Zscaler Internet Access Reviews

It's primarily for end-user access to the public internet. We use the proxy functionality and the URL Filtering.

We have a global policy for all our users. While there are a few categories of URLs that we are not allowed to do SSL inspection on, the primary function for us is to do SSL inspection so that we can make use of the built-in anti-malware and antivirus—the advanced-threat features—within the platform. We do SSL inspection of some 80 percent of all the traffic and we can evaluate if it's malicious or not.

It is a cloud solution where pretty much everything is handled by Zscaler.

Zscaler has helped to reduce the time we spend managing security policies. That is very important to us. A lot of the features it has are AI-based decision-making. For instance, if we implement a sandboxing rule for how files of a certain type should be inspected, we also can activate the AI decision-making process. That way, even if a file is new to the sandboxing environment, it can still see that it is a PDF and has these and these characteristics. Based on that, the AI says that "No, this file is not malicious," even though it normally would have been quarantined and sandboxed and have gone through the whole analysis process. The AI helps out in minimizing the time to do that analysis. And that also helps in reducing the burden of someone actually having to do things manually.

If you count everything that was involved in managing the appliances, the lifecycle management, and support contracts, in our old environment, we have reduced the number of FTEs managing the environment from five or six to about two.

It has also definitely helped reduce the number of infected devices in our organization by proactively preventing attacks. Since we scan almost all of the traffic, we now see how much of the traffic is "malicious." In our environment, we block about 1.6 million threats every quarter, but we don't know the severity of those threats. Maybe 1 million of them are malicious content in some way, while half a million are adware. But there are real threats that are being blocked, like botnet callbacks, cross-site scripting, and browser exploits. On average, we are blocking about 500,000 threats per month. 

There are a bunch of different capabilities that are valuable within the platform. We use quite a lot of them, but not everything. The ones that are most important to us are the URL Filtering and the application control. 

For our needs, the cloud-native proxy architecture is a very good solution. We are moving away from on-prem appliances and moving more toward cloud-based solutions. Zscaler is a good fit for our strategy. This architecture helps with cyber threats because we inspect most of the traffic and we can see that a lot of threats are stopped directly in the secure web gateway. But there are parts of it that we don't use yet, like the DLP functions. Instead, we are using the Zscaler Cloud Sandbox feature for content that is downloaded as files. We detonate the document in a sandbox and see if it's malicious or not.

It's a very easy-to-learn and easy-to-use platform, even for me as a more non-technical person. I'm still able to do a lot of work in this platform.

The reporting functionality could be a bit easier to use. There is a reporting function, but it's quite hard to do any good reporting, from a user-management perspective. For example, if a department manager wants to know how his department is using the web, there is a way to get the data, but it's quite cumbersome to get it and show it well. And that's true for comparing between departments. It's quite hard to get a good report. 

Another issue is that the API documentation could be a bit more up-to-date. They're implementing stuff, but not updating the documentation all the time.

We have been using Zscaler Internet Access for the last five years.

Since we have global reach, we are seeing a bit more instability in Asia, primarily in China, but I'm not sure that it's related to Zscaler. I think it's more due to how China does things in terms of internet access.

It scales very well, if you go for the cloud-based solution alone. In certain regions in the world, we have started to implement local appliances, like a VEN node, where we don't have good coverage from Zscaler's public data centers. But if you only use the public data centers, it's getting a lot better. A while back, there were 35 or 40 data centers that we could use globally, but now there are over 80. So the scalability is quite good for us.

Zscaler's technical support team is good at what they do, and they help us fix our problems quite fast. I would rate them eight on a scale of one to 10. There's always room for improvement.

We have had issues from time to time where they don't really see our problem as a problem, but we, as a customer, are being affected. They have a few different ISPs that take care of traffic to and from their data centers, and when their ISP is not performing, we, as customers, are suffering. There have been occasions when we have seen that our traffic is being routed very strangely within the Zscaler network, but they don't see that as a problem. We do, because all of a sudden, all of our Swedish users are going to the data center in Norway instead of Sweden. For Zscaler that is not a problem because they are still doing their job. But for our users, it's complicated because Norway is not part of the European Union, whereas Sweden is. If they go through the VEN node in Oslo, Norway, we cannot reach stuff that is EU-regulated, such as export and import functions within the EU. That is a big part of what we do. At times, it has been hard to get the Zscaler TAC team to understand that this is a problem for us, as a company.

