Zscaler Zero Trust Exchange Platform Reviews

We've so far recommended the solution in one or two engagements.

We work with customers who have various businesses like banking, finance, travel, et cetera, where we do a solution for them, a security solution for them. We are an IT service consultant company.

We generally use that product for the proxy setup, for URL dealing and blacklist blocking, and all that stuff. When the customer has a requirement where their workforce is very mobile or if they're on-premise and moving the workforce, we do recommend the Zscaler product.

There are also other cases. We extend other modules like CASB or another setup, where we say they can access the public cloud or send some data against the policy.

Scanning the internet traffic for any malware, et cetera, is quite useful. That is the primary use case. 

It is straightforward to set up.

The solution is stable.

It's scalable.

We would like to extend the SASE applications for Zscaler. We'd like to see more work in the area. In our understanding of it, SASE features are very helpful in extending to various other applications like CASB, DLP, et cetera, ensuring the network can be set up to be very agile. SASE adoption is a very prime focus for most customers due to its benefits.

We've dealt with the solution for a year and a half. 

For our use cases, we have found the solution to be reliable and stable. I haven't dealt with crashes or it freezing. There are no bugs or glitches. 

The solution is scalable. It's cloud-based, making it scalable and agile. It's great if companies are going through mergers and acquisitions. 

I've never reached out to technical support.

Before Zscaler, we used to use a lot of other products, however, when we were introduced to Zscaler we became confident it could meet the use cases. Due to its cloud features and cloud-based proxy, unless the customer has very specific use cases that don't include the cloud, it's one of the best products. 

The solution is straightforward to set up. There may be certain use cases where it may be more complex; however, largely, it is easy.

How long it takes to deploy depends on how the workforce is enabled and how they are deployed across, as well as whether they are in a single country or multiple countries. There are instances where we have deployed within a country within less than three months for a scale of 10,000 users.

We typically go for annual license payments.

I'm not a product seller. I'm a service seller. We are mainly a service integration team. We do recommend certain products. However, we don't sell products. I'm a consultant.

If it aligns with a client's needs, I would recommend this solution to others. 

I'd rate the solution ten out of ten.

I primarily use it for conducting security incident investigations and generating security reports. It serves as a valuable tool in analyzing and responding to security events, and its capabilities are instrumental in producing comprehensive reports on the security status of the network.

It proved to be invaluable in addressing our challenge of not having a rigid perimeter. With employees working from various locations, the need to move away from VPN reliance became apparent. Following thorough assessments, we opted to continue using it as our cloud Web Access solution.

It stands out for its seamless integration with various security solutions, such as EDR, SOAR, etc. The implementation process is straightforward, requiring minimal ongoing maintenance. The desktop agent enhances endpoint protection against zero-day vulnerabilities, providing a safeguard until patches are released. Its adaptability extends beyond a single solution, allowing integration with different models and solutions. The alert detection system and additional security features add an extra layer of appeal. The flexibility to start with one aspect and expand within a single vendor is advantageous. The agent's versatility is notable, used for digital experience monitoring to collect valuable endpoint metrics for troubleshooting. The security browser function distinguishes between known safe sites and potentially suspicious ones, ensuring a secure browsing experience. Unfamiliar websites are run in the Zscaler Cloud, isolating them from the endpoint and preventing potential phishing or malicious scripts from reaching the user's device.

Occasionally, there are certain delays in report generation. Clicking on a link, I found myself waiting for an unpredictable duration—sometimes as long as thirty seconds to a minute—until the report was ready.

I have been working with it for over a year.

There have been instances where certain software or applications on the user side didn't work smoothly. This posed an additional onboarding challenge, requiring collaboration with technical support to analyze logs, generate reports, and identify necessary exclusions or policies to rectify the issue. Once addressed, the applications resumed normal functioning.

It's highly scalable, and I frequently receive notifications about new data center expansions. With around five thousand endpoints, I am not aware of any problems that have been discussed as requiring a change of solution.

I gained access to the web console, and within an hour, I comprehended its capabilities, which I found appealing. Beyond predefined reports, the platform enables users to retrieve any imaginable information. Creating a visual search request is a straightforward process, delivering the required data through a user-friendly interface.

The implementation has effectively addressed numerous challenges related to ensuring a secure internet connection for users.

When we conducted assessments, Cisco and Microsoft were also considered. However, at that time, Cisco was in the initial stages of developing their solution, and Microsoft had just released their web security gateway.

