Coming October 25: PeerSpot Awards will be announced! Learn more

Zscaler Internet Access OverviewUNIXBusinessApplication

Zscaler Internet Access is #2 ranked solution in top Web Security Gateways and top Internet Security tools. PeerSpot users give Zscaler Internet Access an average rating of 8.6 out of 10. Zscaler Internet Access is most commonly compared to Cisco Umbrella: Zscaler Internet Access vs Cisco Umbrella. Zscaler Internet Access is popular among the large enterprise segment, accounting for 66% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 22% of all views.
Zscaler Internet Access Buyer's Guide

Download the Zscaler Internet Access Buyer's Guide including reviews and more. Updated: September 2022

What is Zscaler Internet Access?

Zscaler Internet Access is a cloud-native security service edge (SSE) platform. Its main purpose is to provide AI-powered protection for all users, all applications, and all locations. The solution replaces other legacy network security solutions to stop advanced attacks and prevent data loss by using a comprehensive zero trust approach.

Zscaler Internet Access Features

Zscaler Internet Access has many valuable key features. Some of the most useful ones include:

  • Proxy (native SSL)
  • IPS and advanced protection
  • Cloud sandbox
  • DNS security
  • Cloud firewall
  • URL filtering
  • Bandwidth control
  • DNS filtering
  • Cloud DLP w/EDM and IDM
  • Cloud access security broker (CASB)
  • Cloud security posture management (CSPM)
  • CloudBrowser isolation
  • Cloud secure web gateway (SWG)
  • Zero trust network access (ZTNA)
  • Digital experience monitoring

Zscaler Internet Access Benefits

There are several benefits to implementing Zscaler Internet Access. Some of the biggest advantages the solution offers include:

  • Fast access with zero infrastructure: Zscaler Internet Access creates a fast, seamless user experience because of its direct-to-cloud architecture. With no infrastructure, Zscaler Internet Access helps you eliminate backhauling, which improves performance and simplifies network administration.
  • Threat intelligence: By using threat intelligence, Zscaler Internet Access can stop ransomware, zero-day malware, and advanced attacks via Inline inspection of all internet traffic, including SSL decryption, and a suite of AI-powered cloud security services. 
  • Consistent security: With Zscaler Internet Access, your security policy goes everywhere your users go. When you move security to the cloud, all users, applications, devices, and locations remain protected and secure based on identity and context.
  • Hybrid workforce: Zscaler Internet Access enables secure access to all external and internal apps from anywhere, so remote work is not an issue. You can also enforce business policies that follow the user, making security identical regardless of location.

Reviews from Real Users

Below are some reviews and helpful feedback written by Zscaler Internet Access users.

A Service Manager at a construction company says, "There are a bunch of different capabilities that are valuable within the platform. We use quite a lot of them, but not everything. The ones that are most important to us are the URL Filtering and the application control. For our needs, the cloud-native proxy architecture is a very good solution. This architecture helps with cyber threats because we inspect most of the traffic and we can see that a lot of threats are stopped directly in the secure web gateway."

Owen N., Security Architect at Claro Enterprise Solutions, explains that the solution’s most valuable features include “The integration of the gateway that inspects all ports and protocols. So, there is threat prevention; The cloud sandbox; VNS security; Access control that will protect URL filtering and the cloud firewall; Data protection that will protect your gateway, like your CASB or your cloud DLP; The capabilities of this will point your traffic to Zscaler Cloud.”

An Architecture Senior Manager at an insurance company mentions, "The data loss prevention feature is the most valuable. It stops our users from inadvertently leaking our customers' data to the Internet or anywhere else it shouldn't go." He also adds, “The solution provides quick access to cloud services, securing our data and allowing us to inspect all our traffic.”

Zscaler Internet Access was previously known as ZIA.

Zscaler Internet Access Customers

Ulster-Greene ARC, BanRegio, HDFC, Ralcorp Holdings Inc., British American Tobacco, Med America Billing Services Inc., Lanco Group, Aquafil, Telefonica, Swisscom, Brigade Group

Zscaler Internet Access Video

Zscaler Internet Access Pricing Advice

What users are saying about Zscaler Internet Access pricing:
  • "The pricing is fair based on its competitive market."
  • "The price is competitive. It's not cheap and it's not expensive."
  • "There are multiple bundles: enterprise, business, and transformation. Transformation includes all the features, but recently I've seen a few more line items that are additional costs. Overall, it's expensive."
  • Zscaler Internet Access Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Service Manager at a construction company with 10,001+ employees
    Real User
    Top 10
    AI decision-making on quarantined documents reduces manual work
    Pros and Cons
    • "For our needs, the cloud-native proxy architecture is a very good solution. We are moving away from on-prem appliances and moving more toward cloud-based solutions. Zscaler is a good fit for our strategy. This architecture helps with cyber threats because we inspect most of the traffic and we can see that a lot of threats are stopped directly in the secure web gateway."
    • "The reporting functionality could be a bit easier to use. There is a reporting function, but it's quite hard to do any good reporting, from a user-management perspective. For example, if a department manager wants to know how his department is using the web, there is a way to get the data, but it's quite cumbersome to get it and show it well. And that's true for comparing between departments."

    What is our primary use case?

    It's primarily for end-user access to the public internet. We use the proxy functionality and the URL Filtering.

    We have a global policy for all our users. While there are a few categories of URLs that we are not allowed to do SSL inspection on, the primary function for us is to do SSL inspection so that we can make use of the built-in anti-malware and antivirus—the advanced-threat features—within the platform. We do SSL inspection of some 80 percent of all the traffic and we can evaluate if it's malicious or not.

