Log In
vendor-logo

Zscaler SASE Comparison, Review, Use Cases, News, Pros & Cons

Schedule a Zoom demo
Local sales contact
Request contact

All the tools you need to compare SD WAN vendors. Here's how to start using them now.

  • Use the quick assessment tool and find your perfect SD WAN match
  • View the Marketplace and read extensive research across 30+ solutions
  • Book a Zoom call with an advisor

Learn more about the SD WAN Marketplace, quick assessment and free advisory.

Get everything you need →

Focus

Proposition Focus

35%
35%
20%
10%
SASE Security
Cloud Security
Management Portal
Managed Services

Cloud Focus

40%
40%
20%
AWS
Azure
Google Cloud

Other Focus

20%
25%
30%
25%
Remote Users
ZTNA
CASB
SWG

Summary

Analyst: Abigail Sturt Contact: asturt@netify.co.uk 

If you have questions about Zscaler and how their capability is aligned to your needs, email the Netify research team. UK: uk@netify.co.uk North America: northamerica@netify.com 

(Please use the UK email for ROW - Rest of the World - questions or enquiries)

Categories: 

  • SASE

Sub-categories:

  • SASE Security Vendor 

Pros:

  • Zscaler provides native security within major cloud providers such as AWS or Azure. 
  • Strong remote access offering, leverages cloud capabilities and is able to secure Bring Your Own Device (BYOD) devices as well as corporate managed, regardless of location. 
  • Customer reviews are very positive for Zscaler’s secure internet access offering, as well as support for remote workers. 

Cons:

  • Wide range of service provider and integrator partners to choose from - some clients may find choosing a partner that suits their business needs difficult. 

Netify Review:

Zscaler offer a granular and comprehensive cloud-delivered SASE security solution, with added security services and a cloud-based security stack. The offering is an option for clients with large, multinational corporations who require SASE or granular security to secure their SD WAN network. The company also have strong solutions for remote users, as they leverage their cloud capabilities to offer clients remote access via their Work-From-Anywhere solution (see, How does Zscaler support remote users?). Enterprises looking to secure their distributed mobile workforce or SD WAN transformation, moving applications to AWS or Azure and moving to Office 365 may find Zscaler’s offering to be a useful tool in these use cases. 

However, caution is advised due to Zscaler’s large amount of service provider and integrator partners, as well as a wide range of SD WAN vendor parters. IT managers will have to choose an SD WAN solution to go with Zscaler SASE, and then a service provider or integrator to provide most overlay services. This is a complex task, but can be simplified by using the Netify comparison tool - give it a try here. 

Contents:

  • About Zscaler
  • Zscaler Products and Services
  • Zscaler SASE
  • What ZTNA (Zero Trust Network Access) Solution is Supported by Zscaler? 
  • What CASB (Cloud Access Security Broker) Solution is Supported by Zscaler?
  • What SWG (Secure Web Gateway) Solution is Supported by Zscaler?
  • What FWaaS (Firewall as a Service) Solution is Supported by Zscaler?
  • What NDR (Network Detection and Response) Solution is Supported by Zscaler?
  • What XDR (Extended Detection and Response) Solution is Supported by Zscaler?
  • How does Zscaler Deliver Cloud Security? 
  • What is the Zscaler Managed, Co-managed and DIY Services Solution?
  • What Reporting and Management is Available via the Zscaler Portal?
  • How Does Zscaler Support Remote Users?
  • What is the Zscaler SLA?
  • Which Service Providers and Partners Support Zscaler?

About Zscaler: 

Zscaler is a cloud-based information security company that was founded in 2008 with its headquarters residing in San Jose, California, United States. The company provides 150+ data centres and customers in 185 countries worldwide, as well as cloud-based security products, including SASE and a cloud-based security stack. They also hold a high Net Promoter Score of 76 for customer satisfaction. 

Zscaler Products and Services: 

Zscaler offer comprehensive secure solutions, that can be either integrated with SASE or work as a separate security stack. 

