We use Zscaler as a secure internet proxy. All of the traffic is filtered through it. We have about 3,000 users at the organization. 

All internet traffic goes through Zscaler, which protects the organization's IP, which isn't published publicly. Zscaler's cloud services filter and clear all traffic. 

We like Zscaler's traffic filtering, web security, DLP, and IPS features. The real-time threat protection is excellent.

Zscale is providing a proxy IP, and most government sites will block traffic from a proxy. Also, we see some performance issues on the cloud side during DC failover.

We have used Zscaler for around three years. 

I rate Zscaler seven out of 10 for stability because we are still having some performance issues.

Zscaler technical support is okay. They have the technical knowledge needed to cover the market. 

Deploying Zscaler was moderately difficult. You don't need to create anything. We only needed to forward things to the Zscaler cloud, and they took care of everything on their side. We needed to establish a trusted network and create a channel between Zscaler, the DC, and our on-prem environment. 

Zscaler is more expensive than Fortinet or Palo Alto. It's 10 times more expensive than Fortinet. However, it's worth the price because of the cloud security features, and it gives us a single global control, which is why we chose this.

We also looked at Fortinet. We decided to go with Zscalare because we operate across multiple countries and want centralized control from a single dashboard at our headquarters.

I rate Zscaler Internet Access seven out of 10. We need a solution like this these days because we have remote users who need protection.

Primarily, it was to replace our existing on-premises box infrastructure. That's what it started with. And lately, we've been using it more for secure web gateway purposes.

It's primarily meant for perimeter security and the ability to securely access the internet and SaaS applications. So that has definitely helped us get rid of our bulky firewall hardware firewalls, at least for internet access. So that's a cost optimization. And performance. It definitely helps us boost performance.

The ease of deployment is the most valuable feature. All it takes is building a few QRE or ITC tunnels and installing agents. It's a piece of cake. 

And the policies are very intuitive and easy to configure, with very little possibility of messing things up. I also like the great analytics and good visibility into the traffic that goes out of my organization. 

Shadow ID Discovery is also great for finding out what SaaS applications people in my organization are trying to access.

One thing that needs to be improved is their presence in China. I'm not sure if that's a Zscaler thing or if it's a problem with all vendors in this space, but it would be nice to have better coverage in China.

This concern is a common one for vendors across the board when dealing with the Chinese market. So, currently, there is the Great Firewall of China. This firewall can significantly impact internet performance for users in China. A better presence in China from Zscaler could mean more breakout points between China and the rest of the world. 

This would help to improve internet performance for users in China and make Zscaler a more viable solution for organizations with a presence in China.

I started using it in 2015, but then I used it intermittently for the next couple of years. But lately, I've been using it quite a lot. So I've been working with it for about seven years now.

Occasionally, I've faced challenges with applications going down, but these incidents don't usually result in disconnections. 

If I were to rate its stability on a scale of one to ten, with ten being the most stable, I would place it around a seven, I suppose.

I've never encountered challenges where a client exceeded the bandwidth or processing limits of Zscaler. When you reach your peak, the solution is flexible enough to handle it. 

If necessary, you can provision another circuit to increase your Internet bandwidth and set up an additional enforcement point, which is essentially a Zscaler reinforcement point. So, it's highly elastic and scalable.

I would give scalability a perfect ten out of ten rating.

The customer service and support are fairly good. 

In terms of their technical capabilities, response times, and issue resolution, we've had positive interactions with their support.

Positive

The primary alternative for Zscaler is Prisma Access. It stands out as the strongest contender. Additionally, there's NetScope in the mix, although it's not a direct comparison. Another player is Blue Coat, or rather Symantec, now Broadcom. They also compete in this space. However, from what I've observed, most clients transitioning from traditional proxy setups tend to gravitate towards either Zscaler or Prisma.