When making a decision, choosing a market leader is often advisable. While the initial cost may be slightly higher, the long-term savings in both time and money, as well as the reduction in operational costs, often outweigh the investment. Opting for a leading product can also mitigate potential issues and challenges that might arise with newer or less-established alternatives. Overall, I would rate it eight out of ten.

The main purpose was to use it as a zero-trust solution. Or also to have control over the inbound and outbound traffic coming and going through the end user's device.

It does the job. What it is needed for. I can use it for VPN, I can use it for secure connections, I can use it as a firewall. So the solution does the job.

It has a limitation, if you are creating a rule or something for a web application or something, you could only add five users, not more than that. Five or four users are only included in a rule. If you want to create a rule for more than five or four users, you have to go through other methods, not particularly with the application. Working within the application with this method would be quite easy as compared to listing a URL or a normal IP address.

I have been using this solution for one and a half year. 

It is a stable product.

It is a scalable solution. Around 300 end users are using this solution.

The customer service and support have a good SLA. They return queries on time.  

Positive

I would say go ahead because it has a quite friendly interface. It has a lot of stuff you can do. If you are using the old infrastructure technique, you would love it because you can control most of your endpoints network on the device by a single interface. That is the Zscaler.

Overall, I would rate the solution an eight out of ten. 

We use Zscaler Private Access to authenticate our applications, which provides a more secure way to access the Internet from our work environment. We have multiple policies for different types of users. When new users join the company, they authenticate the VPA application to access the Internet. We use SSL bypass policies, tenant restrictions policies, and Microsoft tenant cloud application policies. We also use File Type Control Policy for all categories of files, and our traffic goes to the WAPAC file and the application. We are using services as per the requirements of our clients.

The most valuable features are the File Type Control and SSL bypass policies. We have multiple options, such as very flexible policies and modules in Zscaler. We will define them based on our requirements and the active Internet. We also have geolocation users. For example, a user from Singapore moves to Dubai. When the user tries to access the Internet, Zscaler automatically detects the geolocation and drives our traffic to the other channel. There is no issue here. 

When using a Blue Coat, we have some problems. Sometimes, some of our users have some issues, but once we update the agent, the traffic goes to the current geolocation without any problems, and they can access it. Sometimes, we have some URL categories blocked in our environment, but HPE sometimes removes the block. We request that the vendor to remove the block from the correct URL category. They provide a suitable solution based on the findings.

There is some issue while accessing the portal. It takes too long. It will take longer if I am on the URL Cloud App category and switch to other tabs.

I have been using Zscaler Private Access for five years.

If something happens, they have integration and they send notifications. I rate the solution’s stability a ten out of ten.

If I need to switch the policy to another task, the solution takes time. I rate the solution’s scalability a nine out of ten.

Compared to other proxies, such as Glook and IronPort, Zscaler Private Access is very easy to handle.

The initial setup is easy. You need to configure the proxy tool for the network configuration. They can forward multiple services based on the client's requirements. If we need to use the VPA, we need to authenticate. It takes one day to implement the solution, but for smooth running, it takes around a month because of timely revision.

The solution is expensive.

The categorization issue is dependent on the end user. For example, if I am trying to access a categorized URL but need to access it for work, I should be able to request a change to the categorization. Forcepoint can change the categorization itself, or the client team can do it for me. This is enough to change the categorization to meet the requirements. Overall, I rate the solution a ten out of ten.

We use Zscaler Cloud DLP to maintain data load and for storage reports. 

The solution is the best for storage. 

We have issues with the tool's maintenance and networking. It should be able to work in offline mode as well. 

I have been using the solution for two years. 

Zscaler Cloud DLP is stable. 

The tool is scalable. My company has 250-300 users. 

Zscaler Cloud DLP's installation is difficult. 

Zscaler Cloud DLP is moderately priced. We pay around 2 million rupees per year. 

I rate the solution an eight out of ten. 

Most people use Zscaler SASE as a replacement for VPNs. You know, with a VPN, once you establish connectivity to the network, you have unrestricted access. But with Zscaler SASE, you have strict access control. You don't get any access unless you adhere to the policies set in Zscaler. 

So, you can control who has access to specific applications at a URL level rather than granting access at the physical IP level. That's what most people appreciate about it. IPs provide access to everything on the machine, whereas Zscaler SASE provides access to specific services within the network. 