  • Zscaler Internet Access: A cloud-delivered security stack as a service, which is designed to protect remote users who are mobile and connecting to cloud applications - however it can also provide security for branch offices and HQ/IoT. The service includes the following: URL filtering, CASB, cloud firewall/IPS, DLP, CSPM, sandboxing, browser isolation and full SSL visibility. 
  • Zscaler Private Access (ZPA): Provides ZTNA for private applications, offering seamless zero trust access to private applications running from within the data centre or out of the public cloud. Customers are able to connect to applications via inside-out connectivity as opposed to extending the network to them, by preventing applications from being exposed to the internet, making them completely invisible to unauthorised owners. The ZTNA approach supports both managed and unmanaged devices and any private application. 
  • Zscaler Business to Business: Designed to provide a consumer-like experience without putting businesses at risk. The service is delivered from the cloud and provides business customers with secure access to applications via the internet, regardless of whether they are hosted in private or public clouds, or the data centre. Based on service-initiated ZTNA architecture, the product uses business policies to securely connect an authenticated customer to an authorised application - avoiding the need to expose the application to the internet. This brings the cloud closer to customer access, in order to eliminate the complexity of legacy networks. 
  • Zscaler Cloud Protection: A service to ensure that cloud applications are correctly configured. This product consists of four solutions combined into one service: secure app-to-app communications, secure workload configurations, eliminate lateral threat movement and secure access to cloud applications, each of which help to reduce the risk of security breaches due to misconfigured cloud applications. The service also includes: Zscaler Zero Trust Exchange, Zscaler Workload Posture, Zscaler Workload Communications, Zscaler Private Access and Zscaler Zero Trust Exchange as well as Workload Segmentation.
     
  • Zscaler Digital Experience: Resolves user experience issues by analysing and troubleshooting. The cloud-based service provides endpoint monitoring, cloud path analytics, digital experience store and application monitoring. Fast deployment is provided by instrumentation that begins at the Zscaler Client Connector, and the entire service can be integrated on top of the Zscaler Zero Trust Exchange.
     
  • Zero Trust Exchange: Clients can enable fast and secure connections that allow employees to work from anywhere, by leveraging the internet as a corporate network, using Zscaler’s zero trust network architecture, with policy enforcement and context-based identity. Makes use of the Zero Trust Exchange which operates 150 data centres worldwide, ensuring a fast connection by keeping users close to the service. Also offers colocation with cloud providers and applications that users are accessing (for example, AWS or Microsoft 365), which guarantees that the shortest path between users and destinations will be used.
     
  • Zscaler Client Connector: Formerly known as Zscaler App, the Zscaler Client Connector supports remote workers by connecting workforces to business applications from any device or location. The application sits at the endpoint device and enables business workforces to connect remotely, regardless of what application is being accessed or device is being used. Complies with BYOD, RF Scanner, POS System, corporate-managed or RF scanner, sending traffic to the nearest Zscaler service Edge, determining if a user is looking to access a SaaS application, internal application, data centre, a public or private cloud or the open internet. User traffic can also be auto-routed via the correct Zero Trust Service, which includes Zscaler Internet Access for SaaS and secure internet access, or Zscaler Private Access for secure access to internal applications. Visibility insights are also available with the Zscaler Digital Experience.
     
  • Privacy and Compliance: Zscaler compliance enablers ensure that products adhere to government and commercial standards. They are designed to focus on regulations such as: ISO 27001, ISO 27701, SOC 2 and Fed Ramp. Global Commercial Certifications are: ISO 27001, ISO 27701, ISO 27018, ISO 27017, SOC 2, SOC 3, CSA - Star and Sensitive Data Handling Assessment. Global Government Certifications include: GDPR, Fed Ramp, FIPS 140 - 2, IRAP, ITAR, CJIS, VPAT/Section 508, NCSC Certificate, TIC 3.0 vendor overlay, NIST 800-63C, PIPEDA, APPI, CCPA and the Australian and New Zealand Data Privacy Shield. There are also a number of white papers and attestations  that Zscaler complies with, such as HIPAA, PCI DSS, APRA and the Modern Slavery Act.
  • Secure SD WAN Solution: Zscaler offer clients SD WAN security, working with vendor partners Silver Peak, Cisco Viptela, Velo Cloud and more (see, Which service providers and partners support Zscaler?). By using Zscaler security, clients can enable secure internet breakouts without the issues commonly associated with legacy products. Because it is cloud-delivered and leverages software-defined policies to route traffic, the solution simplifies branch office functions, and supports remote users.

