Netskope Private Access Reviews

We are replacing traditional VPN access with a more robust and secure solution. The goal is to implement Zero Trust Network Access (ZTNA) to improve security and policy enforcement. This change involves replacing traditional VPN (Virtual Private Network) access with a more advanced solution and following the principles of Zero Trust Network Access (ZTNA), which means that trust is not assumed based on network location or user identity.

When you are implementing a private access solution, regardless of the specific provider (e.g., Zscaler, Palo Alto, Netskope), the main focus on application-based access control and security. The primary objective is to establish security policies that enable secure access to applications based on user requests, regardless of the application's location or the underlying technology used. This approach ensures that communication with applications is facilitated securely, regardless of the technical details or geographic location.

The main challenge we are facing across various Trust Network Access (TNA) technologies, including Netskope, is their inability to support broadcast applications or those relying on broadcasting protocols. These applications, such as security cameras and voice systems, require server-initiated connections, which TNA solutions, including Zero Trust Network Access (ZTNA), often do not handle well. This limitation becomes particularly problematic when dealing with legacy applications that have been in use for decades, featuring encryption, hashing, and other custom protocols that don't align with modern standards like HTTP version two.

I have been working with it for five years.

It is a stable solution.

While the initial setup is relatively straightforward, the complexity lies in developing and maintaining the security policies. The transition from traditional VPNs, which provided full network access, to Zero Trust Network Access (ZTNA) solutions like Netskope's Private Access involves a shift towards granular, application-specific policies. This requires defining various parameters such as user identity, group permissions, destination applications, authentication methods, and time-of-day restrictions for each policy. The challenge arises when organizations, in a rush or due to time constraints, attempt to recreate a VPN-like access setup within the ZTNA framework. This negates the security benefits of ZTNA. There are notable advantages to ZTNA solutions like Netskope Private Access. They automatically detect a user's location, whether on-premises or off-premises and initiate connections accordingly. This seamless approach eliminates the need for users to manually toggle VPN connections based on the application they are accessing.

It is not the most expensive option, being more affordable than Zscaler, but it's also not the most budget-friendly choice available.

Netskope and Zscaler have a significant advantage in the realm of cloud-based security solutions because they were born and developed in the cloud. Unlike traditional solutions like Palo Alto or Cisco, which have historical dependencies on classic firewall technologies, Netskope and Zscaler have designed their frameworks entirely around the cloud. This cloud-native approach allows them to offer more agile and robust solutions, free from the limitations of older technologies. For organizations looking to embrace cloud-centric security, Netskope and Zscaler are attractive options due to their fresh and forward-looking approach.

The main market differentiator between the solutions lies in their Data Loss Prevention (DLP) capabilities. While Netskope initially lagged behind Zscaler and other competitors when it started, it has since caught up and is now a strong contender in the market, particularly due to its DLP features. It is a solid solution, and its integration with DLP can be a significant selling point. On a scale of ten, it would be rated at around seven. In the Australian market, there may be a preference for other options.

Netskope Private Access is generally used to migrate customers from legacy VPN solutions they are currently using. We approach them to migrate to us to meet compliance standards and have secure connectivity. 

Parallelly, it is used specifically for customers using VPNs, as Netskope Private Access provides outbound connectivity only. We acquire these customers who need this type of service.

There are five standout features in Netskope Private Access. First, it has a planned-out architecture, which means there is no inbound connectivity. All user checks, compliance, and security checks are done at the cloud level. There is no inbound connectivity to the network.  There is only outbound connectivity.

Second, when a user is provided with Netskope Private Access, they can only access the specific private access granted to them. They don't have the ability to move laterally, which eliminates the risk of unauthorized access. 

Third, unlike traditional VPNs that require high maintenance, Netskope Private Access only requires a simple VM that doesn't need much maintenance. There are no additional maintenance charges for that. 

Also, unlike other solutions that place VPN concentrators in the environment, Netskope is more cost-effective. The fourth is for the pricing standards of this solution. The support is aligned with standard pricing, whereas VPNs tend to increase pricing due to maintenance charges.

Lastly, when using a VPN, users are limited to a specific bandwidth. For example, if there is a total bandwidth of 50 Mbps, the VPN will divide that bandwidth among the users. In contrast, with Netskope Private Access, each user has their own internet visibility and can access their private apps without bandwidth limitations. This eliminates latency concerns when multiple users require higher bandwidth.

Netskope Private Access needs improvement in the on-premises check. When users are out of the network, it's self-explanatory that they will be connected to their private app via the network. The area for improvement is that Netskope Private Access currently supports only one DNS mapping for an IP address. 

This means that when users are on-premises, Netskope needs to turn off its Private Access tunnel since users can access the private apps locally. 