The most valuable feature is its ability to establish connectivity for remote users and remote endpoints. It offers a high level of granularity compared to typical VPNs, which also encapsulate a lot of I/O. By using Zscaler SASE for home access or access in remote areas, it bypasses the issues introduced by ISPs. 

Sometimes ISPs block certain protocols or applications, but when everything is encapsulated within the Zscaler Cloud, the ISPs don't get a chance to interfere or block. This is especially helpful when it comes to file sharing. Sometimes ISPs block it, so we can't share files using cloud services remotely. Zscaler SASE gives non on-premise users the ability to securely access and sync with on-premise resources.

The area that requires improvement is their support. The current support is lacking. 

Other than that, once you have the right people on the phone, the product performs as advertised. However, multiple clients have complained about the support. 

I have been working with Zscaler SASE for two years. 

When it comes to stability, it's similar to any outsourced service. There will always be some outages because of the global nature of the network and the involvement of various cloud providers. There are many moving parts. I don't anticipate more frequent outages, but it's important to acknowledge that Zscaler is not flawless.

I haven't encountered any clients who have had problems with scalability or performance issues. There were a couple of outages less than six months ago, but that's to be expected. Every service experiences occasional outages. It's like having allergies; every product at a global scale will have such issues. 

I have heard a lot of complaints from my clients about the support. Even VMware's support has declined since it got acquired by Broadcom. 

So, we're not receiving the kind of support we used to get, like from Cisco. It's more akin to Microsoft and internal support.

Neutral

The initial setup does take some time to get used to. Zscaler does a good job with its specialized services in setting up and installing the product. 

Once you start using the product, any issues that arise are generally handled well. The support is not as terrible as it may seem at first. While there may be instances where one technician transfers the case to another technician, it doesn't mean starting the entire process from scratch.

However, most people are deploying it on AWS or Azure. I have some clients who still prefer on-premises deployment. It depends on their specific requirements.

The pricing is quite high, especially when it comes to the gateway. It costs around $10,000 per gateway per data center, which can be seen as ridiculous. Other cloud-based solutions charge based on the number of clients without the need for a gateway for each data center. 

This pricing approach doesn't sit well with my clients anymore. When Zscaler SASE had a monopoly in the market, it could get away with it, but now there are alternatives cutting into its market share.

I would rate Zscaler's pricing model as an eight out of ten, with one being cheap and ten being expensive. 

There are other solutions like VMware that also have high costs, but Zscaler SASE stands out because of the expensive gateway for each data center. It's not a cheap implementation. 

Every time you set up an Azure data center, you have to spend another $10,000 to $15,000 on a gateway. It adds up quickly. Creating a VPN between data centers might be an alternative, but it introduces a single point of failure. So, that pricing policy alone makes it very expensive.

It's a great product. My advice for those considering using it is to understand the concept of zero access. It's different from just having VPN access. If someone can perform a DNS lookup, they still have access. 

People are often stuck in a VPN-centric mindset. It requires a paradigm shift, similar to transitioning from traditional applications to Microsoft applications. Instead of focusing on what services the user needs, it's about restricting access to specific applications regardless of the user. Once you embrace this mindset, it becomes easier to navigate. It's not a major impact, but it does require a change in thinking.

Overall, I would rate this product an eight out of ten, with the exception of pricing and support issues. It is one of the better implementations available, surpassing Cloudflare's capabilities. However, there are still areas for improvement, particularly in terms of pricing and support.

We use the product for the process protocol for tunnels to manage network traffic.

They should work on a replica account. There could be alerts and replica files sent to the DLP team during data collection.

We have been using Zscaler Cloud DLP for three years.

I rate the product’s stability an eight out of ten. We encounter high latency for cloud data centers.

The product’s scalability depends on specific requirements. We manage more than 50 Zscaler Cloud DLP accounts for customers. We have created certain rules to cover and manage our sensitive data. I rate the scalability a ten out of ten.

They should assign an L2 engineer to resolve the issue. The L1 engineer takes time to identify and elaborate on the problem.

Our organization has used Symantec, Trend Micro, and McAfee.

The initial setup is easy. It doesn’t take much time and depends on the IP server requirements.

I rate Zscaler Cloud DLP an eight out of ten. I recommend it for customer service companies to protect sensitive data.

Zscaler CASB breaks down at times. 

I have been working with the solution for six months. 

The tool's scalability is good. 

The solution is easy to deploy. 

The solution has increased prices this year. 

I rate the solution a seven out of ten.