We performed a comparison between Cisco Umbrella Zscaler Internet Access based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Both solutions received high marks from reviewers. Zscaler Internet Access has a slight edge over Cisco Umbrella since it is the less expensive product.
"Cisco Umbrella is such a solution and can be implemented very fast and easy. All that we must do is redirect the DNS registers in their routers, or the active directory service of the enterprise that are going to use in Umbrella services. If you buy the service now, in two hours you are protected by the service because it's very fast to put in service."
"Its simplicity is most valuable. I can install it and get it up and running, and it can be pervasive across my business within a business day. It is pretty simple and straightforward to install and configure. Its remit is reasonably clearly defined. When you look at solutions like Darktrace and Carbon Black, the mission objective isn't as clearly defined. Cisco Umbrella, Sophos Central, or some of the other solutions have a more standardized approach to antivirus, which includes enhanced response from the machine learning or deep learning perspective."
"Umbrella, being one pane for managing, being all-encompassing, allows us to quickly go in, make a change, and it applies to either every location, if we want it to, or we can have policies in place that only apply to certain users or certain computers."
"There is much differentiation within the licensing so if anyone wants DNS security from the DNS security log, we are there already, and if anyone wants to go to a secure internet gateway, that is also available. We can get the integrated cloud DLP license keys. That is a good benefit with Cisco Umbrella. You can get a complete solution in a single licensing."
"You can manage and create policies based on a group of users. It can permit some URLs and block others."
"The security and access control features."
"The most valuable features of this solution are the Web Filtering and the APT."
"It has excellent resilience in cybersecurity. Cybersecurity for my organization is very important because we are a banking organization. We need this security to protect the personal information of our clients. This is very important for our security."
"The most valuable features of Zscaler Internet Access are it's on the cloud, high network performance, and the interception of users is very easy."
"The cloud proxy and integration are some of the key features. Since there is cloud waste, we can quickly provision it and start working on the configuration. On top of that, they have added a few more features. They have integrated CASB, and file sandboxing is part of it."
"Zscaler Internet Access protects using data loss prevention. If you have a CASB exposing your cloud out into the network, then Zscaler Internet Access will go ahead and control that unknown cloud application in the CASB, protecting it. There is also data detection with exact data match. This improves the data coming into your cloud so you are protecting it."
"The most valuable features I found in Zscaler Internet Access are the restriction of users for a particular URL, the security feature related to stopping DDoS, and the VPN."
"The solution is scalable and stable."
"The data loss prevention feature is the most valuable. It stops our users from inadvertently leaking our customers' data to the Internet or anywhere else it shouldn't go."
"Zscaler Internet Access's roaming user feature is most valuable and is much better compared to other secure web gateways."
"The VPN is valuable, as the whole technology is very different from a traditional VPN."
"There are a couple of interface issues. I know that they say that there are feature enhancements that are noted. For example, we've got the Cisco Meraki security appliances, and there, we geofence our company to where we're allowed to send and receive traffic. So, in our case, by default, we only allow traffic to six different countries, which allows us to effectively prevent traffic for the majority of bad players in the world, but they don't give you an easy way to do that in Cisco Umbrella. With Cisco Meraki, I can specify or pick the countries. I can say that I want to only allow traffic from these six countries, and I'm done. With Cisco Umbrella, I have to rely on the fact that they're going to prevent traffic to other countries. They're going to decide if it's good or bad."
"It's a very new product, so it's quite immature at the moment. It can be more user friendly."
"We faced an issue regarding virtual appliances (VAs) during deployment. They could improve the quality and management of the virtual appliances offered right now. You can't see much because it is a Linux machine, and they have customized it. You don't have any route access to the machine, only seeing limited things in it. When we opened a ticket, they didn't know much about VAs themselves. So, that is where it is lacking right now. I know this will improve in the long run."
"It would be better if there was a little bit of flexibility for organizations that don't have SD One in their environment. Because of the complexity of the environment, it's not easy to actually turn on the feature of the secure internet gateway for our users. We have not been able to explore that option yet."
"It should have more integrations with multiple end user OEMs."
"The only thing I can think of is that I'd like to see a little more flexibility in policy creation. The way that policy is currently structured is like a "first hit succeeds" kind of policy. It would be nice if it were more hierarchical."