    It is a cloud solution where pretty much everything is handled by Zscaler.

    How has it helped my organization?

    Zscaler has helped to reduce the time we spend managing security policies. That is very important to us. A lot of the features it has are AI-based decision-making. For instance, if we implement a sandboxing rule for how files of a certain type should be inspected, we also can activate the AI decision-making process. That way, even if a file is new to the sandboxing environment, it can still see that it is a PDF and has these and these characteristics. Based on that, the AI says that "No, this file is not malicious," even though it normally would have been quarantined and sandboxed and have gone through the whole analysis process. The AI helps out in minimizing the time to do that analysis. And that also helps in reducing the burden of someone actually having to do things manually.

    If you count everything that was involved in managing the appliances, the lifecycle management, and support contracts, in our old environment, we have reduced the number of FTEs managing the environment from five or six to about two.

    It has also definitely helped reduce the number of infected devices in our organization by proactively preventing attacks. Since we scan almost all of the traffic, we now see how much of the traffic is "malicious." In our environment, we block about 1.6 million threats every quarter, but we don't know the severity of those threats. Maybe 1 million of them are malicious content in some way, while half a million are adware. But there are real threats that are being blocked, like botnet callbacks, cross-site scripting, and browser exploits. On average, we are blocking about 500,000 threats per month. 

    What is most valuable?

    There are a bunch of different capabilities that are valuable within the platform. We use quite a lot of them, but not everything. The ones that are most important to us are the URL Filtering and the application control. 

    For our needs, the cloud-native proxy architecture is a very good solution. We are moving away from on-prem appliances and moving more toward cloud-based solutions. Zscaler is a good fit for our strategy. This architecture helps with cyber threats because we inspect most of the traffic and we can see that a lot of threats are stopped directly in the secure web gateway. But there are parts of it that we don't use yet, like the DLP functions. Instead, we are using the Zscaler Cloud Sandbox feature for content that is downloaded as files. We detonate the document in a sandbox and see if it's malicious or not.

    It's a very easy-to-learn and easy-to-use platform, even for me as a more non-technical person. I'm still able to do a lot of work in this platform.

    What needs improvement?

    The reporting functionality could be a bit easier to use. There is a reporting function, but it's quite hard to do any good reporting, from a user-management perspective. For example, if a department manager wants to know how his department is using the web, there is a way to get the data, but it's quite cumbersome to get it and show it well. And that's true for comparing between departments. It's quite hard to get a good report. 

    Another issue is that the API documentation could be a bit more up-to-date. They're implementing stuff, but not updating the documentation all the time.

    Buyer's Guide
    Zscaler Internet Access
    September 2022
    Learn what your peers think about Zscaler Internet Access. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
    633,572 professionals have used our research since 2012.

    For how long have I used the solution?

    We have been using Zscaler Internet Access for the last five years.

    What do I think about the stability of the solution?

    Since we have global reach, we are seeing a bit more instability in Asia, primarily in China, but I'm not sure that it's related to Zscaler. I think it's more due to how China does things in terms of internet access.

    What do I think about the scalability of the solution?

    It scales very well, if you go for the cloud-based solution alone. In certain regions in the world, we have started to implement local appliances, like a VEN node, where we don't have good coverage from Zscaler's public data centers. But if you only use the public data centers, it's getting a lot better. A while back, there were 35 or 40 data centers that we could use globally, but now there are over 80. So the scalability is quite good for us.

    How are customer service and support?

    Zscaler's technical support team is good at what they do, and they help us fix our problems quite fast. I would rate them eight on a scale of one to 10. There's always room for improvement.

    We have had issues from time to time where they don't really see our problem as a problem, but we, as a customer, are being affected. They have a few different ISPs that take care of traffic to and from their data centers, and when their ISP is not performing, we, as customers, are suffering. There have been occasions when we have seen that our traffic is being routed very strangely within the Zscaler network, but they don't see that as a problem. We do, because all of a sudden, all of our Swedish users are going to the data center in Norway instead of Sweden. For Zscaler that is not a problem because they are still doing their job. But for our users, it's complicated because Norway is not part of the European Union, whereas Sweden is. If they go through the VEN node in Oslo, Norway, we cannot reach stuff that is EU-regulated, such as export and import functions within the EU. That is a big part of what we do. At times, it has been hard to get the Zscaler TAC team to understand that this is a problem for us, as a company.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We used to have an on-prem solution doing pretty much the same thing as Zscaler, but as our strategy is cloud-first and internet-first, we thought that we should also use a cloud-based solution. We started to look at the alternatives, five or six years ago. What we saw was that there was only one, at the time, that was mature enough for our needs.

    Since then, Zscaler has evolved quite a lot. In the beginning, there was no Zscaler Client Connector, an agent on your computer. It was all cloud-based, but that changed about a half a year after we started to use Zscaler. We assessed whether Zscaler fit our needs or not and we saw that for 75 or 80 percent of our needs, it was a good fit. Some aspects were not mature back then but they have matured over time.

    How was the initial setup?

    The initial deployment was quite straightforward. I wasn't really on board at the time the implementation of Zscaler took place, but overall, when new features and functionalities are added to the product, it's quite straightforward to implement them and to roll them out to large user groups, or globally. From a rollout perspective, it's quite easy to use.

    Initially, one of our demands was that everything should be cloud-based, meaning we shouldn't have any agents on each computer. We learned the hard way that such an approach doesn't work well, because you need something to control the path from the user's computer to the Zscaler cloud. You need to be able to steer how the traffic goes. You can do that with PAC files. But ultimately, together with Zscaler, we figured out that a client was needed, at least for our needs.

