We performed a comparison between Prisma Access by Palo Alto Networks and Zscaler Zero Trust Exchange based on real PeerSpot user reviews.
Find out what your peers are saying about Zscaler, Palo Alto Networks, Cisco and others in ZTNA as a Service."On the outside, the main differentiation is because Lookout ingest. They have ingested basically all of the apps for the last ten years and all the versions of all the apps, and we have that in a corporate database that allows us to do very large-scale machine learning and analysis on that data set. That's not something that any of the competitors really have the capability to do because they don't have access to the data set. A lot of the apps you can no longer get them because that version of the app is five or six years old, and it just doesn't exist anywhere anymore, except within our infrastructure. So, the ability to have that very rich dataset and learn from that dataset is a real differentiator."
"The most valuable features are the antivirus as a whole, the anti-malware, and all of the protection features that scan our enterprise devices."
"The protection offered by the product is the most valuable feature. It detects vulnerabilities or traps on our users' phones and then prompts them to clean up their devices. Tools we used previously would only discover, which required us to gather information on the backend, so Lookout is a welcome upgrade."
"The solution is stable."
"The scalability of the solution is excellent."
"There is a system for monitoring the traffic. You can monitor the traffic of the connected people and point out any issues on the connection part."
"Prisma SaaS is very easy to use; it's common sense — it's the best-in-class."
"The protection for web-based applications was helpful for my colleagues who didn't want a particular application on their devices. And the non-web access protection was more for our developers because they were writing and building code on their computers. Prisma Access was able to protect them."
"It's very stable. Sometimes after installing the boxes, we leave them for one or two years. We would just touch the box in the case of the customer needing new requirements or changes to the setup."
"The initial setup is very straightforward."
"We have an application called ADEM that helps us troubleshoot network-related issues. It helps us to isolate an issue whether it is on the ISP level, endpoint level, or system access level."
"The stacked policies, event policies, and routing policies are easy to understand for someone with general knowledge."
"The most valuable feature is its ability to establish connectivity for remote users and remote endpoints. It offers a high level of granularity compared to typical VPNs, which also encapsulate a lot of I/O."
"Users get direct secure access to applications over the internet."
"With SASE, we have a single platform that covers multiple task services with which we need to control access. All the features are equally valuable."
"I like its ease of use. It has a single pane of glass for the ZIA and ZPA pieces. It is very manageable. It is also very easy to deploy for secure access, and it gives half-decent coverage for visibility in terms of what the users use and what data is being proxied through the access gateway."
"The Live Logs are a cool feature. We can directly identify issues and divert user traffic."
"The most valuable feature of Zscaler Private Access is we do not have to connect to a VPN, it is seamless. It is more convenient for us because we use one agent to cover the internet and VPN access."
"The ZPA is a unique feature which offers VPN along with all the additional security needed."
"It is a stable solution."
"From the analysis that we've done, they do seem to be maybe a step behind in trying to enter the market with a new solution. But when they do pick up, they do come out with some good products."
"Lookout was moving into the SSE space. And so their work on SecureWeb Gateway and SD-WAN is still sort of evolving."
"We just submitted an enhancement request reflecting the main area we want to see improvement in; the APIs. Currently, we're able to build dashboards, but it's somewhat backward because we use our MDM API to create them. Lookout should provide API to customers so we can query our data and use it in our cloud, and this is the only outstanding area for improvement with the product right now."
"The stability depends on the service from where you access it. Because sometimes, the place you are in, you have Gateway. You don't have Gateway. The gateway is overutilized. At the end, you need to go through their gateways. And this is the key point here. You have a tracking point. If it's not well orchestrated, and it scales up as you add more to the existing team, you will suffer"
"While Palo Alto has understood the essence of building capabilities around cloud technology and have come up with a CASB offering, that is a very new product. There are other companies that have better offerings for understanding cloud applications and have more graceful controls. That's something that Palo Alto needs to work on."
"When it comes to the VPN, it uses the global protect VPN functionality to connect remotely, but it has a feature limitation for assigning multiple IP sub-links to different user groups. It would be much better if we are able to assign the current IP blocks for the sub-links based on the user groups."
