We performed a comparison between Cisco Umbrella Zscaler Internet Access based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Both solutions received high marks from reviewers. Zscaler Internet Access has a slight edge over Cisco Umbrella since it is the less expensive product.
"Application performance has greatly improved and there are less operational issues. Productivity has been going up because we have less operational issues. Also, we have happy customers."
"Cisco's technical support is pretty good. When a solution is available, they will find it. On a scale from one to ten with ten being the best, I'd rate Cisco's technical support at nine."
"I like the DNS layer security."
"Umbrella, being one pane for managing, being all-encompassing, allows us to quickly go in, make a change, and it applies to either every location, if we want it to, or we can have policies in place that only apply to certain users or certain computers."
"It is a good cloud-based solution for DNS security."
"It enables us to go granular in the customization of blocking some categories on the DNS."
"There is much differentiation within the licensing so if anyone wants DNS security from the DNS security log, we are there already, and if anyone wants to go to a secure internet gateway, that is also available. We can get the integrated cloud DLP license keys. That is a good benefit with Cisco Umbrella. You can get a complete solution in a single licensing."
"The most valuable feature is the ability to filter malware sites that could infect clients or allow them to download infected files."
"Zscaler Internet Access's roaming user feature is most valuable and is much better compared to other secure web gateways."
"It is easy to set up the solution."
"The most valuable features I found in Zscaler Internet Access are the restriction of users for a particular URL, the security feature related to stopping DDoS, and the VPN."
"There is no lag in service when accessing the internet."
"I like the granularity of the control of all the traffic, including SSL inspection. I also like the fact that the user interface is intuitive. The latencies with Zscaler are minimal compared to those of any other competitor. Other competitors do not really have the global scale that Zscaler has and cannot promise low latencies."
"Overall, we're very happy with our product."
"Zscaler Internet Access's best feature is the granular policy controls."
"The most valuable feature is the ability to drop packets."
"The price could be better. The price is definitely a bit high, but we have to pay a premium for Cisco products."
"The integration with other solutions is a little complex. If you want to integrate with something like ArcSight or LogRhythm or Splunk, you need to do a lot of configuration. There are no easy ways to implement it."
"There are a couple of interface issues. I know that they say that there are feature enhancements that are noted. For example, we've got the Cisco Meraki security appliances, and there, we geofence our company to where we're allowed to send and receive traffic. So, in our case, by default, we only allow traffic to six different countries, which allows us to effectively prevent traffic for the majority of bad players in the world, but they don't give you an easy way to do that in Cisco Umbrella. With Cisco Meraki, I can specify or pick the countries. I can say that I want to only allow traffic from these six countries, and I'm done. With Cisco Umbrella, I have to rely on the fact that they're going to prevent traffic to other countries. They're going to decide if it's good or bad."
"It would be better if there was a little bit of flexibility for organizations that don't have SD One in their environment. Because of the complexity of the environment, it's not easy to actually turn on the feature of the secure internet gateway for our users. We have not been able to explore that option yet."
"The main issue that we have is with the final steps or the full integration and getting rid of Zscaler. The company still has to fall back to Zscaler when something in Umbrella is not working as expected, such as when we enable SSL inspection. When something is not working 100%, the company is falling back to Zscaler."
"There are some situations where we would like to block things for specific user groups. I know that Umbrella does that, but it's not that easy.... when you want a specific task for specific rules and policies for user groups, you have to go three levels down in the menu, and it's hard to find where you do that task."
"I'd like to see improvement in its overall integration with all the other platforms. There's some integration between Umbrella and Meraki, but an overall Cisco problem is that there are so many different tools, and finding easy, seamless ways of connecting everything together is always a challenge."
"Network connectivity was a bit of a challenge at the beginning, but we were able to get the right help from Cisco."
"They block Zscaler IPs when the traffic origin is from Zscaler IPs. They've been blocked by certain government organizations so the end users are not able to visit those websites unless we ask them to unblock those IP. This is a bit problematic."
