We just raised a $30M Series A: Read our story

Zscaler SASE Competitors and Alternatives

Get our free report covering Palo Alto Networks, Cato Networks, Cloudflare, and other competitors of Zscaler SASE. Updated: October 2021.
543,424 professionals have used our research since 2012.

Read reviews of Zscaler SASE competitors and alternatives

Max Islam
Associate Director at Cognizant
Real User
Integration with Palo Alto platforms such as Cortex Data Lake and Autofocus gives us visibility into our attack surface

Pros and Cons

  • "Security is absolutely spot-on, really top-notch. It's the result of all the components that come together, such as the HIP [Host Information Profile] and components like Forcepoint, providing end-user content inspection, and antivirus. It incorporates DLP features and that's fantastic because Prisma Access makes sure that all of the essential prerequisites are in place before a user can log in or can be tunneled into."
  • "It's not really Prisma's fault, but when you try to create exceptions you don't really have those abilities. You cannot say, on the management platform, "Hey, for these users I want to create these exceptions." That is one thing that I have gotten some complaints about, and we have faced some challenges there."

What is our primary use case?

We could write a book about our use cases. It provides best-of-breed optimization in CASB and SASE together. Our primary use case is enabling users from all walks of life, and all over the planet, to have remote access in the most optimized way.

Prisma Access is a SASE-oriented solution, making it a hybrid and SaaS. Of course, it's built on Google's high-capacity backbone, but it is provider-neutral.

How has it helped my organization?

With the centralized remote access solution we had before, F5, we used to see a lot of latency and a lot of intermittent disconnects. But our people have reported that they like Prisma Access so much better in terms of speed and how it operates. The user experience is so much better in terms of throughput. They don't see as much lag. Of course, there are users who don't have the most stable internet connection, but even for those users, by optimizing data reduction, it works better. We can't really help users who have some sort of wireless connection, because if their underpinning link is not good, this overlay won't do much. But for users who are using a satisfactory type of connectivity, even for people who are on 10 Mbps, it works well.

In addition, from an application accessibility standpoint, the integrated features that come with the QoS mean you can choose what types of applications get higher priority than others. It optimizes applications for QoS prioritization.

What is most valuable?

At the end of the day, the most valuable feature of Prisma Access is user accessibility and performance. For us, it all comes down to how well this product performs.

In addition to that, we feel that the security is absolutely spot-on, really top-notch. It's the result of all the components that come together, such as the HIP [Host Information Profile] and components like Forcepoint, providing end-user content inspection, and antivirus. It incorporates DLP features and that's fantastic because Prisma Access makes sure that all of the essential prerequisites are in place before a user can log in or can be tunneled into. Until these requirements are met at a satisfactory level, it doesn't let you in. Once users are onboarded, they are going through Palo Alto's firewall inspection. Users' traffic is encapsulated and inspected well. It gives us the flexibility to apply various policies and inspections. All of these come into play and give us peace of mind that this platform is best-in-class in terms of security features and tool integration.

The architecture is essentially a fabric-type SASE-based architecture. From a technical leadership standpoint, we are very pleased and satisfied with how efficient the product is, especially, again, when it comes to security.

One of the features that we really like in Prisma Access is its integration capabilities with Palo Alto's other platforms such as Cortex Data Lake. The best thing about it is that it gives us visibility and clarity. We can say, "This is what our threat metrics framework looks like. Yesterday we had this many potential threats, and out of that, this many have been fended off or mitigated." It gives us a really good single pane of glass that tells us what our attack surface looks like and how things have been mitigated." It gives us data that we can utilize for the benefit of our users and our senior executives.

From a user standpoint, it's very easy and very usable. Our users have used F5's products and it's not much different. There can be intricacies in that you have to have your laptops' antivirus protection updated, but that's not a big deal. Those are the types of things that users have to comply with anyway.

