What needs improvement with Zscaler Internet Access?

There are many functionalities in Zscaler Internet Access that need improvements, such as an advanced firewall and logging capabilities to track calls.

The solution's pricing is on the higher side. It would be better if it could be lower.

There could be a better way for the tool to categorize the traffic. For example, the tool does exceptions and everything overall. If I want to give guest access or provide access to guest users or any other internet access and if it does not go through the SSL inspection because, in our company, we can't have the root certificate on a device that we don't manage, which can be called out as an exception or an exclusion, but that doesn't provide a proper reflection of the picture of what is happening in the environment. There are granularities bringing it down. The tool I used or still have is Zscaler Cloud Connector to protect the cloud environment, which can have a bit more user-friendly installation and setup, and it would help a lot. The deployment process of Zscaler Cloud Connector needs to be more user-friendly. Improvements are required in the exception category. For example, suppose I report on a monthly basis what the breaches and traffic violating the SSL inspection area are coming from. In that case, I may find that half of them may be coming through some guest network, meaning the tool doesn't differentiate between the guest or normal networks or the corporate networks. Having options to differentiate different networks would be ideal so that it can show a true picture of things to users, as half of the things in the tool are not in our control and are not of our concern.

Zscaler Internet Access needs to integrate more ISPs. It is good to have more than three ISPs.

One thing that needs to be improved is their presence in China. I'm not sure if that's a Zscaler thing or if it's a problem with all vendors in this space, but it would be nice to have better coverage in China. This concern is a common one for vendors across the board when dealing with the Chinese market. So, currently, there is the Great Firewall of China. This firewall can significantly impact internet performance for users in China. A better presence in China from Zscaler could mean more breakout points between China and the rest of the world. This would help to improve internet performance for users in China and make Zscaler a more viable solution for organizations with a presence in China.

I am just an end-user of the solution. I can't speak on what needs improvement from an admin's perspective. The interface of the solution needs to be clear and user-friendly. Currently, the solution's interface is not that user-friendly. Zscaler is not like Okta. Okta has a marketplace, while Zscaler doesn't have one. Zscaler needs to have a marketplace.

Cloud App’s database should be improved. Currently, they only support and provide granular controls to around 1000 cloud applications. In Netskope, it is more than 3000. Around 65,000 applications are visible to the users in Netskope, but Zscaler only supports around 3000 to 4000. Cloud App is not good. UI is not as easily understandable as Netskope. Netskope has a source, destination, and action policy. In Zscaler, we have to click multiple tabs to get it. It's a bit tricky compared to Netskope. Once we understand it, it's simple.

Zscaler does not provide dedicated IPs to each customer. Hence, they share a pool of IPs provided by Zscaler. There is a chance of blacklisting these IPs. I also do not like the multi-management portal.

The tool should improve the predefined dictionaries. The product should focus on improving its current features. They are good, but they need a lot of polishing.

There are a couple of areas of improvement in the solution. Firstly, there are some performance issues when we add on additional controls. Zscaler Internet Access is a plain vanilla solution that allows you to add CSV or DLP on top of it. However, once you add these modules, the performance degrades for a bit, and the latency increases significantly. We're talking about a two-fold or three-fold increase in latency. They need to work on this. So the performance goes down when using a lot of features simultaneously. Moreover, the implementation interface is not very good. It has some minor bugs, and it's not properly streamlined. However, these are not software issues that cannot be resolved. A simple reboot or a call to the reseller personnel can guide you in resolving these issues. But the experience can be more seamless if the interface is improved.

They recently improved a few things with the new version. They should enhance the audit reporting feature. They are providing a very basic DLP solution, but it needs improvement. If they improve the DLP solution, it will be a better solution in the future. They should work on the bandwidth of the CASB solution as well.

Zscaler should continue to make the user interface better and adding new features. They should also add more Nodes (DC's) in some regions (East Europe / Mid Africa and South America) to better serve multinational clients, continuing to expand existing DC's so that it can handle larger numbers of customers with high bandwidths

There are some flaws which I don't like. Mostly I was an engineer for the proxy. In that case, there are limitations. There are limited categories and limited URLs which we can create. We'd like to see a more user-friendly interface. Technical support could be better. They should be more technical. Also, they need to ensure when you ask for help, they communicate better amongst themselves what the issue is so that customers aren't constantly repeating themselves.