Positive

We used to have an on-prem solution doing pretty much the same thing as Zscaler, but as our strategy is cloud-first and internet-first, we thought that we should also use a cloud-based solution. We started to look at the alternatives, five or six years ago. What we saw was that there was only one, at the time, that was mature enough for our needs.

Since then, Zscaler has evolved quite a lot. In the beginning, there was no Zscaler Client Connector, an agent on your computer. It was all cloud-based, but that changed about a half a year after we started to use Zscaler. We assessed whether Zscaler fit our needs or not and we saw that for 75 or 80 percent of our needs, it was a good fit. Some aspects were not mature back then but they have matured over time.

The initial deployment was quite straightforward. I wasn't really on board at the time the implementation of Zscaler took place, but overall, when new features and functionalities are added to the product, it's quite straightforward to implement them and to roll them out to large user groups, or globally. From a rollout perspective, it's quite easy to use.

Initially, one of our demands was that everything should be cloud-based, meaning we shouldn't have any agents on each computer. We learned the hard way that such an approach doesn't work well, because you need something to control the path from the user's computer to the Zscaler cloud. You need to be able to steer how the traffic goes. You can do that with PAC files. But ultimately, together with Zscaler, we figured out that a client was needed, at least for our needs.

Zscaler has helped us save costs by enabling us to decommission all of our legacy proxies. We had at least nine locations with appliances, and we had multiple appliances per location. It has helped us save money.

We have also seen ROI in terms of the cost of both the lifecycle management and the service and support contract that we previously needed. We have saved quite a lot there. I don't know the exact numbers, because I'm not in charge of the finances, but if you count the resources needed to manage the platform, we have saved up to 45 or 50 percent of the cost we used to have.

Back then, there weren't many other cloud-based solutions available. There were hybrid models, but we wanted a completely cloud-based solution. 

At the time, Symantec had the beginning of a cloud-based solution, but it was very immature and it didn't work as well as Zscaler. Zscaler had been around since around 2010 and was five years into their journey, while Symantec was only a year or two into their journey. We opted for the most mature at that time.

Since then, we have looked at other solutions, including Netskope and a few others. They are similar in their design, but Zscaler has features in its design that make it stand out from the competitors. For instance, their scanning methodology is something like, "Scan once, analyze many times." That means there is a one-time scan of the traffic, but with multiple different threat engines, for antivirus and anti-malware, et cetera. And they do it only in the RAM memory of their cloud solution machines, which makes it super-fast. They can scan a lot of traffic in a very short amount of time. That part is something that a lot of other vendors are not doing. They're scanning in sequence, not in parallel.

Make use of the Zscaler Client Connector as much as you can, with all of the functionality that comes with it. Also, do not allow the users to disable the Zscaler Client Connector, because then you don't know if traffic is actually going through Zscaler or not. If it's always on, you know that if something is not working, it's your policies that are doing something to the traffic. We used to make it possible for a user to disable the Zscaler Client Connector, which then made it impossible for us, as the team that troubleshoots problems, to know if the traffic was actually going through Zscaler or not. If you don't have that control, you don't know where the problem is. Now, at least we know that it's either on the client or it's on Zscaler or it's on the destination that they're trying to reach.

As for saving time with this system versus deploying and managing traditional network security hardware, it depends on how you build your management of the solution. We have opted for a solution where we manage everything centrally. We have one IT team that manages all of the Zscaler Internet Access policies and settings. But there is an option, and it's one of the strengths of Zscaler, to delegate control of parts or all of the solution to other teams. For instance, you could have URL Filtering policies that are managed by a local IT team in a given country. We don't do that. We manage everything from one team and we control everything, for our whole organization, from this management platform. We control the forwarding policies, the application access policies, the URL Filtering policies—pretty much everything.

The main use cases that our clients typically have and why we propose and implement the solution is for a proxy solution. It's designed to create a proxy site-to-site tunnel between the computer trying to access any resources on the Internet or within the offices. Most organizations have a significant number of remote workers - around 30 to 40 percent of their workforce is remote - and they log in from different locations globally, such as Japan, the US, Europe, and Asia. So they need one solution to cover these remote locations and provide a proxy solution.

