feature in Zscaler DLP that remains absent in most other products. Zscaler DLP takes care of the security when data is in motion. 

The technical team in our company suggests there are some performance issues with the solution once the module addition begins. For instance, suppose I am using Zscaler Internet Access, and the connectivity speed is excellent, but the moment I start integrating some add-ons like DLP, then the solution considerably slows down in functionality.

But I believe the aforementioned instance or scenario is acceptable because an initial data check gets performed upon integration and it probably can be solved by the vendor through some alterations in the architecture. The set of features provided by Zscaler DLP is enough for the market in which our company operates. 

I have been using Zscaler DLP for two and a half years. 

I would rate the stability an eight out of ten. It's a highly stable solution. The product consistently functions all the time, but it slows down a couple of times when a large-scale data transfer is being processed that involves multiple policy checks. 

Zscaler DLP almost never crashes, and when it does rarely, it's very specific to the customer environment. When some changes are made to the deployed product upon the customer's suggestion, initially, some instability arrives, which is then fixed through fine-tuning. 

I would rate the scalability an eight out of ten. The Zscaler DLP is extremely scalable and we have experienced it hands-on in our organization. One of the customers of our company was beginning operations in the Philippines, and they were already using Zscaler DLP in other locations like Kuwait and Jordan; they asked us to increase the license numbers and deploy the same Zscaler DLP solution for their Philippines location as well, the entire process was smoothly completed by our team.

I believe the downscaling of the solution is as easy as upscaling. Around 80 to 90 customers of our organization are using Zscaler DLP. The customer portfolio of our company for Zscaler DLP comprises 20% government enterprises, 60% are medium-scale businesses, and the rest are small-scale businesses. 

The customer support team has been responsive enough to our organization's queries in Qatar. In our company, we had to reach out for customer support on very few occasions. I would rate the tech support an eight out of ten. 

Positive

I would rate the initial setup an eight out of ten. Our organization implements the setup operations and transitions of Zscaler DLP for each customer. Rarely the deployment team of our company has faced some challenges, but it has been due to the unique customer environments, server placements and connection requirements.

About 95% of the deployments have been carried out in our organization without any obstacles. Our organization always deploys Zscaler DLP on the cloud. 

It's an affordable solution. I would rate the pricing a six out of ten. Once after deployment, you start bundling up additional components, the cost significantly increases. When compared to the cost of a competitor solution and the quality of Zscaler DLP, the price of the solution is justified.

Some customers who are familiar with other product environments of Palo Alto or Cisco might find Zscaler DLP a bit expensive when looking at it from an environment compatibility or opportunity perspective. 

For companies that have operations across the globe, it's crucial for them to have the same set of data security controls and measures across all locations; Zscaler DLP helps in such implementations. For instance, if there are certain enforcement policies or data security norms implemented for the headquarters of an organization, Zscaler DLP allows a professional to just copy the implemented policies of one location to another, irrespective of the site members or users.

Overall, I would rate the solution an eight out of ten. I would advise others to perform due diligence before directly adopting the product, but just because the product is the market leader doesn't mean it will fit perfectly into every environment.

I always analyze the customer's requirements and existing environment before proposing the best solution. If integrating Zscaler DLP into a Palo Alto environment will create difficulties, then it's better to choose a solution from Palo Alto. 

I primarily use it for conducting security incident investigations and generating security reports. It serves as a valuable tool in analyzing and responding to security events, and its capabilities are instrumental in producing comprehensive reports on the security status of the network.

It proved to be invaluable in addressing our challenge of not having a rigid perimeter. With employees working from various locations, the need to move away from VPN reliance became apparent. Following thorough assessments, we opted to continue using it as our cloud Web Access solution.

It stands out for its seamless integration with various security solutions, such as EDR, SOAR, etc. The implementation process is straightforward, requiring minimal ongoing maintenance. The desktop agent enhances endpoint protection against zero-day vulnerabilities, providing a safeguard until patches are released. Its adaptability extends beyond a single solution, allowing integration with different models and solutions. The alert detection system and additional security features add an extra layer of appeal. The flexibility to start with one aspect and expand within a single vendor is advantageous. The agent's versatility is notable, used for digital experience monitoring to collect valuable endpoint metrics for troubleshooting. The security browser function distinguishes between known safe sites and potentially suspicious ones, ensuring a secure browsing experience. Unfamiliar websites are run in the Zscaler Cloud, isolating them from the endpoint and preventing potential phishing or malicious scripts from reaching the user's device.

Occasionally, there are certain delays in report generation. Clicking on a link, I found myself waiting for an unpredictable duration—sometimes as long as thirty seconds to a minute—until the report was ready.

I have been working with it for over a year.

There have been instances where certain software or applications on the user side didn't work smoothly. This posed an additional onboarding challenge, requiring collaboration with technical support to analyze logs, generate reports, and identify necessary exclusions or policies to rectify the issue. Once addressed, the applications resumed normal functioning.