If they can also integrate with the multi-factor authentication to prompt users to do another, second-factor authentication, that would be ideal.

The technical support could be better. We need more of an online knowledge base, so we don't have to lodge tickets whenever we have a question or issue. We'd like to have more plugins and integration. Even in a CASB scenario, if we could get API and JSON-contained decoding, that would be helpful.

Sometimes it's not easy to use during large deployments of workstations. It's a bottleneck from a network point of view. It's a technical solution, so you need to have good architects knowledgeable on Zscaler. We don't need any other added features.

The solution can be improved by advancing some of the newer technologies such as the DLP feature, and adding email security.

In terms of user experience, it could be better. It all depends upon the configuration, though. At the moment, they are one of the best. In terms of room of improvement, it depends upon the specific use cases of the customers. For example, it might be that some of the users are having some kind of connectivity issue. It depends upon how those users are connected. It may not be a product issue. Or maybe they are using a VPN. Local banks won't allow connectivity to their application over a VPN or over a cloud-based proxy service, for example. In some countries, the local banks restrict these kinds of communications. There needs to be some whitelisting done to get those users connected.

The interface for administration could be better. They should upgrade the management portal. Their support could also be better.

The performance needs improvement. Some areas create performance issues and, depending on the use cases, require reconfiguration to perform again.

Zscaler needs to add client-to-client communication. It's always client-to-server communication. The cloud and branch connectors could be improved because we're still dependent on traditional firewalls. They should eliminate this. They should also provide WAN devices should to compete with the SD-WAN solutions also.

Zscaler Internet Access can improve by having more option for filtering policy which is currently only ip based (location policy). The developer need to add more option like identifying DNS and Domains names as well along with ip.

Zscaler Internet Access could improve by adding a VPN feature.

What could be improved in Zscaler Internet Access is its price. It could be cheaper.

The solution can be a bit pricey. Sometimes, support isn't available. Zscaler does not have any local data centers. For example, if we have our customers in Czech Republic, in the Czech Republic they don't have their data center, as the local content, in the Czech language. They should do something in the Czech Republic and ensure that the language is accessible. They should have one data center as these people want to see the local content. Everyone wants to see their first language in the available content. Also, in Brazil, they just have two data centers in São Paulo and they should consider expanding to other data centers. When you check the logs, you cannot see what policy is allowed. That is one thing that is lacking. If I put someone's account in Zscaler, then it should show which policy it will be applicable for. For example, in Forcepoint we have that feature. This is something that Zscaler needs to add. They just need to put the account of some users and check whether they will be able to access that or not. They don't have MFA, or multi-factor authentication, for admins.

One thing that they could improve is the ability to import rules from other platforms.

I would like to see more training and video documentation.

The reporting functionality could be a bit easier to use. There is a reporting function, but it's quite hard to do any good reporting, from a user-management perspective. For example, if a department manager wants to know how his department is using the web, there is a way to get the data, but it's quite cumbersome to get it and show it well. And that's true for comparing between departments. It's quite hard to get a good report. Another issue is that the API documentation could be a bit more up-to-date. They're implementing stuff, but not updating the documentation all the time.

I wish there were a lot less products to learn, because there are a lot. They just keep surprising me with new features, even in the SaaS arena, and they keep improving in every facet. We are Zscaler partners, so I got certified in two platforms, but there is a lot room for improvement. There is just too much training, where they focus a lot on protecting the Internet as everyone is moving to the cloud. I would love for the training to be shortened.

Zscaler can scan a URL like: https://www.example.com/maliciu...

Umbrella can not scan URLs, because they handle only FQDN (e.g., www.example.com).

There are a few features that are not compatible with the Azure cloud. It's not fully compatible with our environment because of the way that it is divided into business units. In order to get it working properly, there are some things that we had to put in for enhancements. Otherwise, everything works well.

I don't know whether it's Zscaler or not, however, sometimes I can't access my time management. I need to wait and try again a few hours later. Typically, if I let some time pass, I can access it again. From time to time, there's instability in terms of the user experience. I don't know whether it's Zscaler or the time instrument server itself. I don't know the root cause here, that this is the only thing, that causes me issues. Otherwise, I'm quite happy with it. The solution should do more in regards to handling phishing emails. They maybe should pair with a solution like Palo Alto in order to offer a more holistic view of the security and offer behavioral analytics or endpoint protection, etc., and all from one vendor. Data Lake, for example, is a product that gets the information and gives feedback to the user. There seems to be a high volume of phishing emails that we get, and I'd like to understand what the company is doing to address that. Zscaler seems like it's just a bit too static.

