What is our primary use case?
In the firewall, we don't have a user-based policies list, and we can't create them. Netskope helps us to create user-based policies. For example, if there are specific teams like HR or more than nine teams, and we want logs from access over particular URLs, and we don't want to allow that specific URL for certain users, we can create these policies in Netskope. It's handy, easy to use for new users, and has a cool GUI interface. We can create multiple policies, and as for the proxy, it's a leading solution.
Overall, it's user-friendly and beneficial for organizations requiring a proxy to modify data flowing through the Internet. Netskope has become a beneficial solution for them.
What needs improvement?
In terms of market leadership, it seems to be lagging behind. Zscaler has taken over the ownership because they've launched multiple solutions, whereas Netskope hasn't launched as much.
So, in my opinion, Netskope may require some R&D effort from the development team to stay on track. When they partnered with Meta, their graph didn't improve much.
Zscaler is leading because of diversity and better security. In my conversations with customers across the globe, especially in the APAC, Dubai, Singapore, and Indian regions, Zscaler is more commonly used than Netskope in larger organizations. Netskope is good for smaller organizations due to its cost-effectiveness, but for larger ones, the customers prefer everything in a single place.
Netskope seems to be lagging behind, especially after its partnership with Meta.
For how long have I used the solution?
I used this solution for three years.
What do I think about the stability of the solution?
I would rate the stability around seven out of ten. Sometimes, we face some difficulty, but it depends upon the complexity of the environment. Because it's not that much complex, we are able to troubleshoot each and every issue on our own by going to the Action Center and then the Netskope IT section. There is a filter option with the help of the logs, and then we can check where the traffic is getting logged or something like that without Wireshark as well.
But in a complex environment, we might require tech support as well. So it totally depends upon the customer's environment.
What do I think about the scalability of the solution?
I would rate its scalability around eight out of ten. However, larger companies might find some challenges due to the need for more complex architectures and approvals.
How are customer service and support?
I have a good experience with customer service and support. They do their best to make things possible because it's their job, and they have to resolve the ticket within a service.
Which solution did I use previously and why did I switch?
For proxy purposes, I have used Netskope. Otherwise, I have worked on multiple devices like Cisco DNS centers, Cisco for SD-WAN, and FortiGate firewalls. And for email security, I was using Proofpoint.
So, I work on multiple devices in the test environment.
How was the initial setup?
It's been quite easy to use. The deployment usually takes around one month. Because we need to design the architecture in such a way that multiple approvals are required for that. Post that, we can integrate it into our environment.
If you have a single office, then it is easy to set up in the architecture. But if you have multiple offices, then you have to check and decide on multiple POCs and multiple SOPs. We need to see and create; the installation usually takes one month. But before that, we require some documentation purposes that might take, for it depends on the organization to organization. So it might take two to three months.
What's my experience with pricing, setup cost, and licensing?
It's a bit cheaper and a bit more cost-effective than Zscaler.
What other advice do I have?
Overall, I can rate it around eight out of ten because no product is 100% accurate.
I advise you just to brush up on the basics because it is not as difficult as a firewall or the ECLs in Cisco because it has a GUI-based architecture. So, most of the troubleshooting from the customer's perspective can be done by clicking on the GUI. But if any issue arises, I would say that someone just focuses on the basics of the DNS, TCP/IP, and proxy as a product.
These are the main focus areas that you need to understand initially if you want to go ahead and implement these things. Because everything you do in a complex environment, you can usually use Wireshark to check where it is getting dropped and whether the ETL is allowed or not. That is all the same. Whether it's the same packet, the TCP handshake is there, or the DNS is all in. Everything which you can be on over the Wireshark.
So, I would suggest for the newcomers or the beginners just to focus on the basics. Once you focus on the basics, you will have a clear understanding of how all these flows take place, then you can easily learn any product within two to three months. There is no more than that because every organization will provide tech support if it is a product-based organization.
Usually, it will provide you with basic training for one or two months. So, that will be good.
*Disclosure: My company does not have a business relationship with this vendor other than being a customer.