It's highly scalable, and I frequently receive notifications about new data center expansions. With around five thousand endpoints, I am not aware of any problems that have been discussed as requiring a change of solution.

I gained access to the web console, and within an hour, I comprehended its capabilities, which I found appealing. Beyond predefined reports, the platform enables users to retrieve any imaginable information. Creating a visual search request is a straightforward process, delivering the required data through a user-friendly interface.

The implementation has effectively addressed numerous challenges related to ensuring a secure internet connection for users.

When we conducted assessments, Cisco and Microsoft were also considered. However, at that time, Cisco was in the initial stages of developing their solution, and Microsoft had just released their web security gateway.

When making a decision, choosing a market leader is often advisable. While the initial cost may be slightly higher, the long-term savings in both time and money, as well as the reduction in operational costs, often outweigh the investment. Opting for a leading product can also mitigate potential issues and challenges that might arise with newer or less-established alternatives. Overall, I would rate it eight out of ten.

I use Zscaler Cloud DLP to protect sensitive data. It works by checking the content I'm trying to send or use on websites. If it sees any personal data or if someone tries to copy-paste it, it stops them. It can even notice when I use certain commands like "put," making sure my data stays safe. It watches what I'm doing online to keep my data secure.
Zscaler Cloud DLP integrates with Microsoft Defender to improve its abilities. This integration allows Zscaler to access data from Microsoft Defender, helping it track timestamps and offer strong protection for DLP events. This partnership between Zscaler and Microsoft Defender is a valuable addition that boosts DLP measures and enhances data protection.

The most valuable aspect of Zscaler Cloud DLP is its automatic DLP feature. Additionally, it also offers firewall capabilities. In terms of its firewall features, it provides a range of security measures to protect network traffic, but specific details about these firewall features would depend on the version and configuration of Zscaler Cloud DLP being used.

Zscaler Cloud DLP needs to improve its compatibility with other security tools. Right now, it mainly works well with Microsoft Defender but lacks support for many other antivirus and performance management solutions. Also, it takes a long time to add new features based on customer feedback. This limited compatibility could be a problem for organizations using various antivirus software.

I have been using Zscaler Cloud DLP for three years.

Zscaler is highly stable because it operates from multiple data centers around the globe. If there is any issue or even a brief downtime in one data center, they swiftly switch to a nearby one to ensure uninterrupted service. So, you won't experience any significant downtime, typically not more than a second or two. Even services like Office 365 have very limited downtime when used with Zscaler.

Zscaler is scalable and depends on the number of user licenses you have. You integrate it with your systems, like Azure Active Directory, and ensure GDPR compliance. More than 5,000 people use Zscaler at my company.

Zscaler provides excellent technical support in India and worldwide. Their support team is quick to respond and readily available to assist with any issues or inquiries.

I have previously used Purview DLP. It can inspect files and sensitive information you send in those files. However, it may not detect when you copy-paste sensitive data into a web page's open field. This is a second level of security, a different kind of data protection, which may not catch such actions. But it can still detect sensitive information if you copy-paste it into a communication or document. It is a good product but I prefer Zscaler.

Setting up Zscaler Cloud DLP is relatively straightforward. It can easily classify data, like U.S. Social Security numbers. It provides a data discovery dashboard where you can monitor what data users are trying to share or copy from websites. It checks files and data insights to ensure nothing sensitive is being shared improperly, and it alerts you if there is a problem.

Zscaler's licensing is based on the number of users, and it is flexible. Instead of counting all 5,000 employees, they consider concurrent users, which can be more cost-effective. It might be a bit pricier than some other products, but it's a good solution, and many companies use it.

I would definitely recommend Zscaler Cloud DLP to others. Overall, I would rate the product a nine out of ten.

Most people use Zscaler SASE as a replacement for VPNs. You know, with a VPN, once you establish connectivity to the network, you have unrestricted access. But with Zscaler SASE, you have strict access control. You don't get any access unless you adhere to the policies set in Zscaler. 

So, you can control who has access to specific applications at a URL level rather than granting access at the physical IP level. That's what most people appreciate about it. IPs provide access to everything on the machine, whereas Zscaler SASE provides access to specific services within the network. 

The most valuable feature is its ability to establish connectivity for remote users and remote endpoints. It offers a high level of granularity compared to typical VPNs, which also encapsulate a lot of I/O. By using Zscaler SASE for home access or access in remote areas, it bypasses the issues introduced by ISPs. 

Sometimes ISPs block certain protocols or applications, but when everything is encapsulated within the Zscaler Cloud, the ISPs don't get a chance to interfere or block. This is especially helpful when it comes to file sharing. Sometimes ISPs block it, so we can't share files using cloud services remotely. Zscaler SASE gives non on-premise users the ability to securely access and sync with on-premise resources.