In addition, we need to have minimum bandwidth latency, and Zscaler is the most suitable product we see. Whenever a customer comes to us with a large geographical spread in terms of their workforce, we propose and implement this solution across the cloud, as required.

One feature that is valuable to me from an implementation point of view is that it's very easy to implement. We just had to route in some IPs, and it automatically hops into the nearest Zscaler nodes, which they call it. They have more than 150 nodes across the globe. Essentially, if I'm trying to access a server in India at this point in time, and the server I'm trying to access is somewhere in Singapore or Tokyo, it creates a lot of internet latency. But with Zscaler, it's not the case because they have a server in almost every major hotspot in the world. In India, if you're connecting, they will automatically route to their nearest server. Since they have servers in so many places in the world, we can easily configure them to the nearest server. 

The end-user who's using it doesn't feel the latency, and it's really minimal, less than three milliseconds, six milliseconds, whereas the competition has more than ten milliseconds and eleven milliseconds as latency.

There are a couple of areas of improvement in the solution. Firstly, there are some performance issues when we add on additional controls. Zscaler Internet Access is a plain vanilla solution that allows you to add CSV or DLP on top of it. However, once you add these modules, the performance degrades for a bit, and the latency increases significantly. We're talking about a two-fold or three-fold increase in latency. They need to work on this. So the performance goes down when using a lot of features simultaneously.

Moreover, the implementation interface is not very good. It has some minor bugs, and it's not properly streamlined. However, these are not software issues that cannot be resolved. A simple reboot or a call to the reseller personnel can guide you in resolving these issues. But the experience can be more seamless if the interface is improved.

I have hands-on experience with Zscaler Internet Access, a cloud proxy solution similar to Cisco's proxy solution.

We've been working with Zscaler Internet Access for almost three years now. We use the basic Zscaler Internet Access with add-ons like CASB and DLP. This is the solution we sell and implement the most.

I would rate the stability an eight out of ten. 

It is a scalable solution. I would rate it a ten out of ten. There are more than 15,000 users under different organizations. They are small and medium-sized businesses. The largest organization that deployed Zscaler had 8,000 users. 

The customer service and support team is good. 

Positive

I would rate the initial setup an eight out of ten, where one is difficult and ten is easy. The deployment process is quick, around 6 to 8 weeks. But that depends on the geographical locations we need to cover. If we only need to cover two to three locations, it's good enough.

The deployment process involves building the Zscaler package, which can be vanilla or vanilla plus bundle, and then remotely pushing it to the client machine using Microsoft Intune or whatever it is. Meanwhile, we have to build the configuration and policy based on the client's requirements.

First, what we do is we build the ZScaler package. The package includes the features that will be going through the solution. Once the package is built, it is pushed into the endpoints or machines, such as computers, laptops, and desktops, through Microsoft Intune or SCCM, or any other patching solution that they have. Meanwhile, we configure Zscaler to the nearest hub that the reseller has. They have more than 150 nodes across the globe, so we configure the nearest hub for them. Once that configuration is done, we have established a connection, and the systems have gone online, then you can actually use the solution.

So, it's basically a two-step process. Rolling out the package, rolling out the agent, and configuring the reseller to the nearest hub. That's it. It's a smooth process.

Zscaler is transparent about its pricing model. However, it is not a cheap solution. I would rate the licensing model a seven out of ten. 

My advice, generally, is that if a client has a growth prospect with an increasing number of employees moving across the globe, then Zscaler advises having a product that is scalable and fast. By fast, I mean it has low latency, making it very scalable. Zscaler Internet Access is a completely cloud-based product and is highly scalable. It is a reliable solution to have in your IT stack. 

Overall, I would rate Zscaler an eight out of ten. Zscaler Internet Access is highly scalable and has low latency, making it one of the most reliable products with good market support and presence. I rated it an eight and not a ten because there are a couple of constraints in scaling certain things. For example, some customers, such as federal institutions of the US, state of clutter, or some banks, want an on-premise solution. They want more control because Cloud will always have a security issue somewhere or the other, and Zscaler Internet Access does not have an on-prem solution. Also, when you increase the features, it does lag a bit, which should not happen.