Currently, Netskope Private Access allows mapping only one DNS server. If a user uses a secondary DNS on-premises, Netskope fails to disconnect them. This is an issue that needs to be addressed.

I have been using this solution for two years. I have been involved in the implementation and providing support. Currently, I am working on POCs and have been appointed as a previous lead for Netskope.

In terms of stability, I would rate it around nine out of ten. The only reason I'm deducting one point is because of the occasional switch between data centers. 

With Netskope Private Access, the traffic is routed through a tunnel to the Netskope cloud, which then directs it to the data center. If a user is connected from a mobile location, they will hit the nearest data center.  However, in rare cases where the data center fails, the traffic needs to be rerouted to a secondary process, causing a temporary disconnection for the NetSuite Private Access users. 

Although this is uncommon, there was one incident in the past 90 days where the data center failed, but the user was automatically switched to another data center. The only inconvenience occurred because their ongoing session was long. Overall, stability is excellent, and I'm using it with confidence.

I would rate the scalability of Netskope Private Access as a ten. It's not a problem because a single Netskope publisher has a throughput of 500 Mbps and can handle up to 32,000 concurrent connections. It works in an active fashion, so even if one publisher goes down, another one automatically switches to ensure there is no latency or disruption. 

In terms of scalability, it's excellent. We have several companies as customers. In one specific company, there are approximately 6,000 users. So our organization can handle a scale of 6,000 to 8,000 users without any issues, so it can handle even larger deployments.

Regarding technical support, there were a few issues. Earlier, Netskope Private Access could be deployed and sent to a provider with different prerequisites, including CentOS. Right now, the current requirement specifies that CentOS is no longer supported with Netskope Private Access. Users now need to have Ubuntu. In this case, there were challenges for our customers who needed to migrate their existing architecture or face registration problems. Our support team assisted them with these issues and provided the necessary technical support, especially regarding connectivity loss and resolution. Once the migration was completed, there were no further problems in the reference zone.

The initial setup of Netskope Private Access is pretty simple and straightforward. You just need to register one machine, create policies, and you're good to go. 

The user interface of Netskope Private Access is very user-friendly, and the provided documentation is easy to follow. It allows anyone to create a private app and manage accessibility. In terms of initial setup, Netskope Private Access is currently leading compared to other solutions.

Netskope Private Access is deployed in two ways. Firstly, as a Netskope client on users' machines who want to access their private apps through Netskope Private Access. Secondly, Netskope Publisher can be deployed on various platforms, including public clouds like Azure, AWS, GCP, or even third-party clouds like Oracle Cloud. It can also be hosted on-premises. Users generally connect to the publisher through the Netskope Cloud to access their desired services.

The deployment of Netskope Private Access is quite fast. It typically takes around 30 minutes. Within this time, I can deploy the publisher in just 15 minutes, then spend the next five minutes defining policies and configuring the app. The remaining five minutes are used to apply the policies and ensure the desired level of access. Overall, it's a straightforward and efficient process.

When it comes to pricing, Netskope Private Access is relatively cheap compared to other solutions. We highly recommend it because it is cheap. It is a per-user-based per-year license. 

The pricing is based on a per-user basis, making it cost-effective, especially for organizations with a large number of users. This pricing model is not a problem for us, and we find it to be very reasonable compared to other solutions. In fact,  Netskope has started acquiring existing customers in India due to its competitive pricing.

We are a partner with Cisco. Our company is partnered with JetBlue, Flex, CrowdStrike, vScaleability, SentinelOne, Fortinet, Forescout, and Zscaler. We also deliver customers with Netskope. However, when comparing the pricing of different solutions, we find Netskope to be cheaper. Since we sell both Netskope and other products, we have a good understanding of the pricing models offered by each provider.

Overall, I would rate the solution a nine out of ten. 

I use Netskope Private Access for VPN access. 

Netskope Private Access has a good UI and is easy to implement. It has good features and support. 

The solution needs to develop faster features. Its interoperability feature is not working. It takes six months to one year for any product to implement the improvements. However, the process should be faster to implement the changes quickly. 

I have been using the solution for a year. 

Netskope Private Access is stable. We have experienced a couple of outages, but they did not impact business. 

The solution is scalable. My company is a large organization, and we have over 2,000 users. 

My company selected Netskope Private Access because of its features and cost. 

The tool's installation is easy. They have an easy GUI and fool-proof documentation. You can find the knowledge base and start implementing the product. 

The tool's price is normal. It is not very cheap but good compared to the competitors. 

I rate Netskope Private Access a nine out of ten. 

We are using the solution as a VPN. 

We can block and alert the ports and allow the public traffic software in our environment. Thus, we can separately provide the port numbers and that is a valuable feature. 

The major problem that we are facing is if we deploy Netskope on the server level or if we get a new server in the EMEA factor, it will affect all the machines. Recently, this has caused us to fail some reviews.

