Zscaler Internet Access Review

Centralized firewall that protects the whole topography


What is our primary use case?

We use it for security. We installed it on our work computers and also for other traffic from the office. We are using it for perimeter security and that is useful for us.

How has it helped my organization?

I will give you an example. Before implementing a computer scan on all PCs, our main problem was when we received a phish or something like it. It was impossible for us to tell if it was people from inside or outside our organization that clicked on it. If people that were inside our organization had different appliances for checking the traffic, you had to connect each appliance and get the receipt from that URL. It was a little bit complicated. With the scanner, for example, if somebody clicks on a bad URL you just add that to the reporting part and in a matter of minutes it generates a report, where you can see exactly who clicked on that link and who did something before you got a chance to block that malicious URL. That is the first benefit that comes to my mind and I think it was a huge improvement in our site. Having a centralized firewall that protects the whole topography is quite awesome when you also have users that are not on the plan because it actually improves visibility of those users.

What is most valuable?

I cannot say that I found only one feature that is most valuable, but I can tell you that I find value in traffic scanning and samples. That I think is quite valuable for all their software. The scanning feature is impressive, because they do not introduce a big latency to the traffic. I really like how they manage this part.

What needs improvement?

On the technical side, the only thing that I believe this scanner can improve is in the way they allocate traffic. For example, a big site doesn't have the ability to have its IPs inside the cloud, so Zscaler doesn't allocate you certain IPs for traffic. Your traffic goes to the nearest Zscaler point, and from there you get an IP. Sometimes that is problematic, because your users use the same IPs that another client is using so you don't get the ability to do some rules using some IPs. For example, you cannot use conditional access to high influence IP. You can't say if somebody goes to Zscaler I know that traffic is secure so I can let them past. In this scenario you cannot do this, because Zscaler is using a pool of IPs and they'll circle them for all the clients. I would like to see the ability to choose a pool of IPs for my company, set up rules based on them, and know that those IPs are not used by other companies.

For how long have I used the solution?

We've been using Zscaler for three years.

What do I think about the stability of the solution?

The product is mature. I can't say it's not stable. It's been there for a while now and it proves that it can do the job according to what they say they do. I cannot say that they are not doing the best of what they think they should do. So at this point, they have a mature product and are working quite okay.

What do I think about the scalability of the solution?

There are no issues there. The number of users doesn't matter, whether you have 100 users or 2,000 users. The only impact you'll have is on financial side. For 100 users you will pay differently than 10,000 users, so I don't think you have an issue on this side.

All our users have libraries on their computers. So if they have a device from the company, they have Zscaler on it. I think we have about 3,000 users in my company.

We have one or two people on maintenance from the global networking team. You don't need to do something special, it just works. The only thing we need to do is check daily if there are any threats, as well as to verify the US dollar and stuff like that. In terms of maintaining it, doing something to make it work, you don't have to worry about that. It's a cloud provided solution. The only thing that you have to concentrate upon is the business side. You have to see how your business is affected, what type of traffic you have in there, and check security threats on your site. That's it. The product by itself is run by the Zscaler team and they do a good job. We do not have maintenance debts. The only incidence that I remember is last month they were blocking our site or something , but that was solved quickly with support from Zscaler.

How are customer service and technical support?

I did not get any experience directly, I got some instance of indirect support. I asked networking for something and they work directly with the support. My impression was that they responded quickly, relatively speaking. I don't know exactly how it works on the other side, but my impression indirectly was that they offer quick support.

How was the initial setup?

From what I discussed with my colleagues from the network that we were working with, it wasn't a difficult process. I cannot tell you how long it took.

Which other solutions did I evaluate?

We didn't have a similar solution. We had a solution, but we didn't have something cloud-based as a security solution, so I would say we did not use any cloud security-based system.

What other advice do I have?

Check if a product like this makes sense for you. And look at the specifics: what you need in terms of security and what features you would like to have in it. Zscaler is one solution. It's a good solution, but it doesn't do everything. First of all, analyze a few solutions and make a demo. Without a demo, I do not recommend moving forward, because any security solution comes with a price. There is also the financial price, to know if that is okay for your company. Usually Zscaler works best for companies that have users that do not stay in an office. They have road warriors. I would recommend it for companies that have a lot of users moving from here to there.

I would rate Zscaler as eight out of ten. It's not an ideal solution, one of the things is that I do not have my IP fully inside it. For example, you have countries where they don't have a lot of presence and then sometimes they go to another country where they have a presence or data center. When you come back to the other country, and you have to open a fiber, it can be geographically restrictive. I find my country and am going through by neighborhood. When I come back to my country, I cannot see it because I'm geographically restricted. I'm not part of that country, so that's one reason Zscaler isn't ideal.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
1 visitor found this review helpful
Add a Comment
Guest
Sign Up with Email