The technical team in our company suggests there are some performance issues with the solution once the module addition begins. For instance, suppose I am using Zscaler Internet Access, and the connectivity speed is excellent, but the moment I start integrating some add-ons like DLP, then the solution considerably slows down in functionality. But I believe the aforementioned instance or scenario is acceptable because an initial data check gets performed upon integration and it probably can be solved by the vendor through some alterations in the architecture. The set of features provided by Zscaler DLP is enough for the market in which our company operates.
There could be additional ways to define proximity. Additionally, they should provide some exclusion options for specific policies and an ability to control the DLP engine.
As of now, no improvements are required in the solution. Though not an improvement from a product perspective, there is no documentation related to Zscaler Cloud DLP on the internet. You won't find anything that can help you with the configuration part and other areas related to the product if you search for proper or exact details of Zscaler Cloud DLP online in very easy language. In short, you can't find any documentation about the product which is exactly arranged in a proper manner. Availability of knowledge related to the product is not there in the public domain.
Learn what your peers think about Zscaler Zero Trust Exchange Platform. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
On the improvement side, when we bypass certain internet traffic types, it's currently recommended to have a one-click option, but audio and video aren't always supported. Thus, we need to bypass that kind of traffic. So, it is an area of improvement. Another issue is with DNS exclusions and internet bypasses. Even if we put some URLs into DNS exclusion, it doesn't always work. So we often have to use a VPN gateway bypass. If they provided functional DNS exclusions and internet bypasses, it'd be much smoother.
Zscaler Cloud DLP needs to improve its compatibility with other security tools. Right now, it mainly works well with Microsoft Defender but lacks support for many other antivirus and performance management solutions. Also, it takes a long time to add new features based on customer feedback. This limited compatibility could be a problem for organizations using various antivirus software.
We have some limitations while checking logs. The product must allow users to check logs for an entire year in the local console. Currently, we can check logs only for the previous three to four months. Forcepoint provides multiple services separately, but Zscaler does not provide separate DLP. It will be good if Zscaler provides the DLP module separately.
The customers would benefit from more robust documentation and conversations around configurations, as it is slightly complex. Also, there should be an option for acquiring DLP as a standalone product rather than bundling it with packages, as this would provide more flexibility for customers who only need specific features. They should also provide more reviews and guidance on selecting the best-rated engines and dictionaries, as well as facilitating reporting for DLP violations and integrations with other cloud storage solutions.
There is room for improvement in detection. From the detection perspective, like, how it detects the violations. Another area of improvement is implementation through non-client connectors. The solution can be implemented in two ways. One uses the back file; the other one uses client connectors. So the client connector is pretty fast, but when it comes to non-client connectors and procedures, it's kind of delayed and slow. The policies don't reflect very soon. It takes, like, a day and, like, hours to get implemented. But if it's a client connector, it takes, like, two minutes. It's just so good. In future releases, I would like to see two things. It's not more of a feature but more like an enhancement. So I would like to see an enhancement in their proximity when detecting credit card details and past support details, and PII data. Another area of improvement is support.
Sr. Consultant, Cyber Security at a tech services company with 501-1,000 employees
Real User
2022-09-05T15:19:12Z
Sep 5, 2022
The only issue with Zscaler Cloud DLP is that it only gives you DLP protection from web traffic, which is flowing out, while a full-blown DLP solution such as Forcepoint or Symantec gives you DLP coverage for multiple channels. Zscaler Cloud DLP doesn't give you coverage for email, fax, and USB channels, and this is the only challenge or room for improvement in the solution. It's just an extension on top of what you're buying on the proxy, so it's just an added layer, and it doesn't cover DLP on a very broad level. I'm unsure if Zcaler is in the business of competing with a full-blown DLP solution, and if there's a plan to expand the features of Zscaler Cloud DLP beyond the web channel because you'll have to deploy a full-blown agent for it. I'm unsure if this is on the cards because the solution is just an added layer that you get with your proxy. I've asked the Zcaler team whether there's a plan to go full DLP in the future, but I didn't get a positive response. There isn't any feature I'd like added to Zscaler Cloud DLP currently, because anything you could think of that should be in cloud or SaaS solutions is already there, except for machine learning, as it's the only functionality that seems to be lacking in the solution. Machine learning is an additional policy available in other DLP solutions in the market, but my team didn't find it in Zscaler Cloud DLP.
VP of Engineering at a tech services company with 11-50 employees
Reseller
2021-12-21T10:40:00Z
Dec 21, 2021
It really comes down to the Regex that's being used from Zscaler's DLP. That's the one area that we find technical limitations because the rest of the industries use an RE2, and Regex and Zscaler just aren't there. It's not because of the technology and they can't code it. It's because of the cost of these actual Regex strings from a query perspective. There's limited flexibility from a Regex perspective as far as data matching and expanding your DLP dictionaries and libraries. In the next release, I would like to see RE2 Regex supported.
Security Architect at a comms service provider with 201-500 employees
Real User
2021-05-12T19:18:03Z
May 12, 2021
Zscaler will protect PII for all users regardless of their geolocations as well it will simplify compliance requirement's by eliminating complexity of legacy systems and securing your cloud data across all channels data in motion, at rest, and across endpoints and clouds.