Traffic analysis, threat prevention, URL filtering, and segmentation are some of the features that come with Palo Alto itself. On the cloud controller platforms you have the ability to enforce controls, including things like the application layer inspection, granular policy constructs, as well as app-ID-based and application layer inspection. The inspection engines, such as the antivirus, malware, spyware, and vulnerability protection, are integrated into Palo Alto's cloud services platform. These features are quintessential to our entire cloud services security fabric. Users are users. You never know what's going to happen to a user. If somebody goes to Madagascar or to Bali and gets compromised, it is our job to protect that user and the organization. All of these interrelated features come into play for those purposes.

What needs improvement?

The challenges we have faced are not connected with Prisma's core fabric, but more with the end-user. To use the GlobalProtect client and meet all the requirements, your laptop or your end-user system has to be at a point where things are up to date. It's not really Prisma's fault, but when you try to create exceptions you don't really have those abilities. You cannot say, on the management platform, "Hey, for these users I want to create these exceptions." That is one thing that I have gotten some complaints about, and we have faced some challenges there.

It's always a challenge when people at the executive level start complaining because they're using the latest version of the MacBook Pro and it's not playing very well with Prisma.

For how long have I used the solution?

I used the predecessor to Prisma Access, which was GlobalProtect Cloud Services and I have been using Prisma Access for a good two years.

How are customer service and support?

I wouldn't call their technical support a pain point, but they need to improve it. That is one of the biggest drawbacks.

How was the initial setup?

It was pretty straightforward at the PoC level. But the rollout of something like this across an enterprise is never like a one-shot thing. We went through some bumps and bruises and roadblocks along the way, but, overall, it was a pretty straightforward path.

The entire onboarding took around four months for our approximately 20,000 users.

On a day-to-day basis, we have security engineers and SMEs managing the platform. But there are not as many intricacies and challenges as there are in some of the other products that we deal with. From administrative, operational, and management standpoints, the way Prisma has let us do it, things are pretty efficient.

What about the implementation team?

We used Palo Alto's professional services.

What's my experience with pricing, setup cost, and licensing?

It's pricey, it's not cheap. But you get what you pay for.

My most crucial advice to colleagues who are looking to purchase this product would be to look at it from a 50,000-foot point of view, and then narrow it down to 40,000, 30,000, 20,000, and 10,000. The reason I say that is because, at the 50,000-foot view, the executives care about the pricing and the costing model; it's all about budget and how they can save the organization money.

If you are in a high-end organization, this is the product you had better get, hands-down. If you are an executive at a highly visible bank, please get your head out of the sand and see what is best for your organization. If you are a manufacturing company that doesn't need this level of integrative security, go get something else, something cheaper, because you don't need this extensive level of security controls and throughput. But if you want to get the best-of-breed, then Palo Alto's product is what you should definitely get.

Which other solutions did I evaluate?

Our journey with Prisma Access started out with a battlecard comparison of what Prisma Access had to offer versus what ZPA [Zscaler Private Access], Symantec, and F5 had to offer. In doing all of these comparisons, we realized that Palo Alto had built a cloud services fabric that is user-first and security-first.

If I compare Zscaler and Prisma Access, not all of the security controls that are in place with Zscaler are inherent to their own fabric. Zscaler has done a fantastic job with ZPA in terms of putting the components together. But when it comes to security enforcement, they are lagging behind on some things. One of them is the native security control component enforcement on their fabric. We feel like that is not done as efficiently as Prisma access does.

In a simple scenario when doing a side-by-side comparison, if we were onboarding and providing access to an end-user using ZPA, they would be able to get on and do their job fine. But when it comes to interoperability, cross-platform integration, and security enforcement, we feel that ZPA lacks some of the next-gen, advanced features that Prisma Access has to offer. Prisma Access provides us with cross-platform integration with things like Palo Alto AutoFocus and Cortex Data Lake, which is great. ZPA does not provide all of these extensive security features that we need. In a side-by-side comparison, this is where Prisma Access outshines its competitors.