    What was our ROI?

    Zscaler has helped us save costs by enabling us to decommission all of our legacy proxies. We had at least nine locations with appliances, and we had multiple appliances per location. It has helped us save money.

    We have also seen ROI in terms of the cost of both the lifecycle management and the service and support contract that we previously needed. We have saved quite a lot there. I don't know the exact numbers, because I'm not in charge of the finances, but if you count the resources needed to manage the platform, we have saved up to 45 or 50 percent of the cost we used to have.

    Which other solutions did I evaluate?

    Back then, there weren't many other cloud-based solutions available. There were hybrid models, but we wanted a completely cloud-based solution. 

    At the time, Symantec had the beginning of a cloud-based solution, but it was very immature and it didn't work as well as Zscaler. Zscaler had been around since around 2010 and was five years into their journey, while Symantec was only a year or two into their journey. We opted for the most mature at that time.

    Since then, we have looked at other solutions, including Netskope and a few others. They are similar in their design, but Zscaler has features in its design that make it stand out from the competitors. For instance, their scanning methodology is something like, "Scan once, analyze many times." That means there is a one-time scan of the traffic, but with multiple different threat engines, for antivirus and anti-malware, et cetera. And they do it only in the RAM memory of their cloud solution machines, which makes it super-fast. They can scan a lot of traffic in a very short amount of time. That part is something that a lot of other vendors are not doing. They're scanning in sequence, not in parallel.

    What other advice do I have?

    Make use of the Zscaler Client Connector as much as you can, with all of the functionality that comes with it. Also, do not allow the users to disable the Zscaler Client Connector, because then you don't know if traffic is actually going through Zscaler or not. If it's always on, you know that if something is not working, it's your policies that are doing something to the traffic. We used to make it possible for a user to disable the Zscaler Client Connector, which then made it impossible for us, as the team that troubleshoots problems, to know if the traffic was actually going through Zscaler or not. If you don't have that control, you don't know where the problem is. Now, at least we know that it's either on the client or it's on Zscaler or it's on the destination that they're trying to reach.

    As for saving time with this system versus deploying and managing traditional network security hardware, it depends on how you build your management of the solution. We have opted for a solution where we manage everything centrally. We have one IT team that manages all of the Zscaler Internet Access policies and settings. But there is an option, and it's one of the strengths of Zscaler, to delegate control of parts or all of the solution to other teams. For instance, you could have URL Filtering policies that are managed by a local IT team in a given country. We don't do that. We manage everything from one team and we control everything, for our whole organization, from this management platform. We control the forwarding policies, the application access policies, the URL Filtering policies—pretty much everything.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Security Architect at a comms service provider with 201-500 employees
    Real User
    Top 5Leaderboard
    Inspects all your traffic so you don't get compromised
    Pros and Cons
    • "Zscaler Internet Access protects using data loss prevention. If you have a CASB exposing your cloud out into the network, then Zscaler Internet Access will go ahead and control that unknown cloud application in the CASB, protecting it. There is also data detection with exact data match. This improves the data coming into your cloud so you are protecting it."
    • "An improvement would be if they could provide an out-of-the-box experience, like 20 to 30 features all ready to go. In comparison, LogRhythm offers out-of-the-box features. With Zscaler Internet Access, there is firewall IPS, multiple security services, filtering, DLP, and CASB browser isolation. These are things that all users are going to be using. However, when an administrator or architect would start building this, I would definitely need to engage professional services to help clients do it."

    What is our primary use case?

    You can have mobile employees who forward traffic into a Zscaler client, or you could use a PAC file. So, if users connect at the beach, a hotel, coffee shop or something outside their actual office, it will give them protection.

    You can use it with a secured Internet using a web gateway to deliver to the cloud.

    How has it helped my organization?

    The benefits of Zscaler Internet Access are the speed of the solution and never having performance issues or limitations. The fact that none of my end users are experiencing any threats, zero-day, bots, or malware says a lot about the solution. 

    Zscaler Internet Access enables the inspection of traffic, including SSLs. You want to make sure that nothing is coming in through your HTTPS traffic. For anything that is coming in that might be a threat, you want to ensure that you are using a good proxy for that. There is malicious traffic out there, so you want to make sure you are tracking and viewing that. There are a lot of threats that come through as well as a lot of programming languages, so you definitely need to inspect traffic.

    It is worth it. It works. I don't need multiple alerts, because it is set up with the right policies. Definitely, it is a beneficial device which doesn't always need constant monitoring. It inspects the encrypted traffic and verifies what threats are coming in. It intercepts incoming traffic and decrypts it, then reviews it. So, why have antivirus scanning or web filtering if Zscaler can do it? It protects me from man-in-the-middle attacks as well. When you use a firewall, you have alerts and false positives, but Zscaler Internet Access pretty much decreases those errors and alerts.

    There isn't congestion on your network when you are inspecting traffic with Zscaler Internet Access. 

    What is most valuable?

    • The integration of the gateway that inspects all ports and protocols. So, there is threat prevention. 
    • The cloud sandbox
    • VNS security
    • Access control that will protect URL filtering and the cloud firewall. 
    • Data protection that will protect your gateway, like your CASB or your cloud DLP. The capabilities of this will point your traffic to Zscaler Cloud.

    The proxy architecture is the way to go. Zscaler uses it to protect their applications on the cloud. So, if you are using Box, Office 365, or even have an end user using LinkedIn or YouTube, then it will give you updated threat updates. It will also inspect all your traffic so you don't get compromised.