Our customer already had the product, which they got from another vendor. They were facing some issues with their existing policies. Our role was to optimize the policy. So we optimized Threat Protection, DLP, and CASB policies per the customer’s requirements. In their environment, G Suite was completely allowed for some users, but they wanted only to allow a specific corporate domain. As per the recommendation, CASB policy must have been in place, but it wasn’t. So we optimized the tool as per their requirement and delivered it.

The product has different modules like SWG, CASB, DLP, and Threat Protection. The most valuable feature of the solution is SWG traffic. The product is very good in web traffic.

Cloud App’s database should be improved. Currently, they only support and provide granular controls to around 1000 cloud applications. In Netskope, it is more than 3000. Around 65,000 applications are visible to the users in Netskope, but Zscaler only supports around 3000 to 4000. Cloud App is not good. UI is not as easily understandable as Netskope. Netskope has a source, destination, and action policy. In Zscaler, we have to click multiple tabs to get it. It's a bit tricky compared to Netskope. Once we understand it, it's simple.

I have been using the solution for four to five months.

I rate the solution’s stability an eight out of ten.

I rate the product’s scalability an eight out of ten. Currently, the product is facing major issues in scalability because the company is over ten years old. The data center they have in India goes down frequently. VLANs also go down frequently. Due to this, the product gets turned off completely, and sometimes, the users go to different traffic. If it’s an on-prem user, they go via a firewall, which increases the pain for the customers. They have a problem with DC. VLANs go down sometimes. That's why the user faces complete disconnection issues for the proxy. Two people in the organization are using the solution.

The initial setup is straightforward. It is just a plug-and-play process. When the Zscaler client is installed on the machine, it works like a normal proxy. They're connected to the cloud. The solution is deployed on all the users’ machines, and the management and policy creation is done at the cloud level. It's a cloud proxy.

The deployment is just a plug-and-play process. The policy is very simple.

We acquired a customer for optimization. Overall, I rate the product a seven out of ten.

We can use the solution for users that are working from home. It allows us to manage control over security. We install an agent and can set the domains that are allowed on the network. It helps ensure security.

It can be easily accessed by the cloud. Users can easily work from home while maintaining company security.

The servers are hosted in the cloud, and it maintains security for Azure. It's like having double security - one for the cloud and one for the user.

It is simple to use. We can create multiple tunnels with ease. It's simpler to use than a VPN.

The solution is stable.

We'd like for them to include some sort of antivirus tool. It would help if that came bundled with this product from a security standpoint. 

We'd like to have a server connector without ht need for multiple micro tunnels. 

We just completed a POC. I just started with the company.

The stability is good. The solution is reliable. We've had no issues with stability. I'd rate the stability eight out of ten.

We have almost 300 users.

I'd rate the scalability six out of ten. The policy creation is difficult. It's complicated to add them, and therefore scaling may take a while. 

I don't really deal with technical support. We get support from a third-party vendor, not Zscaler directly.

We have used a different solution in the past. Zscaler, we can deploy on VM servers.

We've only completed a POC and plan to roll out a full implementation soon. In the past, I have implemented it completely as well. We are planning to deploy for the sales users first. 

It's not a difficult process. Once the agent is installed, it needs to be verified with the console. The deployment takes between 30 to 45 days, depending on the level of support needed to complete the task. The issue is our sales team are work from home users. That can make the process longer. 

We also need to create user policies before the full deployment happens. Different policies are needed for different users. We may need to create three to four different policies for different user sets. 

We have a third party that we get the solution. 

We have yet to receive the cost from Zscaler. We've only done a POC. My understanding is the solution is reasonably priced. I'd rate the pricing eight out of ten.

We are an end-user. We may be a future partner.

It is good for a small environment of 80 to 100 users. I'm not sure if it works for very large organizations. This solution requires less maintenance and makes server access easy - instead of, for example, standalone VPN access.

I'd rate the solution ten out of ten.

I like the granularity of the control of all the traffic, including SSL inspection. I also like the fact that the user interface is intuitive.

The latencies with Zscaler are minimal compared to those of any other competitor. Other competitors do not really have the global scale that Zscaler has and cannot promise low latencies.

Zscaler should continue to make the user interface better. They should also improve the backup network and continue to expand it so that it can handle larger numbers of customers.