Zscaler SASE:

Zscaler offer a granular and comprehensive SASE security solution, which they call their Cloud Security Platform. The solution is globally available, ensuring high performance for users world-wide by accessing peering with hundreds of partners in major internet exchanges around the world - delivered across 150 data centres worldwide. 

The SASE offering includes native multi-tenant cloud architecture, for dynamic scalability on-demand, and a proxy-based architecture that inspects encrypted traffic at scale. It also brings security and policy close to the user to eliminate unnecessary backhaul, with ZTNA and a zero attack surface which avoids exposing your source networks and identities to the internet, preventing targeted attacks. 

The Zscaler SASE solution can be deployed and managed as a cloud-delivered and automated service. It provides low latency and optimal bandwidth by bringing the user closer to security and policy across 150+ locations, with security being built into the fabric of the platform to ensure that all connections are secured and inspected. 

SASE Features: 

  • SSL Inspection: SSL inspection will locate and analyse SSL-encrypted internet traffic communications between the server and users.
     
  • Bandwidth Control: Allows clients to prioritise business-critical applications over other traffic- for example, users may prioritise Office 365 over YouTube.
     
  • Advanced Threat Protection: Constantly protects against zero-day threats, unknown malware and ransomware, by analysing all packets from users, both on and off-network. Also capable of inspecting SSL.
     
  • Machine Learning Security: Cloud-scale machine learning to protect against security threats. Designed to react to phishing, ransomware and malware attacks quickly by identifying threat patterns across volumes of data in order to block advanced threats without the need for human interaction.

What ZTNA (Zero Trust Network Access) Solution is Supported by Zscaler?

Zscaler provide cloud-delivered ZTNA, which creates secure connections between users and applications, regardless of location. It allows users to verify identities, improve and adapt visibility and set contextual policies.

What CASB (Cloud Access Security Broker) Solution is Supported by Zscaler?

Provides security for PaaS, IaaS offerings and SaaS applications. Real-time visibility and the ability to control access and user activity across sanctioned and unsanctioned applications is also provided. Also includes inline data protection capabilities to eliminate overlay architectures and proxy-chaining which have the potential to break SWG implementations. Out-of-band data protection (data at rest) capabilities leverage API integrations to look inside IaaS offerings and SaaS applications - for example, AWS S3, in order to identify exposed or sensitive data and compliance violations.

What SWG (Secure Web Gateway) Solution is Supported by Zscaler?

A cloud-delivered secure web gateway, preventing users from accessing potentially malicious web traffic from the internet and in the cloud itself.

What FWaaS (Firewall as a Service) Solution is Supported by Zscaler?

The Zscaler Cloud Firewall is designed to replace legacy firewall technology. The solution enables users to secure off-network connections as well as local internet breakout, for all user traffic without appliances. The firewall is scaleable across all ports and protocols for all cloud application traffic - can also be used in remote locations as well as branch offices.

What NDR (Network Detection and Response) Solution is Supported by Zscaler?

Zscaler offer NDR solutions via their partnership with Vectra. The hybrid product combines Vectra Network Detection and Response with Zscaler Zero Trust platform and enables users to identify and remove security threats early on in the kill chain. This allows for improved network performance, as applications remain accessible whilst security threats are removed before they become a major problem. 

What XDR (Extended Detection and Response) Solution is Supported by Zscaler?

Zscaler offers integrated XDR services provided by their technology partners SecBI and Secureworks. The SecBI solution leverages machine learning in order to identify malicious behaviour, collecting it and using related stored data to remote the threat. Secureworks XDR collects and analyses data, and provides an alert should anything suspicious be found. 