    Advanced Threat Protection on Zscaler Internet Access has a few functionalities. It has ways to find threats. So, if they are actually hiding, you could do an inspection of your SSL traffic. You also have DNS security in Zscaler Internet Access that will help you route suspicious command-and-control attacks as well as detect threats when it does a full inspection. 

    Zscaler Internet Access protects using data loss prevention. If you have a CASB exposing your cloud out into the network, then Zscaler Internet Access will go ahead and control that unknown cloud application in the CASB, protecting it. There is also data detection with exact data match. This improves the data coming into your cloud so you are protecting it. 

    It offers a Cloud Browser Isolation feature, which exfiltrates browser activities from the end user's device. This feature can eliminate our exposures on that.

    I like its features because they help me eliminate firewalls. I don't need to have firewalls, SIEMs, or an IPS/IDS. So, if all my end users are remote and using Office 365, I am already protecting them because they are in the cloud. I just have to attach the security application, which makes sure that any user who is mobile or remote is protected, without spending money on other solutions.

    What needs improvement?

    I wish there were a lot less products to learn, because there are a lot. They just keep surprising me with new features, even in the SaaS arena, and they keep improving in every facet. We are Zscaler partners, so I got certified in two platforms, but there is a lot room for improvement. There is just too much training, where they focus a lot on protecting the Internet as everyone is moving to the cloud. I would love for the training to be shortened.

    For how long have I used the solution?

    I have been exposed to it for a year.

    What do I think about the stability of the solution?

    My clients have never really called to tell me that stability has been an issue. Feedback has always been positive. 

    What do I think about the scalability of the solution?

    It is a scalable solution. It is easy to scale and secure remote users. If a company hires 100 more people, I don't think it would be a problem.

    The largest environment, which I reviewed, had 2000 employees.

    How are customer service and support?

    I would rate their professional services or technical support as five out of five based on their experience and expertise. They know how to answer all my client's problems. They are really quick to trigger and understand the client's needs as well as be very supportive. They do very well when helping their clients.

    How would you rate customer service and support?

    Positive

    How was the initial setup?

    What I have seen when I am doing PoCs is you need some perimeters to start building this platform and integrating policies from day one. 

    An improvement would be if they could provide an out-of-the-box experience, like 20 to 30 features all ready to go. In comparison, LogRhythm offers out-of-the-box features. With Zscaler Internet Access, there is firewall IPS, multiple security services, filtering, DLP, and CASB browser isolation. These are things that all users are going to be using. However, when an administrator or architect would start building this, I would definitely need to engage professional services to help clients do it.

    Every customer is different. On average, it could be a two-week deployment. If you are using other devices, like Fortinet SD-WAN deployment, you definitely have to make sure your configured IPsecs are correct. You might have to review policies and your SD-WAN roles. You need to do a lot of cleaning up before you start deploying.

    What about the implementation team?

    We have a client who wants to start deploying the Cloud Browser Isolation feature. You can embrace this cloud platform using IPAC Files, which is just a clean way of deploying it.

    I have personally worked for other vendors doing professional services as part of a professional services team. Every client decided to purchase professional services because deploying Zcaler Internet Access is too complex.

    What was our ROI?

    I am saving money right now because I am not using old technology, like when we had everything on-premise and in the data center. Now, I just have to direct my end users to the Zscaler file and make sure that they are connected and secure. So, I am eliminating the total cost of ownership and the headaches of on-premise devices. I am also reducing their risk by making sure that they are protected in real-time.

    When I talk to clients, they mention that there is a return of investment from improving the real-time protection. There is no need anymore to buy: 

    • An antivirus
    • A third-party vendor to protect your DNS, like Cloudflare. 
    • Check Point SandBlast 
    • Symantec DLP, Forcepoint, or Netskope since you already have DLP protection. 
    • LogRhythm or Splunk for logging.

    Those are the benefits. I have a lot of clients explaining this to me that this is the reason to have this solution. Zscaler Internet Access is transforming all that for web traffic security.

    What's my experience with pricing, setup cost, and licensing?

    The pricing is fair based on its competitive market.

    Which other solutions did I evaluate?

    Palo Alto's vulnerability assessment requires an on-prem solution to work with your cloud. Zscaler Internet Access has already been bundled up to provide no-hassle, free Internet network connectivity that ensures protection. When you are using Palo Alto and want to assess vulnerability in your network, you probably need to use on-prem and cloud workloads. There is no reason to do that with Zscaler Internet Access.

    Zscaler Internet Access has ease of development, like minimal setups needed for connectivity. You can continue securing protection, allowing your remote users to have access to your applications. Then, it is pretty quick to set up for Zscaler Internet Access. Some companies don't have many tools, so there are no delays there. When it comes to LogRhythm, there are a lot of things that you have to deal with. You have to deal with your log server as well as setting up your authentication server, firewalls, policies, rules, and zones, then you need to get it running and customize it based on your company's needs. Because LogRhythm has 30-plus features ready to go, it can be easier and smoother to deploy. However, there will always be a couple things where you have to do some preliminary requirements before you continue.

    What other advice do I have?

    Overall, it is a secure platform.

    I actually interviewed with Zscaler to work with them because I have been impressed with their technology overall, especially over Palo Alto Networks technology who is their competitor and has a SaaS solution as well. From the top to bottom, Zscaler Internet Access is a great security product that protects my end users and remote users in the cloud.

    If you want total cost of ownership and zero-trust architecture, Zscaler is the right solution to fit the needs of any environment.