We've been working with this solution since 2017. Our customers use a cloud deployment of this solution.

The stability overall in the developed regions, such as the US and Europe, is fairly good. In certain regions, such as South Africa, Zscaler has not been stable for some time.

It is easy to scale. Additional sites and licenses can be added quickly and easily.

Zscaler's technical support is not too bad. They have been helpful when I have had issues, but I have not had to contact them much.

The initial deployment process is quite easy. I've implemented Zscaler Internet Access in large, multinational corporations and recently at a company that is in 64 countries in the world. The deployment is always fairly quick. I have also worked with smaller clients, and Zscaler deployment is even easier in these cases.

Zscaler is an expensive solution, but it's worth the price. 

Their services are unmatched by competitors. Some may come with half the features that Zscaler can offer and be much cheaper. However, they do not have the global coverage that Zscaler has, and they will not provide the same low latencies and the same speeds that Zscaler can.

My advice would be to ensure that you have a good implementer and reseller who can provide guidance. The reseller should be aligned with those who work in security and needs to be aware of anything that might need an exception that needs to be created. This will help avoid any surprises when the solution is live. The other important aspect to consider is training.

Overall, I would rate Zscaler at eight on a scale from one to ten.

We are using the latest version of the solution. It's deployed on a private cloud through Zscaler.

We mostly use this solution in the distributed network where direct internet access has been growing. There are a lot of branches connected with their own internet access, so the solution secures the connectivity at remote locations. There's a very large network with many branches and users working across the globe.

There are about 5,000 people using this solution in my organization. Technical support uses this solution 24/7. We have an operations team and a monitoring and management team.

This solution helps to protect our network.

The cloud proxy and integration are some of the key features. Since there is cloud waste, we can quickly provision it and start working on the configuration. On top of that, they have added a few more features. They have integrated CASB, and file sandboxing is part of it.

We have used this solution for three years. We have seen a lot of traction in the market and a lot of users adopting this solution. We're able to control or manage all the remote locations from one place. When a user is traveling from one location and is connected to the internet, it connects to the bigger cloud and relevant policies will be applied to the user or the device. We have expanded the base from very few users to a large number.

The solution is expensive. They recently revised the pricing and packaging. Some of our existing customers have been asking for alternate solutions for a lower price.

I have been using this solution for about three years.

It's stable.

It's scalable.

Sometimes I feel that the Zscaler team is a bit lacking. The response is slow sometimes.

I would rate technical support three out of five. 

Setup isn't complicated.

I would rate setup as four out of five. Setup took a couple of hours because of some of the requirements. It can take up to a month depending on how many policy configurations need to be done and how many users there are.

Deployment was done in-house.

There are multiple bundles: enterprise, business, and transformation. Transformation includes all the features, but recently I've seen a few more line items that are additional costs. Overall, it's expensive.

They have standard bundling and additional licensing, which is a high cost.

We also evaluated Blue Coat. We have used Forcepoint too, but there were a lot of support challenges. That's why we went with Zscaler.

I would rate this solution as seven out of ten. 

The product is pretty good. They are the leader, as far as Gartner Magic Quadrant is concerned. The functionality and bundling are good, but the pricing isn't great. I think Netskope is competition because of their features and better pricing.

The competition offers more flexibility. This is a cloud solution, so a lot of banking customers and government customers are a bit reluctant to use it. Some of the competition has the on-premises model as well. Zscaler could also work on their bundling, packaging, and pricing.

It's a proxy solution, and we use it for reverse proxy, DNS security, and storage security.

The users are at different locations, and Zscaler helps us to put the organization's central security controls on these roaming users.

The performance needs improvement. Some areas create performance issues and, depending on the use cases, require reconfiguration to perform again.

I've been using this solution for one and a half years.

It's on Zscaler cloud.

I find Zscaler to be very stable.

It's very scalable because it's the cloud version. We have 100,000 users across all levels.

I would give technical support an eight out of ten.

Positive

We previously used Westcon-Comstor, which was on-premises, but with Zscaler, we moved to the cloud solution.

The initial setup was pretty easy. The deployment took about three months.

Our team of two members along with Zscaler's team implemented the solution.

We have seen an ROI. This is a well published product, and you get value for your money.