"Sometimes, you have these notifications sent out about changes in App-IDs, modifications in App-IDs, or even the introduction of entirely new App-IDs to replace. Sometimes, the recommendations are followed, but even then, when the package is installed on the firewall, it gets messed up. I remember a particular one was with Tableau, and suddenly, people weren't able to use Tableau, which is an analytics tool for business."
"When we deploy firewall rules via Panorama, we find it's a little bit slow. We have a global environment and might have 100 gateways or VPNs in the cloud. When we deploy something, it tries to deploy it one-by-one, and that can be slow."
"It wasn't so satisfying to work with it. There is room for improvement in the policy management. It is difficult to cover the entire scenery through Palo Alto products."
"It is a managed firewall. When you run into issues and have to troubleshoot, there is a fair amount of restriction. You run into a couple of restrictions where you don't have any visibility on what is happening on the Palo Alto managed infrastructure, and you need to get on a call to get technical assistance from Palo Alto's technical support. You have to get them to work with you to fix the problem. I would definitely like them to work on the visibility into what happens inside Palo Alto's infrastructure. It is not about getting our hands onto their infrastructure to do troubleshooting or fixing problems; it is just about getting more visibility. This will help us in guiding technical support folks to the area where they need to work."
"Prisma would be a stronger solution if it could aggregate resources by project or by application. So say we have an application we've developed in AWS and five applications we've developed in Azure. The platform will group it according to those applications, but it's based on the tags we use in Azure, which means I have to rely on development teams to tag resources properly."
"The product's current price is an area of shortcoming where improvements are required."
"It has a limitation, if you are creating a rule or something for a web application or something, you could only add five users, not more than that. Five or four users are only included in a rule. If you want to create a rule for more than five or four users, you have to go through other methods, not particularly with the application. Working within the application with this method would be quite easy as compared to listing a URL or a normal IP address."
"What could be improved in Zscaler Private Access is its notification. For example, if there's a speed issue, there should be a pop-up that alerts the user about it. If there is a network quality issue, for example, it isn't good enough to connect to, or the network quality is bad, there should be a notification from the solution. Zscaler Private Access also needs improvement in terms of its interface and security."
"There are latency issues with the solution. They are small, however, they are there when you compare it to other vendors."
"Zscaler Private Access could improve by improving external access. If external parties want to access locally to my company's services, we need to onboard them into our domain, otherwise, it doesn't work. Additionally, if their company also has Zscaler Private Access, then it doesn't work. They need to log in with our domain ID, not their company ID."
"More on-prem infrastructure is required when Zscaler Private Access is to be implemented as a single point of entry."
"Zscaler Private Access's reporting is poor. We should have more insight into the reports regarding what is blocked and allowed."
"Users report application access or latency issues with Zscaler Private Access."
"While Zscaler supports client-initiated connections, it does not support server-initiated connections. This is a feature that Zscaler may consider adding in the future."
More Prisma Access by Palo Alto Networks Pricing and Cost Advice →
Prisma Access by Palo Alto Networks is ranked 2nd in ZTNA as a Service with 57 reviews while Zscaler Zero Trust Exchange is ranked 1st in ZTNA as a Service with 34 reviews. Prisma Access by Palo Alto Networks is rated 8.2, while Zscaler Zero Trust Exchange is rated 8.4. The top reviewer of Prisma Access by Palo Alto Networks writes "Integration with Palo Alto platforms such as Cortex Data Lake and Autofocus gives us visibility into our attack surface". On the other hand, the top reviewer of Zscaler Zero Trust Exchange writes "Allows for strict access control, granting access to specific applications at a URL level rather than at the physical IP level". Prisma Access by Palo Alto Networks is most compared with Netskope , Cisco Umbrella, Zscaler Internet Access, Prisma SD-WAN and Microsoft Defender for Cloud Apps, whereas Zscaler Zero Trust Exchange is most compared with Cato SASE Cloud Platform, Axis Security, Cisco AnyConnect Secure Mobility Client, Cloudflare Access and Perimeter 81.
See our list of best ZTNA as a Service vendors and best Secure Access Service Edge (SASE) vendors.
We monitor all ZTNA as a Service reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.