With all of that in mind, the big question in our minds was, "Well, can you prove it?" PoCs are just PoCs. Where the rubber meets the road is when you can prove your claims. Palo Alto said, "Okay, sure. Let us show you how you can integrate with your existing antivirus platform, your existing content filtering platform, and your existing DLP platforms." We gave it a try. And then, we did various types of pen testing ourselves to see if it was really working the way they said it would. For example, could you take an encrypted file and try to bypass the DLP features? The answer was no. Prisma Access made sure that all of the compensating controls were not only in place but also being enforced. "In place" means you have a security guard, but you have told him to just keep a watch on things. If you have a robbery going on, just watch and don't do anything. Let the robbers do whatever they want. Don't even call the police. Prisma Access doesn't just watch, it calls the police.

What other advice do I have?

There are some encrypted traffic flows that you're not supposed to decrypt and intercept, but even for those we have constructs that give us at least some level of inspection. Once tunnels are established, we have policies to inspect them to a certain extent. We try to make sure that pretty much everything that needs to be inspected is inspected. All of this comes down to accountability and to protecting our users.

Organizations with a worldwide footprint and distributed-services architecture require best-in-class security. Health organizations and pharmaceutical companies also do, because they are dealing with highly sensitive patient data or customer data. Organizations like these that have public, internet-facing web applications, need top-of-the-line security. Prisma Access, from an interoperability standpoint, addresses the big question of how well their web-facing applications are protected from potential malicious attacks. And the answer is that it is all integrative, all a part of a fabric with interrelated components. It protects the users who are accessing the corporate network and the corporate network from any potential risk from those users. Prisma Access gives us the ability to design architectural artifacts, like zones and segments, that really make for effective protection for web-facing components and internal applications.

In terms of Prisma Access providing all its capabilities in a single, cloud-delivered platform, not everything gets on the cloud. You cannot take a mainframe and put it on the cloud. You have to understand the difference between Prisma Access and Prisma Cloud. Prisma Access is all about user accessibility to enterprise networks in the most secure way possible. Prisma Cloud is the platform to integrate various cloud environments into a unified fabric.

As for Prisma Access providing millions of security updates per day, I don't know if there are millions, but it is important. We take advantage of some of the automated features that Palo Alto has provided us. We try not to get into the granular level too much because it increases the administrative overhead. We don't have the time or the manpower to drill into millions of updates.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
VM
Senior Lead Network Architect at a tech services company with 10,001+ employees
Real User
Easy to use, simple to install, and plenty of useful features

Pros and Cons

  • "VMware has been chosen by many of our customers who do not want to do a lot of complex routing in their environment and want a very easy-to-use solution. The most valuable features are simple troubleshooting, Dynamic Multipath Optimization (DMPO), and cybersecurity."
  • "In an upcoming release, they should allow customers the flexibility to use mobile applications where they can go and check on the information about their networks. A lot of vendors, such as Meraki, have a lot more integration with the use of portals to a mobile application. Having this feature as an alternative to logging into a laptop would be beneficial. If you are a SaaS-based company why not make a mobile application as well. You might not be able to do configurations but at least monitor while away or on vacation."

What is our primary use case?

Our main use cases have been for customers who have been traditionally using MPLS lines and are now moving into a lot more SaaS-based applications to transform the WAN infrastructure. A lot of our customers have end-of-life, end-of-support devices on the WAN and they are always looking for doing RFPs on cutting edge technology. Some of them happen to use a lot of VMware and Cisco portfolios in their data centers and they are constantly trying to see what solution fits best for them.

What is most valuable?

VMware has been chosen by many of our customers who do not want to do a lot of complex routing in their environment and want a very easy-to-use solution. The most valuable features are simple troubleshooting, Dynamic Multipath Optimization (DMPO), and cybersecurity. 

DMPO is a technology that is similar to a proprietary technology that VMware has. Customers probably do not understand too much about it in detail but they know about the benefits of it in general. What it does is constantly monitors all different areas, such as latency, jitter bandwidth, artificial intelligence, and machine learning. It makes sure that if there is a case where there is a networking jitter contained in the link, it figures out how to maneuver your traffic elsewhere. This is all done automatically without customers getting slowed down on those poor links. The customers do not want to spend too much time researching these complex technologies which VMware automatically takes care of them. It benefits many IT teams by taking a lot of the burden away who are constantly juggling a hundred different other things as well.