    I would rate the solution as 10 out of 10.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    PeerSpot user
    Buyer's Guide
    Zscaler Internet Access
    September 2022
    Learn what your peers think about Zscaler Internet Access. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
    633,572 professionals have used our research since 2012.
    Architecture Senior Manager at a insurance company with 10,001+ employees
    Real User
    Top 20
    Provides quick access to cloud services, securing our data and allowing us to inspect all our traffic
    Pros and Cons
    • "The data loss prevention feature is the most valuable. It stops our users from inadvertently leaking our customers' data to the Internet or anywhere else it shouldn't go."
    • "One thing that they could improve is the ability to import rules from other platforms."

    What is our primary use case?

    The product is an Internet proxy solution. We use it to manage our users' Internet access, making sure that they don't go to the wrong site. We also use it for data loss prevention.

    How has it helped my organization?

    The main benefit that we have seen is performance improvements based on not having to backhaul traffic and getting cloud services closer to the user.

    It provides a modern, cloud-first model. It allows the users quick access to the cloud, depending on where they are in the world. We have users all over the world who access cloud services in their native regions. Previously, we had to backhaul the traffic to our data centers somewhere in the world, then go back to that region. Now, we don't have to do that. A user and data stays within that region. There is no latency there.

    It allows us to inspect all our traffic, including SSLs. This is extremely important because most sites use SSLs nowadays. Putting non-SSL inspected data directly into the source would mean that there is a potential for data loss. 

    Protecting our customers' data is our number one priority. The data loss prevention rules that we have in place make sure that there is nothing within the packets relevant to our customers. 

    What is most valuable?

    The data loss prevention feature is the most valuable. It stops our users from inadvertently leaking our customers' data to the Internet or anywhere else it shouldn't go.

    The cloud-native proxy architecture certainly seems fast enough. The performance is good. The multi-country nature of it allows us to keep the proxy closer to the user so a user's data doesn't transit as far as it would otherwise. It helps to keep latency down and the speed up. It also helps a little bit with cyber threats, but that is not necessarily its primary purpose for us.

    Zscaler is constantly improving the network. They are adding new data centers and regions all the time. They listen to feedback, and based on where we tell them to go and put data centers, they add new data centers. For example, they created a couple of data centers in the Middle East, which has been very helpful for us.

    What needs improvement?

    One thing that they could improve is the ability to import rules from other platforms.

    For how long have I used the solution?

    We have been using it for slightly more than a year.

    What do I think about the stability of the solution?

    Its stability is first-class. We haven't had any issues during the time that we have been using it.

    What do I think about the scalability of the solution?

    It certainly scales to what we have asked it to do so far. We have over 50,000 users on it without a single problem.

    How are customer service and support?

    From a technical support perspective, when we leave a ticket, the time it takes for them to close the ticket is very fast. Their resolution time is exceptional.

    I would rate Zscaler Professional Services and technical support as eight out of 10. I am dropping two points because of some blanks in the time zone support.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We are using it with 20% to 25% of our business at the moment. We are migrating to it from our previous legacy platform.

    It adds an alternate layer of protection. We were already using a very powerful tool to do this, but that tool wasn't quite as fast and smart.

    How was the initial setup?

    It was very complex, but there was training provided by Zscaler. That was very good for understanding it thoroughly. It was complex because we had to make sure that all our rules from previous platforms were migrated over so all our users had access to the same things that they had access to in previous models. 

    We aren't yet fully deployed. We have been at it for about a year and a half. We currently have over 50,000 users deployed and another 120,000 to go.

    The only pain points that we have are self-inflicted because of our slow rollout of the product, which is not actually Zscaler's fault.

    What about the implementation team?

    We had Zscaler Professional Services helping us for quite a long time at the start of the project. They made sure that everything was set up correctly with no holes. They were very good and first-class.

    What was our ROI?

    So far, it has not saved us on costs as a result of retiring on-premises technology, next-generation firewalls, legacy proxies, or MPLS links. Though, we are expecting it to do that going forward.

    What's my experience with pricing, setup cost, and licensing?

    I have not been involved with pricing and licensing.

    Which other solutions did I evaluate?

    We evaluated several solutions.

    What other advice do I have?

    Try it, test it out, and make sure it works for you. It is not going to work for everybody because it is not a zero-cost solution. However, it does provide significant benefits in terms of its latency and capability to inspect your traffic as well as keeping your customer data secure.

    It hasn't saved us time as compared to deploying and managing traditional network security hardware because we already had everything in place from a traditional standpoint. We take security very seriously. Security is paramount to what we do. We cannot, under any circumstances, allow our customers' data to be compromised. So, we have all the correct things in place from a traditional standpoint. We are now modernizing, and Zscaler Internet Access allows us to do that. However, we will not compromise at all. We have to move slowly to it.

    It has not reduced the time that we spend managing security policies. The security policies used on Zscaler Internet Access are the same ones that we used with our previous technologies.

    It has not really reduced the number of infected devices in our organization because we already had preventions in place with other technologies. We didn't previously have any infections. 

    I would rate Zscaler Internet Access as nine out of 10. It is a very good solution.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Global Head of Information and Cloud Security Architecture
    Real User
    Top 20
    Great user experience, issue-free, and has good web filtering
    Pros and Cons
    • "It is easy to set up the solution."
    • "In terms of user experience, it could be better."

    What is our primary use case?

    We are using the solution for internet security. It's mostly web-based filtering.

    We are into this modern world, meaning, we are working from home in hybrid scenario. Due to the pandemic, we have seen a lot of shifts towards a hybrid model of work. That provides lots of challenges in terms of security including, how to protect the users' machines and other devices. That is one of the core use cases. Wherever you are, you need to be protected. However, the traditional approaches such as a legacy-based proxy system won't work. 