Because it's a cloud solution, we pay on a yearly basis. It is affordable and includes tech support and all features.

Each use case is different, and you have to evaluate it and take the risk.

On a scale from one to ten, I would rate Zscaler Internet Access at nine.

The product is an Internet proxy solution. We use it to manage our users' Internet access, making sure that they don't go to the wrong site. We also use it for data loss prevention.

The main benefit that we have seen is performance improvements based on not having to backhaul traffic and getting cloud services closer to the user.

It provides a modern, cloud-first model. It allows the users quick access to the cloud, depending on where they are in the world. We have users all over the world who access cloud services in their native regions. Previously, we had to backhaul the traffic to our data centers somewhere in the world, then go back to that region. Now, we don't have to do that. A user and data stays within that region. There is no latency there.

It allows us to inspect all our traffic, including SSLs. This is extremely important because most sites use SSLs nowadays. Putting non-SSL inspected data directly into the source would mean that there is a potential for data loss. 

Protecting our customers' data is our number one priority. The data loss prevention rules that we have in place make sure that there is nothing within the packets relevant to our customers. 

The data loss prevention feature is the most valuable. It stops our users from inadvertently leaking our customers' data to the Internet or anywhere else it shouldn't go.

The cloud-native proxy architecture certainly seems fast enough. The performance is good. The multi-country nature of it allows us to keep the proxy closer to the user so a user's data doesn't transit as far as it would otherwise. It helps to keep latency down and the speed up. It also helps a little bit with cyber threats, but that is not necessarily its primary purpose for us.

Zscaler is constantly improving the network. They are adding new data centers and regions all the time. They listen to feedback, and based on where we tell them to go and put data centers, they add new data centers. For example, they created a couple of data centers in the Middle East, which has been very helpful for us.

One thing that they could improve is the ability to import rules from other platforms.

We have been using it for slightly more than a year.

Its stability is first-class. We haven't had any issues during the time that we have been using it.

It certainly scales to what we have asked it to do so far. We have over 50,000 users on it without a single problem.

From a technical support perspective, when we leave a ticket, the time it takes for them to close the ticket is very fast. Their resolution time is exceptional.

I would rate Zscaler Professional Services and technical support as eight out of 10. I am dropping two points because of some blanks in the time zone support.

Positive

We are using it with 20% to 25% of our business at the moment. We are migrating to it from our previous legacy platform.

It adds an alternate layer of protection. We were already using a very powerful tool to do this, but that tool wasn't quite as fast and smart.

It was very complex, but there was training provided by Zscaler. That was very good for understanding it thoroughly. It was complex because we had to make sure that all our rules from previous platforms were migrated over so all our users had access to the same things that they had access to in previous models. 

We aren't yet fully deployed. We have been at it for about a year and a half. We currently have over 50,000 users deployed and another 120,000 to go.

The only pain points that we have are self-inflicted because of our slow rollout of the product, which is not actually Zscaler's fault.

We had Zscaler Professional Services helping us for quite a long time at the start of the project. They made sure that everything was set up correctly with no holes. They were very good and first-class.

So far, it has not saved us on costs as a result of retiring on-premises technology, next-generation firewalls, legacy proxies, or MPLS links. Though, we are expecting it to do that going forward.

I have not been involved with pricing and licensing.

We evaluated several solutions.

Try it, test it out, and make sure it works for you. It is not going to work for everybody because it is not a zero-cost solution. However, it does provide significant benefits in terms of its latency and capability to inspect your traffic as well as keeping your customer data secure.

It hasn't saved us time as compared to deploying and managing traditional network security hardware because we already had everything in place from a traditional standpoint. We take security very seriously. Security is paramount to what we do. We cannot, under any circumstances, allow our customers' data to be compromised. So, we have all the correct things in place from a traditional standpoint. We are now modernizing, and Zscaler Internet Access allows us to do that. However, we will not compromise at all. We have to move slowly to it.

It has not reduced the time that we spend managing security policies. The security policies used on Zscaler Internet Access are the same ones that we used with our previous technologies.

It has not really reduced the number of infected devices in our organization because we already had preventions in place with other technologies. We didn't previously have any infections. 

I would rate Zscaler Internet Access as nine out of 10. It is a very good solution.