How does Zscaler Deliver Cloud Security?

Zscaler is able to access cloud vendors via Zscaler Internet Access for SaaS applications and open internet. Vendors can also be accessed through Zscaler Private Access for secure access to internal applications in auxiliary storage or data centres without the need for a VPN or network access. 

  • AWS: Zscaler is an AWS Advanced Technology Partner as well as an AWS Certified Cloud Practitioner. Utilising application segmentation, zero trust access policies and one-time login provides a single service, secure access and visibility into applications on AWS or hybrid IT environments. 
  • Microsoft: Zscaler is a Microsoft Azure partner, certified networking partner for Office 365 and integrations available via the Azure marketplace. Zscaler are able to access over 20 globally peered Microsoft Cloud data centres to provide secure access to private applications on Azure.   Shadow IT and cloud applications are able to be controlled both on or off the network and the Zscaler client can be deployed onto Intune-managed iOS devices. 
  • Google: Zscaler is a Google Cloud Security Infrastructure Partner. Google Cloud tools enhance Zscaler security services. 

Zscaler offer a wide range of cloud-based security technologies. These include: 

  • Cloud Configuration Security/Cloud Security Posture Management (CSPM): Protects access routes to SaaS applications, Azure, Google Cloud Platform and AWS. It reduces risk by remediating misconfigurations in SaaS, PaaS and IaaS applications, whilst maintaining a sound security posture. The solution covers 2,700 pre-built policies mapped across 16 standards, which include CIS benchmarks, SOC2, NIST, PCI DSS and AWS best security practices. The product is part of the cloud-delivered data protection capabilities in the Zscaler Zero Trust Exchange.
  • Cloud Identity And Entitlement (CIEM): Allows clients to control access to all resources, clouds, identities and APIs. Provides zero disruption to DevOps teams. A component of the Zscaler Cloud Protection solution.
  • Cloud Data Loss prevention (DLP): Protects sensitive data in all cloud channels, including confidential, health and personal data. Leverages advanced features such as machine learning, Exact Data Match (EDM) and Indexed Document Matching (IDM). Works with office and remote workers.
  • Cloud Browser Isolation: Isolates users and endpoints from active content, in order to protect from zero-day vulnerabilities, unsanctioned plug-ins, ransomeware, data theft and more.
  • Cloud Sandbox: Designed to prevent patient-zero attacks, including automated quarantine of high-risk unknown threats and instant verdicts for common file types. This service is integrated with the Zscaler cloud-native security platform.
  • Cloud IPS: Zscaler Cloud IPS is delivered from the cloud, which allows it to provide security for all users in office, or in remote locations. Protects from botnets, zero days and advanced threats, and provides contextual information about the application, threat and user - delivered as a service.

What is the Zscaler Managed, Co-managed and DIY Services Solution?

Zscaler’s security cloud is offered as a managed solution that includes cloud intelligence, native SSL inspection, real time threat correlation and over 60 industry threat feeds. Security advisories and tools are offered by Zscaler’s ThreatlabZ security research team, highlighting vulnerabilities and providing free browser plug-ins to negate threats. This managed service solution, as well as many others, is available from one of Zscaler’s managed service provider partners.

What Reporting and Management is Available via the Zscaler Portal?

SD WAN/SASE reporting and management is available via the applicable third party provider portal. Zscaler do offer however, the Zscaler Digital Experience. This cloud based service provides CloudPath Analytics, Digital Experience Scores, Application and Endpoint Monitoring. These services are provisioned via a unified dashboard to enable efficient troubleshooting and resolution of connectivity issues at the user end.

How does Zscaler Support Remote Users?

Zscaler Work-From-Anywhere supports remote users by providing secure access to all applications, with cloud identity access management, data protection, visibility and troubleshooting and cyberthreat protection. Remote users still get fast and direct access to applications such as Microsoft 365 or Zoom, and can use BYOD devices. Leverages Zscaler SASE cloud-native services architecture.

What is the Zscaler SLA?

Below is a table displaying the main focus points of the Zscaler Service Level Agreement (SLA). 