Zscaler Zero Trust Exchange Platform acts as a VPN alternative for secure remote access, cloud protection, and zero-trust strategies. It enables secure data transmission, supports remote work, and enhances compliance through a cloud-based architecture, offering improved performance and simplified management.Designed for organizations seeking secure application access and robust data protection, Zscaler Zero Trust Exchange Platform delivers a comprehensive solution through seamless VPN...
The technical team in our company suggests there are some performance issues with the solution once the module addition begins. For instance, suppose I am using Zscaler Internet Access, and the connectivity speed is excellent, but the moment I start integrating some add-ons like DLP, then the solution considerably slows down in functionality. But I believe the aforementioned instance or scenario is acceptable because an initial data check gets performed upon integration and it probably can be solved by the vendor through some alterations in the architecture. The set of features provided by Zscaler DLP is enough for the market in which our company operates.
The product has limited features. We only have the option to monitor URLs and HTTPS logs. The tool must provide IP-blocking features.
There could be additional ways to define proximity. Additionally, they should provide some exclusion options for specific policies and an ability to control the DLP engine.
There could be a feature to view the VPN tunnel activities in terms of configuration.
They should work on a replica account. There could be alerts and replica files sent to the DLP team during data collection.
As of now, no improvements are required in the solution. Though not an improvement from a product perspective, there is no documentation related to Zscaler Cloud DLP on the internet. You won't find anything that can help you with the configuration part and other areas related to the product if you search for proper or exact details of Zscaler Cloud DLP online in very easy language. In short, you can't find any documentation about the product which is exactly arranged in a proper manner. Availability of knowledge related to the product is not there in the public domain.
On the improvement side, when we bypass certain internet traffic types, it's currently recommended to have a one-click option, but audio and video aren't always supported. Thus, we need to bypass that kind of traffic. So, it is an area of improvement. Another issue is with DNS exclusions and internet bypasses. Even if we put some URLs into DNS exclusion, it doesn't always work. So we often have to use a VPN gateway bypass. If they provided functional DNS exclusions and internet bypasses, it'd be much smoother.
Zscaler Cloud DLP needs to improve its compatibility with other security tools. Right now, it mainly works well with Microsoft Defender but lacks support for many other antivirus and performance management solutions. Also, it takes a long time to add new features based on customer feedback. This limited compatibility could be a problem for organizations using various antivirus software.
We have some limitations while checking logs. The product must allow users to check logs for an entire year in the local console. Currently, we can check logs only for the previous three to four months. Forcepoint provides multiple services separately, but Zscaler does not provide separate DLP. It will be good if Zscaler provides the DLP module separately.
The customers would benefit from more robust documentation and conversations around configurations, as it is slightly complex. Also, there should be an option for acquiring DLP as a standalone product rather than bundling it with packages, as this would provide more flexibility for customers who only need specific features. They should also provide more reviews and guidance on selecting the best-rated engines and dictionaries, as well as facilitating reporting for DLP violations and integrations with other cloud storage solutions.
There is room for improvement in detection. From the detection perspective, like, how it detects the violations. Another area of improvement is implementation through non-client connectors. The solution can be implemented in two ways. One uses the back file; the other one uses client connectors. So the client connector is pretty fast, but when it comes to non-client connectors and procedures, it's kind of delayed and slow. The policies don't reflect very soon. It takes, like, a day and, like, hours to get implemented. But if it's a client connector, it takes, like, two minutes. It's just so good. In future releases, I would like to see two things. It's not more of a feature but more like an enhancement. So I would like to see an enhancement in their proximity when detecting credit card details and past support details, and PII data. Another area of improvement is support.
The only issue with Zscaler Cloud DLP is that it only gives you DLP protection from web traffic, which is flowing out, while a full-blown DLP solution such as Forcepoint or Symantec gives you DLP coverage for multiple channels. Zscaler Cloud DLP doesn't give you coverage for email, fax, and USB channels, and this is the only challenge or room for improvement in the solution. It's just an extension on top of what you're buying on the proxy, so it's just an added layer, and it doesn't cover DLP on a very broad level. I'm unsure if Zcaler is in the business of competing with a full-blown DLP solution, and if there's a plan to expand the features of Zscaler Cloud DLP beyond the web channel because you'll have to deploy a full-blown agent for it. I'm unsure if this is on the cards because the solution is just an added layer that you get with your proxy. I've asked the Zcaler team whether there's a plan to go full DLP in the future, but I didn't get a positive response. There isn't any feature I'd like added to Zscaler Cloud DLP currently, because anything you could think of that should be in cloud or SaaS solutions is already there, except for machine learning, as it's the only functionality that seems to be lacking in the solution. Machine learning is an additional policy available in other DLP solutions in the market, but my team didn't find it in Zscaler Cloud DLP.
It really comes down to the Regex that's being used from Zscaler's DLP. That's the one area that we find technical limitations because the rest of the industries use an RE2, and Regex and Zscaler just aren't there. It's not because of the technology and they can't code it. It's because of the cost of these actual Regex strings from a query perspective. There's limited flexibility from a Regex perspective as far as data matching and expanding your DLP dictionaries and libraries. In the next release, I would like to see RE2 Regex supported.
Zscaler will protect PII for all users regardless of their geolocations as well it will simplify compliance requirement's by eliminating complexity of legacy systems and securing your cloud data across all channels data in motion, at rest, and across endpoints and clouds.