    If we have some kind of critical systems, we need to figure out how we can provide the access to all these users, all these remote or roaming users, access to these critical areas, and we need to eliminate those legacy-based VPNs. Zscaler is doing it best. Zscaler offers the best service since you are protected wherever you are.

    What is most valuable?

    The internet access is great. It offers good web filtering. It has DLP features. We can monitor our networks with ease. We can monitor the usage, bandwidth, chop, chalking, all these things we can monitor. On top of that, it is providing advanced threat protection ATP, which means any kind of malicious network or malicious payloads that are going through our network can be detected and it can be blocked. We can have a certain kind of block list. There are multiple levels of features.

    We have fewer issues with Zscaler.

    In terms of user experience, that is also excellent. 

    In terms of reporting to senior management, it gives us a clear picture of what needs to be achieved about that solution.

    It is easy to set up the solution. 

    The solution is stable.

    It is a scalable product. 

    What needs improvement?

    In terms of user experience, it could be better. It all depends upon the configuration, though. At the moment, they are one of the best. In terms of room of improvement, it depends upon the specific use cases of the customers.

    For example, it might be that some of the users are having some kind of connectivity issue. It depends upon how those users are connected. It may not be a product issue. Or maybe they are using a VPN. Local banks won't allow connectivity to their application over a VPN or over a cloud-based proxy service, for example. In some countries, the local banks restrict these kinds of communications. There needs to be some whitelisting done to get those users connected. 

    For how long have I used the solution?

    At the moment, we are trying to onboard that solution. In my previous organization, I have used that solution. In my current organization, we are trying to onboard the solution.

    What do I think about the stability of the solution?

    It is a stable solution. I never faced any kind of downtime for my critical services. They have a higher availability. If one of the locations goes down, automatically, it'll scale to a preferred location.

    What do I think about the scalability of the solution?

    The solution scales very well. 

    In the last three or four years, there has been a shift towards this product. We likely will increase usage. 

    How are customer service and support?

    I've never directly dealt with technical support. My team handles any issues and would deal with them directly.

    How was the initial setup?

    It is easy to set up. However, you need manpower and you need a team to deliver these kinds of things. It's not a plug-and-play thing. It has lots of configurations. We need to deploy the agents. We need to set up those configurations. If we have multiple offices, we need to understand the routing and what mechanisms are in place. That's why it takes a team.

    The length of deployment depends on the company and environment. You're looking at the number of networks, the number of servers. 

    What's my experience with pricing, setup cost, and licensing?

    I can't speak to the costs. I don't handle the licensing. 

    What other advice do I have?

    I'm a customer and end-user. 

    I'm not sure of the exact version of the solution.

    Zscaler is a cloud service provider, so they are hosting their services on their own cloud. They might be using the public cloud. I'm not sure. However, it's not an on-premise solution. It's a cloud-based proxy.

    You need to perform that due diligence. You need to understand your use cases, including the number of users and how many are working from home or roaming, et cetera. You need to understand hosting, and how to protect servers. There's a lot of understanding you need to have before you can begin implementing anything.  

    I'd rate the solution eight out of ten. 

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Gregor Burow - PeerSpot reviewer
    Channel Alliances Leader Germany at ALE
    Real User
    Top 10
    A stable solution with good security but needs to do more to address phishing emails
    Pros and Cons
    • "The security is excellent."
    • "I don't know whether it's Zscaler or not, however, sometimes I can't access my time management. I need to wait and try again a few hours later. Typically, if I let some time pass, I can access it again."

    What is our primary use case?

    The product is an endpoint solution for private and internet security. I use it myself in my home office. I'm in sales. I use it as an endpoint solution for my laptop, for my device, in order to get access to some internal service applications, such as pricing and time management tools.

    What is most valuable?

    Zscaler is a very stable solution.

    The security is excellent.

    What needs improvement?

    I don't know whether it's Zscaler or not, however, sometimes I can't access my time management. I need to wait and try again a few hours later. Typically, if I let some time pass, I can access it again.

    From time to time, there's instability in terms of the user experience. I don't know whether it's Zscaler or the time instrument server itself. I don't know the root cause here, that this is the only thing, that causes me issues. Otherwise, I'm quite happy with it.

    The solution should do more in regards to handling phishing emails. They maybe should pair with a solution like Palo Alto in order to offer a more holistic view of the security and offer behavioral analytics or endpoint protection, etc., and all from one vendor. Data Lake, for example, is a product that gets the information and gives feedback to the user. There seems to be a high volume of phishing emails that we get, and I'd like to understand what the company is doing to address that. Zscaler seems like it's just a bit too static.

    For how long have I used the solution?

    I've been using the solution for four years.

    What do I think about the stability of the solution?

    Aside from issues I've had accessing time management from time to time, it seems to be a stable solution.

    What do I think about the scalability of the solution?

    The question of scalability would be best posed to our CSO. However, my whole team uses it. It's been scaled in our organization to a very small extent. In that sense, it was easy to scale. 

    I don't know the maximum capacity, however, it's my understanding that the solution is suitable for organizations like us with about 3,000 employees.

    How are customer service and technical support?

    We have our own technical support. I've never directly contacted Zscaler in order to get assistance.

    I purely go to our first level of support. Any issues I've ever had have been solved on the first or second level. It's my understanding, that if the issue exceeds a certain level of support, it would be forwarded to Zscaler. However, I've never had issues of that nature. The only issues I've dealt with have been rather easy to solve.

    Which solution did I use previously and why did I switch?

    We were previously using Pulse Secure in our organization. I needed to switch it on and off. On top of that, certain applications I could not reach. This was slow and proved to be unstable.