Zscaler Support

Standard 

Premium 

Premium Plus

Access 24x7x365

Phone / Web Portal / Admin UI

Online Training, User Guides, Articles 

Support Experience Levels 

Level 1 Engineer (Pool)

Level 2 Engineer (Pool)

TAM (Designated liaison - business hours)

TAM Engagement 

 

 

Consulting, troubleshooting, and weekly operational review 

SLA Goals 

P1 Response

2 hrs

30 min

15 min

P2 Response

4 hrs

1 hrs

30 min

P3 Response

12 hrs

3 hrs

2 hrs 

P4 Response

48 hrs

4 hrs 

4 hrs 

Zscaler support tiers (Zscaler, 2020.) See more at: https://www.zscaler.com/resources/data-sheets/zscaler-premium-support.pdf

Which Service Providers and Partners Support Zscaler?

Zscaler has a wide range of partnerships with integrators and service providers. The partnerships are divided into the following categories: System Integrators, Technology Alliances, and Service Providers. Please see below for details: 

System Integrators:

  • Accenture 
  • Atos
  • Cognizant
  • Deloitte 
  • NTT
  • HCL
  • Infosys
  • TATA Consultancy Service 
  • Tech Mahindra 
  • Wipro 

Technology Alliances:

  • Aruba 
  • AWS 
  • Crowdstrike
  • Microsoft 
  • Splunk 
  • VMware 

Cloud:

  • AWS
  • Box
  • Dropbox
  • Google 
  • GoToMeeting
  • Microsoft
  • Servicenow
  • Slack

Data:

  • Box 
  • Dropbox
  • Microsoft
  • Proofpoint
  • Servicenow
  • Slack 
  • Varonis 

Endpoint:

  • Crowdstrike 
  • IBM Security 
  • Microsoft 
  • Mobileiron 
  • Samsung Knox 
  • SentinelOne
  • VMware Carbon Black Cloud 
  • VMware Workspace ONE

Network:

  • Arista 
  • Aruba 
  • Aryaka 
  • Cisco 
  • Citrix 
  • Cloudgenix 
  • Cradlepoint 
  • Fat Pipe 
  • Fortinet 
  • Infovista
  • Lancom 
  • Ngena 
  • Nuage Networks 
  • Oracle Talari 
  • Riverbed 
  • Silverpeak 
  • VMware 
  • 128 Technology 

Identity:

  • Ca Technologies 
  • Cyberark
  • IBM Security
  • Microsoft
  • Okta
  • One Login 
  • Ping Identity 
  • SailPoint

Operations:

  • Anomali
  • AT&T Security 
  • BT
  • Cyware
  • Demisto
  • D3 Security 
  • EclecticIQ
  • Exabeam
  • Expel
  • Firemon
  • Gigamon
  • IBM Security 
  • INTsights 
  • LogicHub
  • LogRhythm
  • Microsoft
  • Recorded Future 
  • Redseal
  • SecBI
  • Seclytics
  • Secureworks
  • Servicenow
  • Siemplify 
  • Skybox
  • Splunk
  • Sumologic
  • Swimlane
  • ThreatConnect
  • Vectra 
  • Witfoo

Service Providers (Global):

  • AT&T Business 
  • BT
  • Orange Business Services 
  • Sprint Business 
  • TATA Communications 
  • Deutsche Telekom 
  • Eleven Paths 
  • Verizon 
  • Vodafone 

Service Providers (Regional):

  • A1
  • Altice empresas
  • Centracomm
  • Colt
  • Global Cloudxchange
  • IS
  • O2 Business 
  • Swisscom

Comparisons

Current Vendor
Zscaler

Add to Compare

Additional Vendors

Add to Compare

VeloCloud

Add to Compare

Aryaka

Add to Compare

Zscaler

Once you have submitted, Netify will use your IP location to put you in touch with your local Zscaler contact.

Once you have submitted, Zscaler will be in contact to provide availability. Your data will not be shared outside of Zscaler and you will not be added to any mailing lists.

Please provide the following details:

Compare Vendors
Compare
Remove All