We use Zscaler as a secure internet proxy. All of the traffic is filtered through it. We have about 3,000 users at the organization.

All internet traffic goes through Zscaler, which protects the organization's IP, which isn't published publicly. Zscaler's cloud services filter and clear all traffic.

We like Zscaler's traffic filtering, web security, DLP, and IPS features. The real-time threat protection is excellent.

Zscale is providing a proxy IP, and most government sites will block traffic from a proxy. Also, we see some performance issues on the cloud side during DC failover.

We have used Zscaler for around three years.

I rate Zscaler seven out of 10 for stability because we are still having some performance issues.

Zscaler technical support is okay. They have the technical knowledge needed to cover the market.

Deploying Zscaler was moderately difficult. You don't need to create anything. We only needed to forward things to the Zscaler cloud, and they took care of everything on their side. We needed to establish a trusted network and create a channel between Zscaler, the DC, and our on-prem environment.

Zscaler is more expensive than Fortinet or Palo Alto. It's 10 times more expensive than Fortinet. However, it's worth the price because of the cloud security features, and it gives us a single global control, which is why we chose this.

We also looked at Fortinet. We decided to go with Zscalare because we operate across multiple countries and want centralized control from a single dashboard at our headquarters.

I rate Zscaler Internet Access seven out of 10. We need a solution like this these days because we have remote users who need protection.

Primarily, it was to replace our existing on-premises box infrastructure. That's what it started with. And lately, we've been using it more for secure web gateway purposes.

It's primarily meant for perimeter security and the ability to securely access the internet and SaaS applications. So that has definitely helped us get rid of our bulky firewall hardware firewalls, at least for internet access. So that's a cost optimization. And performance. It definitely helps us boost performance.

The ease of deployment is the most valuable feature. All it takes is building a few QRE or ITC tunnels and installing agents. It's a piece of cake.

And the policies are very intuitive and easy to configure, with very little possibility of messing things up. I also like the great analytics and good visibility into the traffic that goes out of my organization.

Shadow ID Discovery is also great for finding out what SaaS applications people in my organization are trying to access.

One thing that needs to be improved is their presence in China. I'm not sure if that's a Zscaler thing or if it's a problem with all vendors in this space, but it would be nice to have better coverage in China.

This concern is a common one for vendors across the board when dealing with the Chinese market. So, currently, there is the Great Firewall of China. This firewall can significantly impact internet performance for users in China. A better presence in China from Zscaler could mean more breakout points between China and the rest of the world.

This would help to improve internet performance for users in China and make Zscaler a more viable solution for organizations with a presence in China.

I started using it in 2015, but then I used it intermittently for the next couple of years. But lately, I've been using it quite a lot. So I've been working with it for about seven years now.

Occasionally, I've faced challenges with applications going down, but these incidents don't usually result in disconnections.

If I were to rate its stability on a scale of one to ten, with ten being the most stable, I would place it around a seven, I suppose.

I've never encountered challenges where a client exceeded the bandwidth or processing limits of Zscaler. When you reach your peak, the solution is flexible enough to handle it.

If necessary, you can provision another circuit to increase your Internet bandwidth and set up an additional enforcement point, which is essentially a Zscaler reinforcement point. So, it's highly elastic and scalable.

I would give scalability a perfect ten out of ten rating.

The customer service and support are fairly good.

In terms of their technical capabilities, response times, and issue resolution, we've had positive interactions with their support.

The primary alternative for Zscaler is Prisma Access. It stands out as the strongest contender. Additionally, there's NetScope in the mix, although it's not a direct comparison. Another player is Blue Coat, or rather Symantec, now Broadcom. They also compete in this space. However, from what I've observed, most clients transitioning from traditional proxy setups tend to gravitate towards either Zscaler or Prisma.

Prisma Access extends beyond mere web security. This puts it in a separate category, making a direct comparison with Zscaler Internet Access somewhat challenging. Prisma offers a broader array of features, including threat profiling, threat intelligence, diverse integrations, endpoint security evaluations, and deep packet inspection. These are areas where Zscaler Internet Access falls short. Zscaler, essentially a cloud proxy, serves a specific purpose.

On the other hand, Palo Alto Networks not only operates as a proxy but also incorporates firewall functionality. It functions as a service, includes VPN replacement capabilities, and encompasses features like antivirus, anti-spyware, and IPS for threat filtering. Palo Alto holds an advantage in these aspects. However, if your primary aim is to replace an on-premises proxy, Zscaler is the way to go. Opting for Prisma Access exclusively for proxy functionalities might prove cost-prohibitive.

I would rate my experience with the initial setup an eight out of ten, where one being difficult and ten being easy to setup.

With regard to complexity, it largely depends on the number of redundancies that you require. For example, if you just have a standby setup with maybe two or three Zscaler enforcement nodes that your tunnels need to terminate on, it's fairly simple.

However, the more redundancy and higher availability requirements that the company has, the more complex it gets. So it can get pretty complicated if you have some crazy requirements with regard to high availability and redundancy.

You just need one person to deploy the solution. One person can mostly do it. A lot of parts as well.

You would require an endpoint specialist; someone who manages the endpoints. Additionally, you might need someone from your SOC to ensure that you're able to ingest all the logs and security alerts that are being dumped into the same solution. Perhaps one or two individuals for testing purposes. The policy installation process is quite straightforward and shouldn't take a lot of time. One person should be sufficient for that.

We deployed the solution ourselves. We have a team of in-house experts who can troubleshoot any issues that may arise. We have also used Zscaler's professional services team on occasion, for example, to help us with sizing and design, or when there are complex requirements from our clients. But for the most part, we're able to handle the ZIA deployment ourselves.

Most standard deployments take around two weeks. For example, I deployed Zscaler Internet Access (ZIA) for my previous organization, with 20,000 users in two weeks. However, I've also seen deployments for 50,000 to 60,000 users that took at least three to four months.

The exact deployment time will vary depending on the size of the deployment, the complexity of the environment, and the specific requirements of the organization.

In a typical deployment process, the first step is to procure licenses. You can either do this yourself, or Zscaler can do it for you. Once the licenses are procured, Zscaler will create a tenant for your organization. This tenant will include the enforcement nodes that will be used to process traffic for your users.

Following this, the installation of Zscaler tunnels transpires, along with the deployment of the Zscaler Client Connector (ZCC) on user machines. Configuration of policies is then carried out, encompassing aspects such as policy definitions and potential additional inspection of HTTPS traffic.

Moreover, ancillary facets are incorporated. These entail the establishment of compatible streaming services and TLS inspection. Integration with the corporate identity provider (IdP) is also a crucial step.

Furthermore, if automation is a consideration, additional automation or orchestration components can be implemented to facilitate automatic policy enforcement. While integration with Extended Detection and Response (XDR) systems is conceivable, this is an aspect I have not personally done. This more or less encapsulates the overall process.

I would suggest knowing the use cases beforehand. Many customers I've seen aren't entirely clear about their specific use cases. They often dive into the product first and then work backward to identify whether Zscaler Internet Access aligns with their needs. Understanding your use cases is essential; it serves as a foundation for determining if Zscaler Internet Access is the right solution. If the required capabilities are already available, or if a few API integrations or lines of code can sustain the existing solution, that's worth considering. This advice isn't exclusive to Zscaler, but I've witnessed clients who become uncertain because they lack the necessary set of use cases that would justify their investment.

Overall, I would rate the solution a seven out of ten for two reasons, namely, the China issue for the improvement section and the pricing is expensive. I am not sure about the exact price, but it is expensive.