    Zscaler, on the other hand, is more stable and also more secure.

    How was the initial setup?

    The initial setup was straightforward. It wasn't complex at all.

    My understanding was that the deployment itself happened pretty quickly.

    There was an announcement from our security, and by our CSO. Then it was rolled out and Pulse Secure was turned off. There was a migration phase in the project and that's it. It all happened rather fast.

    What's my experience with pricing, setup cost, and licensing?

    I don't handle billing or payments and therefore don't know the exact pricing of the solution of what exactly our organization pays.

    Which other solutions did I evaluate?

    I wasn't involved in the decision-making process when it came to looking for a solution.

    What other advice do I have?

    We're just a customer.

    I would recommend other users also have a glance at other solutions. Options like Prisma Access by Palo Alto or Check Point may be ideal, depending on the needs of the business.

    Zscaler seems easy to understand and easy to use, however, there is probably some room for improvements. At my former company, we were using Check Point. This was also pretty good. Zscaler seems more modern, however, I'm referencing an experience from some 10 years ago.

    Overall, I would rate the solution seven out of ten.

    Which deployment model are you using for this solution?

    Hybrid Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Elvin Castellanos - PeerSpot reviewer
    Server Administration / Security Officer at a manufacturing company with 501-1,000 employees
    Real User
    Top 20
    Delivers safe web access for our remote employees, increasing cybersecurity and saving us time
    Pros and Cons
    • "We don't have to buy equipment to use it. And when our engineers set it up on our side, we just configured a few settings and we were in."
    • "I would like to see more training and video documentation."

    What is our primary use case?

    Because some of our employees need to work remotely, due to the COVID-19 pandemic, we were looking for a solution that would keep them safe. We have a Cisco ASA firewall in our company, but when people work remotely they can't be protected by that solution. That's why we decided to go for a WAF.

    How has it helped my organization?

    Zscaler has helped protect our employees wherever they are working, by delivering safe web access. We are doing the same things that we were always doing at our company, and in the same way, but now we are functioning safely outside of our premises. We were already able to work remotely using the Cisco agent, but the Zscaler agent is an improvement at the cybersecurity level.

    Another benefit is that we are not managing all the backend infrastructure and that saves 10 to 15 percent of our time in terms of productivity.

    It has also reduced the time we spend managing security policies. That's very important because it means that our engineer can spend time focusing on other business activities. The solution is saving 15 to 20 percent of our engineer's time, per day.

    What is most valuable?

    Some of the most valuable features are that, as a remote solution it is 

    • lightweight
    • very easy to set up and configure
    • the protection is in the cloud. 

    We are agnostic when it comes to what they are doing. We don't have to buy equipment to use it. And when our engineers set it up on our side, we just configured a few settings and we were in.

    What needs improvement?

    I would like to see more training and video documentation.

    For how long have I used the solution?

    I've been using Zscaler Internet Access for about two months.

    What do I think about the stability of the solution?

    It's very stable. We haven't had any issues so far.

    What do I think about the scalability of the solution?

    The scalability is also very good. We have about 300 users. We gradually want to move all 800 people in our operation over to Zscaler and to remove the local solution.

    How are customer service and support?

    The technical support we get from them is great. The guys know what they're doing.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    With our legacy system, a VPN solution from Cisco called AnyConnect, we have to buy licenses and equipment, as well as storage in a data center. With this cloud solution, we just pay a fee and it's easy to use. Digital transformation is very important to us because it is a corporate objective. We started with Microsoft 360, and Zscaler is another brick in the wall, in that direction.

    We are planning to downgrade our firewall and just keep Zscaler. We're not going to save money with Zscaler, but we are aligning with the corporate objectives by using it.

    How was the initial setup?

    It's easy to set up. It took my network engineer about one week to prepare the environment, and our software network engineer is the person in charge of keeping it going.

    What about the implementation team?

    We had a local provider, SISAP, help us. They are a business based in Guatemala, with an office here in Honduras. They worked very well.

    What's my experience with pricing, setup cost, and licensing?

    The price is competitive. It's not cheap and it's not expensive.

    Which other solutions did I evaluate?

    We looked at Cisco Umbrella as an option. But because our organization is part of a corporation that was already using Zscaler, we're aligning ourselves with our headquarters' implementation by going with this solution.

    What other advice do I have?

    Zscaler is a great solution. We have a very good representative here in Honduras and it was easy to set up. It's a very strong solution with the cloud infrastructure that meets our needs and most of the needs of our users. We are very happy with the solution.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    ForrestWu - PeerSpot reviewer
    Sr. Manager IT at a non-profit with 51-200 employees
    Real User
    Top 10
    Provides another layer of protection when a user goes to the Internet to browse or download something
    Pros and Cons
    • "Zscaler Internet Access has helped us reduce the time that we spend managing security policies by about four hours a week. We can use this time to focus on other things, especially the IT team."
    • "They could provide more time for the onboarding the training of an IT person."

    What is our primary use case?

    We have Windows 10 laptops. We wanted help securing our laptops for remote work, but we don't have the server for this infrastructure. Whereas, with this solution, the cloud server is managed by Zscaler. 

    It is a pretty lean solution. We only need to manage the agent and some very small tools on the laptops.

    How has it helped my organization?

    Currently, we have an on-premise firewall. However, most of the time, users are not working in the office. Therefore, we need to use something, like a Secure Access Service Edge (SASE), to help users. So, we are trying to protect users without a corporate firewall.

    We just wanted laptops to have more secure features to help users and protect the company's data. There are two major things deployed on our laptops: Zscaler Internet Access and endpoint detection response (EDR).