"The price of the solution could be improved."
"Sometimes it's not easy to use during large deployments of workstations."
"The interface for administration could be better. They should upgrade the management portal."
"An improvement would be if they could provide an out-of-the-box experience, like 20 to 30 features all ready to go. In comparison, LogRhythm offers out-of-the-box features. With Zscaler Internet Access, there is firewall IPS, multiple security services, filtering, DLP, and CASB browser isolation. These are things that all users are going to be using. However, when an administrator or architect would start building this, I would definitely need to engage professional services to help clients do it."
"The solution is expensive. They recently revised the pricing and packaging. Some of our existing customers have been asking for alternate solutions for a lower price."
"The main issue with Zscaler Internet Access is proxy IP detection, which sometimes makes sites inaccessible."
"Technical support could be better."
Cisco Umbrella is ranked 1st in Secure Web Gateways (SWG) with 39 reviews while Zscaler Internet Access is ranked 2nd in Secure Web Gateways (SWG) with 26 reviews. Cisco Umbrella is rated 8.8, while Zscaler Internet Access is rated 8.4. The top reviewer of Cisco Umbrella writes "We can see all of our locations in one place and only have to make changes once for all our locations". On the other hand, the top reviewer of Zscaler Internet Access writes " AI decision-making on quarantined documents reduces manual work". Cisco Umbrella is most compared with Microsoft Defender for Cloud Apps, Palo Alto Networks DNS Security, Fortinet FortiGate SWG, Infoblox Advanced DNS Protection and Prisma Access by Palo Alto Networks, whereas Zscaler Internet Access is most compared with Netskope CASB, Microsoft Defender for Cloud Apps, Forcepoint Secure Web Gateway, Palo Alto Networks WildFire and Appgate SDP. See our Cisco Umbrella vs. Zscaler Internet Access report.
See our list of best Secure Web Gateways (SWG) vendors and best Internet Security vendors.
We monitor all Secure Web Gateways (SWG) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
I would widen my options to include Netskope.
Tech support is far better should or if you require it, deployment is much faster, and integrations with API's is better than either of the other two.
Cisco Umbrella and Zscaler Internet Access are two broad-spectrum Internet security solutions that I have tried.
Zscaler Internet Access is a good option for carrying out multiple security functions in a single solution. It includes web filters, firewalls, and sand boxing. The platform is simple to implement and update. Since it is cloud-based, it saved me from having to handle complex local security configurations. The single-sign-on feature saved me from having to log in every time.
The web filtering and scanning are fast and don’t generate any latency. The bandwidth control is very useful for controlling endpoints and gives consistent service.
Although Zscaler Internet Access is easy to set up, it is far from user-friendly. The user interface for the management dashboard is difficult to navigate. Blocking websites is frustrating, and it only works well if you whitelist webs. The reporting feature is not customizable.
One advantage to Zscaler is that you can deploy it to your company’s mobile phones so you can keep all endpoints secure.
Cisco Umbrella is easy to implement, and it comes with built-in configurations so you don’t need to configure them yourself. It gives you statistics so you can adjust policies according to threat patterns. It is stable and very simple. Once you install it, you can get it running in a few minutes. It is very well suited for distributed networks with many on-premises endpoints. Additionally, DNS security is top notch.
On the downside, the statistics on Cisco Umbrella are quite difficult to parse. We found it was difficult to integrate the solution with MS Active Directory.
Conclusions
Cisco Umbrella is powerful and helps to secure a network, especially with distributed users. Both solutions are strong, but I think Cisco Umbrella might be more useful for large enterprises.
Fantastic points you have highlighted Leah. The DNS functionality of the Umbrella.
I think the functionality I love about Umbrella is that it's an enterprise solution providing web security for both on-prem and mobile users. Being a cloud solution centralized management of the solution is made easy. Thank you, Cisco.