The area that requires improvement is their support. The current support is lacking. 

Other than that, once you have the right people on the phone, the product performs as advertised. However, multiple clients have complained about the support. 

I have been working with Zscaler SASE for two years. 

When it comes to stability, it's similar to any outsourced service. There will always be some outages because of the global nature of the network and the involvement of various cloud providers. There are many moving parts. I don't anticipate more frequent outages, but it's important to acknowledge that Zscaler is not flawless.

I haven't encountered any clients who have had problems with scalability or performance issues. There were a couple of outages less than six months ago, but that's to be expected. Every service experiences occasional outages. It's like having allergies; every product at a global scale will have such issues. 

I have heard a lot of complaints from my clients about the support. Even VMware's support has declined since it got acquired by Broadcom. 

So, we're not receiving the kind of support we used to get, like from Cisco. It's more akin to Microsoft and internal support.

Neutral

The initial setup does take some time to get used to. Zscaler does a good job with its specialized services in setting up and installing the product. 

Once you start using the product, any issues that arise are generally handled well. The support is not as terrible as it may seem at first. While there may be instances where one technician transfers the case to another technician, it doesn't mean starting the entire process from scratch.

However, most people are deploying it on AWS or Azure. I have some clients who still prefer on-premises deployment. It depends on their specific requirements.

The pricing is quite high, especially when it comes to the gateway. It costs around $10,000 per gateway per data center, which can be seen as ridiculous. Other cloud-based solutions charge based on the number of clients without the need for a gateway for each data center. 

This pricing approach doesn't sit well with my clients anymore. When Zscaler SASE had a monopoly in the market, it could get away with it, but now there are alternatives cutting into its market share.

I would rate Zscaler's pricing model as an eight out of ten, with one being cheap and ten being expensive. 

There are other solutions like VMware that also have high costs, but Zscaler SASE stands out because of the expensive gateway for each data center. It's not a cheap implementation. 

Every time you set up an Azure data center, you have to spend another $10,000 to $15,000 on a gateway. It adds up quickly. Creating a VPN between data centers might be an alternative, but it introduces a single point of failure. So, that pricing policy alone makes it very expensive.

It's a great product. My advice for those considering using it is to understand the concept of zero access. It's different from just having VPN access. If someone can perform a DNS lookup, they still have access. 

People are often stuck in a VPN-centric mindset. It requires a paradigm shift, similar to transitioning from traditional applications to Microsoft applications. Instead of focusing on what services the user needs, it's about restricting access to specific applications regardless of the user. Once you embrace this mindset, it becomes easier to navigate. It's not a major impact, but it does require a change in thinking.

Overall, I would rate this product an eight out of ten, with the exception of pricing and support issues. It is one of the better implementations available, surpassing Cloudflare's capabilities. However, there are still areas for improvement, particularly in terms of pricing and support.

We use the product for the process protocol for tunnels to manage network traffic.

They should work on a replica account. There could be alerts and replica files sent to the DLP team during data collection.

We have been using Zscaler Cloud DLP for three years.

I rate the product’s stability an eight out of ten. We encounter high latency for cloud data centers.

The product’s scalability depends on specific requirements. We manage more than 50 Zscaler Cloud DLP accounts for customers. We have created certain rules to cover and manage our sensitive data. I rate the scalability a ten out of ten.

They should assign an L2 engineer to resolve the issue. The L1 engineer takes time to identify and elaborate on the problem.

Our organization has used Symantec, Trend Micro, and McAfee.

The initial setup is easy. It doesn’t take much time and depends on the IP server requirements.

I rate Zscaler Cloud DLP an eight out of ten. I recommend it for customer service companies to protect sensitive data.

We use Zscaler CASB for DLP and shadow IT.

The most valuable features of Zscaler CASB are API integration and DLP.

Zscaler CASB should include integrations with other SaaS applications.

We just bought Zscaler CASB a week ago.

I rate Zscaler CASB a nine out of ten for stability.

Zscaler CASB has good scalability. I rate Zscaler CASB a seven out of ten for scalability.

The solution's technical support provides a late response; otherwise, it's fine.

Neutral

I have previously worked with McAfee. Compared to Zscaler CASB, McAfee needs to upgrade a lot of things. We chose Zscaler CASB because of more applications and information that we could get to do some fine-tuning on the policies.

The solution's initial setup is supposed to be fairly easy since it's an API.

We haven't yet started to deploy the solution. We will seek the help of professional services to deploy Zscaler CASB.

Zscaler CASB is an expensive solution. On a scale from one to ten, where one is less expensive and ten is more expensive, I rate Zscaler CASB's pricing a seven out of ten.

I recommend users consider the cost and benefit, integration, and supported applications before choosing Zscaler CASB.

Overall, I rate Zscaler CASB a seven out of ten.