    Zscaler Internet Access has helped enable our digital transformation.

    What is most valuable?

    When you try to access suspicious websites, they will give you a warning. This helps us with user access without our office network.

    Its cyberthreat protection is important for our needs. We use it for Internet access control, e.g., accessing web pages. We also use it when a user downloads or uploads files from the Internet.

    When a user goes to the Internet to browse or download something, it is secured by this tool. This is important to us because it is another layer of protection.

    What needs improvement?

    They could provide more time for the onboarding the training of an IT person.

    We did run into some compatibility issues. We just needed to test its configurations on the web portal and that detected the issues.

    For how long have I used the solution?

    I have been using it for half a year.

    What do I think about the stability of the solution?

    We haven't had any issues with stability.

    No maintenance is required.

    What do I think about the scalability of the solution?

    We have 120 users. We have never tested it to go above 1,000 users. It shouldn't have problems because it is an agent working on the laptops using a centralized online server. 

    How are customer service and support?

    The technical support is very good. We create a ticket every week or two.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We didn't have an Internet access control solution previously, only anti-malware for endpoint protection.

    Our legacy systems only protected our on-premise network.

    How was the initial setup?

    The initial setup was straightforward. It took about three days to set up.

    What was our ROI?

    Zscaler Internet Access has helped us reduce the time that we spend managing security policies by about four hours a week. We can use this time to focus on other things, especially the IT team.

    Versus deploying and managing traditional network security hardware, the solution has saved us about four hours a week.

    The solution has helped us reduce the number of infected devices in our organization by proactively preventing attacks because some users were unaware of some malware sites.

    Which other solutions did I evaluate?

    We evaluated two or three different vendors, but finally selected Zscaler Internet Access due to its reputation. Also, the GUI for Zscaler Internet Access was very clear when we tested it.

    What other advice do I have?

    We are not using the solution for data loss prevention.

    When you select this product, test it with other tools running on your machine to ensure there are no compatibility issues between different products.

    I would rate it as nine out of 10.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Ashish Kumbhar - PeerSpot reviewer
    Senior Product Manager - Cyber Security for Middle East, Central Asia and Africa Region at Tata Communications Ltd
    Real User
    Provides integrated CASB and file sandboxing but could be less expensive
    Pros and Cons
    • "The cloud proxy and integration are some of the key features. Since there is cloud waste, we can quickly provision it and start working on the configuration. On top of that, they have added a few more features. They have integrated CASB, and file sandboxing is part of it."
    • "The solution is expensive. They recently revised the pricing and packaging. Some of our existing customers have been asking for alternate solutions for a lower price."

    What is our primary use case?

    We are using the latest version of the solution. It's deployed on a private cloud through Zscaler.

    We mostly use this solution in the distributed network where direct internet access has been growing. There are a lot of branches connected with their own internet access, so the solution secures the connectivity at remote locations. There's a very large network with many branches and users working across the globe.

    There are about 5,000 people using this solution in my organization. Technical support uses this solution 24/7. We have an operations team and a monitoring and management team.

    How has it helped my organization?

    This solution helps to protect our network.

    What is most valuable?

    The cloud proxy and integration are some of the key features. Since there is cloud waste, we can quickly provision it and start working on the configuration. On top of that, they have added a few more features. They have integrated CASB, and file sandboxing is part of it.

    We have used this solution for three years. We have seen a lot of traction in the market and a lot of users adopting this solution. We're able to control or manage all the remote locations from one place. When a user is traveling from one location and is connected to the internet, it connects to the bigger cloud and relevant policies will be applied to the user or the device. We have expanded the base from very few users to a large number.

    What needs improvement?

    The solution is expensive. They recently revised the pricing and packaging. Some of our existing customers have been asking for alternate solutions for a lower price.

    For how long have I used the solution?

    I have been using this solution for about three years.

    What do I think about the stability of the solution?

    It's stable.

    What do I think about the scalability of the solution?

    It's scalable.

    How are customer service and support?

    Sometimes I feel that the Zscaler team is a bit lacking. The response is slow sometimes.

    I would rate technical support three out of five. 

    How was the initial setup?

    Setup isn't complicated.

    I would rate setup as four out of five. Setup took a couple of hours because of some of the requirements. It can take up to a month depending on how many policy configurations need to be done and how many users there are.

    What about the implementation team?

    Deployment was done in-house.

    What's my experience with pricing, setup cost, and licensing?

    There are multiple bundles: enterprise, business, and transformation. Transformation includes all the features, but recently I've seen a few more line items that are additional costs. Overall, it's expensive.

    They have standard bundling and additional licensing, which is a high cost.

    Which other solutions did I evaluate?

    We also evaluated Blue Coat. We have used Forcepoint too, but there were a lot of support challenges. That's why we went with Zscaler.

    What other advice do I have?

    I would rate this solution as seven out of ten. 

    The product is pretty good. They are the leader, as far as Gartner Magic Quadrant is concerned. The functionality and bundling are good, but the pricing isn't great. I think Netskope is competition because of their features and better pricing.

    The competition offers more flexibility. This is a cloud solution, so a lot of banking customers and government customers are a bit reluctant to use it. Some of the competition has the on-premises model as well. Zscaler could also work on their bundling, packaging, and pricing.

    Which deployment model are you using for this solution?

    Private Cloud
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Download our free Zscaler Internet Access Report and get advice and tips from experienced pros sharing their opinions.
    Updated: September 2022
    Buyer's Guide
    Download our free Zscaler Internet Access Report and get advice and tips from experienced pros sharing their opinions.