The cybersecurity component is very important. VMware also has a lot of security components embedded into the SD-WAN, especially with the traditionally SD-WAN, and now a lot more integration through secure access with partnerships companies, such as Zscaler and other SaaS-based solutions. VMware has a lot of portfolios within themselves that can support many security use cases and if they cannot they have partnerships with industry leaders who can. For example, the Zero Trust Network Access (ZTNA) solutions through the Zscaler partnerships can help customers who want to move from traditional VPN solutions towards ZTNA based ones.

Overall as an experience, I have found that customers like the UI/UX experience that they receive from VMware.

What needs improvement?

There are customers that have very large routing and segmentation operations who do a lot of segmentation within their network and have complex routing requirements. VMware does not provide the facilities in terms of doing a lot of operations with routing tables, such as complex routing policies. It is more about that out-of-pocket experience that customers get out of VMware. There are other technologies for this type of use case from solutions, such as Versa or other WANs. These are for customers who are wanting to maneuver or configure things themselves, similar to DIY solutions, for them going to technologies, for instance from Versa, makes much more sense because they can do a lot more with routing, complex segmentation, and complex configurations. For customers who have complex service provider requirements, VMware and other solutions cannot support a lot of those use cases.

In an upcoming release, they should allow customers the flexibility to use mobile applications where they can go and check on the information about their networks. A lot of vendors, such as Meraki, have a lot more integration with the use of portals to a mobile application. Having this feature as an alternative to logging into a laptop would be beneficial. If you are a SaaS-based company why not make a mobile application as well. You might not be able to do configurations but at least monitor while away or on vacation.

For how long have I used the solution?

I have been using this solution for approximately four years.

What do I think about the stability of the solution?

The software itself is very stable which our customers really like. They do not want to have buggy software or problems. I see the customers choose VMware over others and over time because of positive experiences with use cases, it becomes a trusted vendor and they tend to trust in the name as a brand in the future.

IT vendors are getting much more stable with the code, but nowadays everybody has more attention towards SaaS technology. Networking will just become another bundle to a lot of those providing this type of solution. Many vendors are getting into SaaS solutions and in terms of documentation, code releases, and features, there are probably more advancements. In SD-WAN specifically, a lot more features are moving into SaaS-based solutions. These new solutions are going to get reviewed and push the industries even further towards SaaS solutions it is the future.

How are customer service and technical support?

The technical support is good.

How was the initial setup?

The solution is straightforward to install compared to other solutions, VMware makes setup simple. SD-WAN vendors have a kind of simplicity embedded into them, just because of the nature of the software-defined components into it. 

Which other solutions did I evaluate?

I have evaluated Zscaler and Versa.

What other advice do I have?

The advice to others wanting to implement this solution is not to try and do everything yourself. A lot of customers choose this route and are negatively affected two years later. It is important to do a lot of proof of concepts and testing. Get the solution from a trusted service provider who can manage it for you because these technologies are really complex under the code. Having a trusted service provider who can work with you and can have a lot of benefits. If your company business is not running the WAN links, I would suggest just offload that burden to a trusted service provider because then you can focus on your business. Technologies are complex, and doing all of these operations through your own IP node is complex. A trusted service provider who knows what they are doing can offload a lot of that burden allowing for you to relax and actually focus on your main applications and business.

A lot of customers I have seen in the industry try to do all the operations themselves just because they think that it is good to insource everything. This is one of the areas that you should not be insourceed a hundred percent of your team because these technologies can be extremely difficult to do on a day-to-day basis. Service providers handle hundreds of customers and they know a lot more about what you are doing and can be very useful than if you did it by yourself.

I rate VMware SD-WAN an eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Implementer
Flag as inappropriate
ITCS user
CTO at a tech services company with 1-10 employees
Reseller
Top 5Leaderboard
Works very well in a hybrid environment in terms of DLP policies, but trying to do your own troubleshooting can be a little bit difficult

Pros and Cons

  • "The value in some of these solutions is just the integration of technologies with their on-prem DLP solution. So, you can tie on-prem and cloud DLP policies together. You can apply on-prem policies to the cloud to have consistent policies in a hybrid environment. So, it works very well in that hybrid environment of on-prem and cloud."
  • "They have some room for improvement in terms of being able to do troubleshooting. If you're trying to troubleshoot it, you have to work a lot with their backend people in order to get to a solution. So, trying to do your own troubleshooting can be a little bit difficult."