Prisma Access extends beyond mere web security. This puts it in a separate category, making a direct comparison with Zscaler Internet Access somewhat challenging. Prisma offers a broader array of features, including threat profiling, threat intelligence, diverse integrations, endpoint security evaluations, and deep packet inspection. These are areas where Zscaler Internet Access falls short. Zscaler, essentially a cloud proxy, serves a specific purpose. 

On the other hand, Palo Alto Networks not only operates as a proxy but also incorporates firewall functionality. It functions as a service, includes VPN replacement capabilities, and encompasses features like antivirus, anti-spyware, and IPS for threat filtering. Palo Alto holds an advantage in these aspects. However, if your primary aim is to replace an on-premises proxy, Zscaler is the way to go. Opting for Prisma Access exclusively for proxy functionalities might prove cost-prohibitive.

I would rate my experience with the initial setup an eight out of ten, where one being difficult and ten being easy to setup.

With regard to complexity, it largely depends on the number of redundancies that you require. For example, if you just have a standby setup with maybe two or three Zscaler enforcement nodes that your tunnels need to terminate on, it's fairly simple. 

However, the more redundancy and higher availability requirements that the company has, the more complex it gets. So it can get pretty complicated if you have some crazy requirements with regard to high availability and redundancy.

You just need one person to deploy the solution. One person can mostly do it. A lot of parts as well. 

You would require an endpoint specialist; someone who manages the endpoints. Additionally, you might need someone from your SOC to ensure that you're able to ingest all the logs and security alerts that are being dumped into the same solution. Perhaps one or two individuals for testing purposes. The policy installation process is quite straightforward and shouldn't take a lot of time. One person should be sufficient for that.

We deployed the solution ourselves. We have a team of in-house experts who can troubleshoot any issues that may arise. We have also used Zscaler's professional services team on occasion, for example, to help us with sizing and design, or when there are complex requirements from our clients. But for the most part, we're able to handle the ZIA deployment ourselves.

Most standard deployments take around two weeks. For example, I deployed Zscaler Internet Access (ZIA) for my previous organization, with 20,000 users in two weeks. However, I've also seen deployments for 50,000 to 60,000 users that took at least three to four months. 

The exact deployment time will vary depending on the size of the deployment, the complexity of the environment, and the specific requirements of the organization.

In a typical deployment process, the first step is to procure licenses. You can either do this yourself, or Zscaler can do it for you. Once the licenses are procured, Zscaler will create a tenant for your organization. This tenant will include the enforcement nodes that will be used to process traffic for your users.

Following this, the installation of Zscaler tunnels transpires, along with the deployment of the Zscaler Client Connector (ZCC) on user machines. Configuration of policies is then carried out, encompassing aspects such as policy definitions and potential additional inspection of HTTPS traffic. 

Moreover, ancillary facets are incorporated. These entail the establishment of compatible streaming services and TLS inspection. Integration with the corporate identity provider (IdP) is also a crucial step. 

Furthermore, if automation is a consideration, additional automation or orchestration components can be implemented to facilitate automatic policy enforcement. While integration with Extended Detection and Response (XDR) systems is conceivable, this is an aspect I have not personally done. This more or less encapsulates the overall process.

I would suggest knowing the use cases beforehand. Many customers I've seen aren't entirely clear about their specific use cases. They often dive into the product first and then work backward to identify whether Zscaler Internet Access aligns with their needs. Understanding your use cases is essential; it serves as a foundation for determining if Zscaler Internet Access is the right solution. If the required capabilities are already available, or if a few API integrations or lines of code can sustain the existing solution, that's worth considering. This advice isn't exclusive to Zscaler, but I've witnessed clients who become uncertain because they lack the necessary set of use cases that would justify their investment.

Overall, I would rate the solution a seven out of ten for two reasons, namely, the China issue for the improvement section and the pricing is expensive. I am not sure about the exact price, but it is expensive.

The permission settings in the solutions are the most valuable feature in the solution since it allows me to assign roles and permissions.