Zscaler should provide adjacent services, which would be complementary to their current offering that could to be more pragmatic for a customer. For example, if you take Akamai, you get multiple sets of services, all depending on the customer and the strategy and the complexity and the problems. In some areas, they are more varied in terms of coverage. For example, they also offer content delivery networks, which is complimentary, and for some customers that could solve two problems at once. By providing a wider range of services, Zscaler could reduce deployment risk and operational risk by being a one-stop-shop type of solution. In the next release, Zscaler should offer a content delivery network.

In terms of usage, here in the GCC, it's still growing a growing market, so the combination of DLP, data leak prevention, to a certain extent is fine. But what it requires is user-based access or role-based access. The solution needs to grow into that, which definitely takes time. There's not an easy way to integrate it when you have a cloud-based solution. The only DLP you can have is for the web, such as iboss. The DLP part is quite crucial for this particular region. DLP, machine learning, artificial intelligence, and some algorithms can be built into the solution. There are certain pet algorithms for AI and machine learning which everybody is moving towards, so that needs to be added to the solution as well.

The solution is a cloud service, so when you have Zscaler Internet Access, you still often require firewall appliances at the edge to act as gateways to Zscaler. There are certain elements that you can't necessarily ever extract at a network level, which makes it difficult to go completely appliance-less. You could see it as a downside, but if there's an unavoidable reality of how networking is addressed at this point, and I think that's the only thing that for us is unfortunate, having to always retain some type of alternate firewall or router capability inside the network in order to get to Zscaler, as an example. We've noticed a trend of Linux support being available at a mobile and workstation level, which isn't available from Zscaler yet, but we are expecting it soon. Zscaler also doesn't offer easy Cisco Meraki integration, which is also on the roadmap, even though we've seen it becoming very common. If we try and use Zscaler with Meraki, it's a fairly manual process to get Meraki to connect to Zscaler, whereas in all other SDware products, there's a lot more automation. The only other thing we would love to see in Africa would maybe be an additional Zscaler hub in another strategic location like Kenya to really round out Africa because there are only two hubs in over 30 countries on the continent. One is in South Africa and one is in Nigeria. Africa is kind of a black hole for all cloud providers, which makes life tough for us because there are performance issues when delivering cloud-related services. A little bit more penetration into Africa would help with this.

On the technical side, the only thing that I believe this scanner can improve is in the way they allocate traffic. For example, a big site doesn't have the ability to have its IPs inside the cloud, so Zscaler doesn't allocate you certain IPs for traffic. Your traffic goes to the nearest Zscaler point, and from there you get an IP. Sometimes that is problematic, because your users use the same IPs that another client is using so you don't get the ability to do some rules using some IPs. For example, you cannot use conditional access to high influence IP. You can't say if somebody goes to Zscaler I know that traffic is secure so I can let them past. In this scenario you cannot do this, because Zscaler is using a pool of IPs and they'll circle them for all the clients. I would like to see the ability to choose a pool of IPs for my company, set up rules based on them, and know that those IPs are not used by other companies.

The implementation process needs improvement. Even if you have implemented it, it doesn't mean that it is done, you have to pay for the service afterward. It's not a one-shot implementation, you need to spend some more effort on it afterward. It also needs better integration with other applications as well. There are some restrictions. I would like to see them incorporate a user ID or application ID in the next release of this solution.

The reporting could be improved to make it a little bit easier. When it comes to individual users, I'd like to see easy reporting that can be shared with executives. Due to my technical background I don't have issues to understand the reporting. However, if I have to give a report to an executive to read, he may find it too confusing. He wants to see something simplistic that contains information like what the user's access time was, how long the user spent time on the site, which sites was visited, what they did etc. The current reports can, therefore, be somewhat improved and simplified. Another thing that I would like to see is if Zscaler could have a separate product for direct access. I looked at a private access solution, but I understand there's a separate product that isn't integrated with this.

It needs better integration with other applications. It takes a fair amount of regular activity to apply the by-passes because it is very strict in its restrictions and frequently you have to go in and open things up to allow the workforce to work. The logs that are consumed by our security solution could be a bit more definitive, from an audit perspective. It's sometimes difficult to determine which end user a particular generated alert is associated with.