What is our primary use case?

It is used for remote users. It is called WSS, but it is a cloud-based technology.

How has it helped my organization?

We are trying to get rid of some of the on-prem proxy devices and use the cloud so that it is more cost-effective, and we don't have to manage hardware devices.

What is most valuable?

The value in some of these solutions is just the integration of technologies with their on-prem DLP solution. So, you can tie on-prem and cloud DLP policies together. You can apply on-prem policies to the cloud to have consistent policies in a hybrid environment. So, it works very well in that hybrid environment of on-prem and cloud.

What needs improvement?

They have some room for improvement in terms of being able to do troubleshooting. If you're trying to troubleshoot it, you have to work a lot with their backend people in order to get to a solution. So, trying to do your own troubleshooting can be a little bit difficult.

For how long have I used the solution?

We've been working with this solution for years.

What do I think about the stability of the solution?

It is a pretty stable solution.

What do I think about the scalability of the solution?

It does scale. They have different data centers spread out for you to do things. It scales just fine, but it is the setup and configuration that you have to do in order for it to scale the way you want it to. I know that some of the newer technologies, such as Zscaler, are doing SD-LAN type connections and things of that sort to improve performance and scalability. So, things are still evolving in terms of scalability.

Depending on how you deployed it, you can run into some performance gotchas. If you take a VPN connection and try to overtax it, you can run into problems. You can't say that it didn't scale. You have to use a different method to get the traffic, or you may have to set up two VPN tunnels or things of that sort. So, if you want it to scale, you have to think it through and make sure you are deploying it in a manner to scale. It can scale, but you have to plan it and make sure you think everything through.

How are customer service and technical support?

There was a drop in the quality of technical support during the transition from Symantec to Broadcom, but they are trying to build that back. So, as compared to some of the competitors, their technical support would be a weakness.

How was the initial setup?

Its setup can be straightforward if everything is done properly. We use Proserve for that. Its setup isn't extremely difficult, but you do need to plan it out when you're going to do it and not just do something. So, it has to be thought out, and then it works okay. If you just wing it, you can run into some issues.

What's my experience with pricing, setup cost, and licensing?

It compares well with the competition because they're all priced on a per-user basis. I've seen the rest of them. There is definitely a huge price difference between them.

What other advice do I have?

You have to look at the functions and features you're looking for and make sure that it works for you. Most of the companies get into a bake-off to win it, so they won't lose a deal due to the price. If it comes down to them and a competitor, they're not going to lose a deal because of the price. So, price isn't the biggest thing. It is about the unique features or capabilities that you really require.

Comparing it with some of the other solutions that I've been looking at recently, I would rate it a seven out of 10.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Flag as inappropriate
GL
Infrastructure Manager at a tech services company with 51-200 employees
Real User
Top 5
Scalable with good technical support and very good data leak prevention

Pros and Cons

  • "We've found the solution to be quite stable."
  • "The initial setup is a bit complex in that it takes a lot of time. In order to get the product to work as you need it to, there is a lot of configuration required."

What is our primary use case?

We are primarily using the solution for protecting the navigation of the users. We use it for data filtration and protection.

What is most valuable?

So far, the solution has been excellent.

The solution's data leak prevention is its most valuable aspect.

We've found the solution to be quite stable.

The solution can scale if you need it to.

Technical support is excellent.

What needs improvement?

We're quite new to the service. I haven't noticed any shortfalls or downsides just yet.

The initial setup is a bit complex in that it takes a lot of time. In order to get the product to work as you need it to, there is a lot of configuration required.

The information in the dashboards is not in real-time. Maybe they have a delay of one hour in the network. They have to improve that. It should be in real-time.

For how long have I used the solution?

I've only been using the solution for two months or so. It hasn't been too long.

What do I think about the stability of the solution?