I am just an end-user of the solution. I can't speak on what needs improvement from an admin's perspective. The interface of the solution needs to be clear and user-friendly. Currently, the solution's interface is not that user-friendly.

Zscaler is not like Okta. Okta has a marketplace, while Zscaler doesn't have one. Zscaler needs to have a marketplace.

I have been using Zscaler Internet Access for two years. I am using the solution's latest version. My company is just a customer of the solution.

Stability-wise, I rate the solution a nine and a half out of ten.

Scalability-wise, I rate the solution an eight out of ten.

My company has 200 users using the solution.

I rate the solution's technical support more than nine out of ten.

Positive

I rate the setup phase a nine on a scale of one to ten, where one is difficult and ten is easy. The setup phase was easy.

The cloud is deployed on-premises.

The time taken for deployment is around fifteen minutes.

One admin person is required for deployment.

I am not aware of the solution's pricing model since my company paid for the solution.

I like Zscaler Internet Access a lot.

There are some sites it fails to find and block, causing such sites to get away from Zscaler Internet Access.

Overall, I rate the solution a seven out of ten.

Our customer already had the product, which they got from another vendor. They were facing some issues with their existing policies. Our role was to optimize the policy. So we optimized Threat Protection, DLP, and CASB policies per the customer’s requirements. In their environment, G Suite was completely allowed for some users, but they wanted only to allow a specific corporate domain. As per the recommendation, CASB policy must have been in place, but it wasn’t. So we optimized the tool as per their requirement and delivered it.

The product has different modules like SWG, CASB, DLP, and Threat Protection. The most valuable feature of the solution is SWG traffic. The product is very good in web traffic.

Cloud App’s database should be improved. Currently, they only support and provide granular controls to around 1000 cloud applications. In Netskope, it is more than 3000. Around 65,000 applications are visible to the users in Netskope, but Zscaler only supports around 3000 to 4000. Cloud App is not good. UI is not as easily understandable as Netskope. Netskope has a source, destination, and action policy. In Zscaler, we have to click multiple tabs to get it. It's a bit tricky compared to Netskope. Once we understand it, it's simple.

I have been using the solution for four to five months.

I rate the solution’s stability an eight out of ten.

I rate the product’s scalability an eight out of ten. Currently, the product is facing major issues in scalability because the company is over ten years old. The data center they have in India goes down frequently. VLANs also go down frequently. Due to this, the product gets turned off completely, and sometimes, the users go to different traffic. If it’s an on-prem user, they go via a firewall, which increases the pain for the customers. They have a problem with DC. VLANs go down sometimes. That's why the user faces complete disconnection issues for the proxy. Two people in the organization are using the solution.

The initial setup is straightforward. It is just a plug-and-play process. When the Zscaler client is installed on the machine, it works like a normal proxy. They're connected to the cloud. The solution is deployed on all the users’ machines, and the management and policy creation is done at the cloud level. It's a cloud proxy.

The deployment is just a plug-and-play process. The policy is very simple.

We acquired a customer for optimization. Overall, I rate the product a seven out of ten.

We use ZIA for outbound internet connectivity. The internet traffic of on-prem users will be directed to the ZIA cloud for security checks and web filtering. 

Zscaler does not provide dedicated IPs to each customer. Hence, they share a pool of IPs provided by Zscaler. There is a chance of blacklisting these IPs. I also do not like the multi-management portal. 

I have been working with the product for a couple of years. 

The product's stability is fine. 

ZIA is not scalable due to the limitation of bandwidth. My company has over 100 users for the product. 

ZIA's support is good. 

Positive

ZIA's setup is not easy because of the multiple clouds. 

ZIA follows a subscription model pricing and charges you based on the number of users. I would say its price is good. 

I would rate the product a seven out of ten. I haven't seen any unique competitive advantage for ZIA over its competitors. ZIA's offerings are offered by competitors as well. However, the product has good security features. However, I wouldn't recommend this product to organizations that require high-security features. I would recommend Palo Alto in those cases.