"It should have a real-time malware classification engine. It should check the malware on the website. It would be good if it had a real-time malware check for the websites because currently, it just compares the DNS queries of the blacklist. It should also have malware control over file execution and the types of files that the users are allowed to download."
"The integration with Cisco could be better."
"The main issue with Zscaler Internet Access is proxy IP detection, which sometimes makes sites inaccessible."
"The performance needs improvement. Some areas create performance issues and, depending on the use cases, require reconfiguration to perform again."
"Sometimes, support isn't available."
"There are a few features that are not compatible with the Azure cloud."
"Zscaler Internet Access could improve by adding a VPN feature."
"I would like to see more training and video documentation."
"They block Zscaler IPs when the traffic origin is from Zscaler IPs. They've been blocked by certain government organizations so the end users are not able to visit those websites unless we ask them to unblock those IP. This is a bit problematic."
"An improvement would be if they could provide an out-of-the-box experience, like 20 to 30 features all ready to go. In comparison, LogRhythm offers out-of-the-box features. With Zscaler Internet Access, there is firewall IPS, multiple security services, filtering, DLP, and CASB browser isolation. These are things that all users are going to be using. However, when an administrator or architect would start building this, I would definitely need to engage professional services to help clients do it."
Cisco Umbrella is ranked 1st in Secure Web Gateways (SWG) with 46 reviews while Zscaler Internet Access is ranked 2nd in Secure Web Gateways (SWG) with 21 reviews. Cisco Umbrella is rated 8.8, while Zscaler Internet Access is rated 8.6. The top reviewer of Cisco Umbrella writes "We can see all of our locations in one place and only have to make changes once for all our locations". On the other hand, the top reviewer of Zscaler Internet Access writes " AI decision-making on quarantined documents reduces manual work". Cisco Umbrella is most compared with Microsoft Defender for Cloud Apps, Palo Alto Networks DNS Security, Infoblox Advanced DNS Protection, Fortinet FortiGate SWG and Prisma Access by Palo Alto Networks, whereas Zscaler Internet Access is most compared with Netskope CASB, Microsoft Defender for Cloud Apps, Forcepoint Secure Web Gateway, Palo Alto Networks WildFire and Prisma SaaS by Palo Alto Networks. See our Cisco Umbrella vs. Zscaler Internet Access report.
See our list of best Secure Web Gateways (SWG) vendors and best Internet Security vendors.
We monitor all Secure Web Gateways (SWG) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
I would widen my options to include Netskope.
Tech support is far better should or if you require it, deployment is much faster, and integrations with API's is better than either of the other two.
Cisco Umbrella and Zscaler Internet Access are two broad-spectrum Internet security solutions that I have tried.
Zscaler Internet Access is a good option for carrying out multiple security functions in a single solution. It includes web filters, firewalls, and sand boxing. The platform is simple to implement and update. Since it is cloud-based, it saved me from having to handle complex local security configurations. The single-sign-on feature saved me from having to log in every time.
The web filtering and scanning are fast and don’t generate any latency. The bandwidth control is very useful for controlling endpoints and gives consistent service.
Although Zscaler Internet Access is easy to set up, it is far from user-friendly. The user interface for the management dashboard is difficult to navigate. Blocking websites is frustrating, and it only works well if you whitelist webs. The reporting feature is not customizable.
One advantage to Zscaler is that you can deploy it to your company’s mobile phones so you can keep all endpoints secure.
Cisco Umbrella is easy to implement, and it comes with built-in configurations so you don’t need to configure them yourself. It gives you statistics so you can adjust policies according to threat patterns. It is stable and very simple. Once you install it, you can get it running in a few minutes. It is very well suited for distributed networks with many on-premises endpoints. Additionally, DNS security is top notch.
On the downside, the statistics on Cisco Umbrella are quite difficult to parse. We found it was difficult to integrate the solution with MS Active Directory.
Conclusions
Cisco Umbrella is powerful and helps to secure a network, especially with distributed users. Both solutions are strong, but I think Cisco Umbrella might be more useful for large enterprises.
Fantastic points you have highlighted Leah. The DNS functionality of the Umbrella.
I think the functionality I love about Umbrella is that it's an enterprise solution providing web security for both on-prem and mobile users. Being a cloud solution centralized management of the solution is made easy. Thank you, Cisco.