The solution is very good for securing your endpoints. It's stable. We haven't had any issues so far. It doesn't crash or freeze. It's not buggy. There aren't glitches. It's good.

What do I think about the scalability of the solution?

The product has a lot of infrastructure. The scalability potential is very good. If a company needs to expand the solution, they can do so. It's very easy.

We have 103 users right now.

We do plan to increase usage in the future.

How are customer service and technical support?

So far, technical support has been excellent. We're very happy with the level of service we are provided. They are helpful and responsive.

Which solution did I use previously and why did I switch?

We did not previously use a different solution.

How was the initial setup?

The initial setup and implementation are not straightforward. It was complex and time-consuming.

We had to change the way that we navigate things and we needed to install the client on all of the computers. However, it needs a lot of configuration to do the things that we wanted to do.

The full setup and deployment took about one month to complete in total.

Only five people are needed for deployment and maintenance.

What about the implementation team?

We had assistance with the implementation. We had a reseller that assisted us, as well as the provider. Overall, our experience, while working with them, was positive.

What's my experience with pricing, setup cost, and licensing?

We pay a licensing fee of $10,000 on a yearly basis.

There are no costs beyond the standard licensing fees.

Which other solutions did I evaluate?

Before choosing this product, we looked at Zscaler as an option. This solution, according to reviews, seemed to offer more benefits, and therefore we chose to go with it.

What other advice do I have?

We are just a customer and an end-user. We don't have a business relationship with the company.

I'm not sure which version of the solution we're using.

It's a good solution for securing endpoints.

Overall, we've been satisfied with the product. I would rate it at a nine out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
SUDIPTABISWAS
Senior Manager - Information Technology at Emami Ltd
Real User
Top 5
Easy to set up and use, but deep packet inspection is needed and they should have a data center based in India

Pros and Cons

  • "The most valuable feature for us is the DNS-based protection."
  • "This solution does not give us full, 360-degree protection."

What is our primary use case?

We use Cisco Umbrella to provide protection for our end-users. It prevents unauthorized access to their systems, as well as halts access to compromised sites, such as a ransomware site. Essentially, all of the malicious activity is prevented.

What is most valuable?

The most valuable feature for us is the DNS-based protection. It is the only type that is available in India.

The interface is very easy to handle. Even a person with limited knowledge can quickly learn to work with it.

What needs improvement?

Deep packet inspection features should be implemented. This solution does not give us full, 360-degree protection.

They should have a local data center available in India.

For how long have I used the solution?

I have been working with Cisco Umbrella for four months.

What do I think about the stability of the solution?

I haven't experienced any instability.

What do I think about the scalability of the solution?

This is a highly scalable product.

How are customer service and technical support?

I have been in contact with the Cisco technical support, once or twice. They were not big issues, however. Overall, I am satisfied with the support.

Which solution did I use previously and why did I switch?

Prior to Cisco Umbrella, we were using on-premises solutions. The capability is good except that a cloud-based solution can be more easily provided to all of our end-users. 

How was the initial setup?

The initial setup is straightforward and there is no complexity to it. This is a cloud-based system, so just install it, mount it, and the policies get applied. The installation requires that you log into the portal using your ID, and then it just starts working.

Which other solutions did I evaluate?

Zscaler has a local data center available, which is something that Cisco can't offer us at this time.

What other advice do I have?

This is a good product, although it does not have the features that I was looking for. At this time, it does not have the capabilities that are relevant to the Indian market. As such, we are thinking about uninstalling it and switching products.

The suitability of this solution depends on the industry and requirements. It is important to remember that if you start with a product or approach, you may end up switching to something different. That said, if you want to begin with Cisco Umbrella to deal with malware then you can always change later if it doesn't perfectly fit your environment. This is what we are doing.

If I were rating this product on a single capability then it would do very well. However, rating it on multiple capabilities, then there is definitely room for improvement.

I would rate this solution a six out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Get our free report covering Palo Alto Networks, Cato Networks, Cloudflare, and other competitors of Zscaler SASE. Updated: October 2021.
543,424 professionals have used our research since 2012.