Apart from that, sometimes Netskope isn't reachable from the client end. This happens when we sometimes try to reach them regarding an issue and troubleshooting request.

In the future, I would like to see a dashboard monitoring feature. If there are any human vulnerabilities, we will be able to see and monitor the kind of traffic with thought information, attacks, or requirements. 

I have been using Netskope Private Access for three years. 

The solution is stable. 

It is a scalable solution. Presently, 1,400 users are using the solution. 

The technical support team sometimes take too long to respond to queries. 

Neutral

The initial setup is straightforward. We have Netskope configured with CentOS. We get a pop-up from the Cisco publisher.

The pricing is cheap. 

I would advise that you set up any one of the POCs before going to deploy any environment. We use it continuously and monitor continuously where there's data in effect on our systems and quality balancing with the security parameters. You should verify all those things before going to configuration. 

I rate the overall solution a seven out of ten. 

In the firewall, we don't have a user-based policies list, and we can't create them. Netskope helps us to create user-based policies. For example, if there are specific teams like HR or more than nine teams, and we want logs from access over particular URLs, and we don't want to allow that specific URL for certain users, we can create these policies in Netskope. It's handy, easy to use for new users, and has a cool GUI interface. We can create multiple policies, and as for the proxy, it's a leading solution. 

Overall, it's user-friendly and beneficial for organizations requiring a proxy to modify data flowing through the Internet. Netskope has become a beneficial solution for them.

In terms of market leadership, it seems to be lagging behind. Zscaler has taken over the ownership because they've launched multiple solutions, whereas Netskope hasn't launched as much. 

So, in my opinion, Netskope may require some R&D effort from the development team to stay on track. When they partnered with Meta, their graph didn't improve much. 

Zscaler is leading because of diversity and better security. In my conversations with customers across the globe, especially in the APAC, Dubai, Singapore, and Indian regions, Zscaler is more commonly used than Netskope in larger organizations. Netskope is good for smaller organizations due to its cost-effectiveness, but for larger ones, the customers prefer everything in a single place.

Netskope seems to be lagging behind, especially after its partnership with Meta.

I used this solution for three years.

I would rate the stability around seven out of ten.  Sometimes, we face some difficulty, but it depends upon the complexity of the environment. Because it's not that much complex, we are able to troubleshoot each and every issue on our own by going to the Action Center and then the Netskope IT section. There is a filter option with the help of the logs, and then we can check where the traffic is getting logged or something like that without Wireshark as well. 

But in a complex environment, we might require tech support as well. So it totally depends upon the customer's environment.

I would rate its scalability around eight out of ten. However, larger companies might find some challenges due to the need for more complex architectures and approvals.

I have a good experience with customer service and support. They do their best to make things possible because it's their job, and they have to resolve the ticket within a service.

For proxy purposes, I have used Netskope. Otherwise, I have worked on multiple devices like Cisco DNS centers, Cisco for SD-WAN, and FortiGate firewalls. And for email security, I was using Proofpoint.  

So, I work on multiple devices in the test environment.

It's been quite easy to use. The deployment usually takes around one month. Because we need to design the architecture in such a way that multiple approvals are required for that. Post that, we can integrate it into our environment. 

If you have a single office, then it is easy to set up in the architecture. But if you have multiple offices, then you have to check and decide on multiple POCs and multiple SOPs. We need to see and create; the installation usually takes one month. But before that, we require some documentation purposes that might take, for it depends on the organization to organization. So it might take two to three months.

It's a bit cheaper and a bit more cost-effective than Zscaler.

Overall, I can rate it around eight out of ten because no product is 100% accurate.  

I advise you just to brush up on the basics because it is not as difficult as a firewall or the ECLs in Cisco because it has a GUI-based architecture. So, most of the troubleshooting from the customer's perspective can be done by clicking on the GUI. But if any issue arises, I would say that someone just focuses on the basics of the DNS, TCP/IP, and proxy as a product.

These are the main focus areas that you need to understand initially if you want to go ahead and implement these things. Because everything you do in a complex environment, you can usually use Wireshark to check where it is getting dropped and whether the ETL is allowed or not. That is all the same. Whether it's the same packet, the TCP handshake is there, or the DNS is all in. Everything which you can be on over the Wireshark.

So, I would suggest for the newcomers or the beginners just to focus on the basics. Once you focus on the basics, you will have a clear understanding of how all these flows take place, then you can easily learn any product within two to three months. There is no more than that because every organization will provide tech support if it is a product-based organization.

Usually, it will provide you with basic training for one or two months. So, that will be good.

We're one of the handful of partners in Canada for Netskope. We're a platinum partner, and we do the architecture design and provide other services to our clients. We also use this solution internally because my company is 100% SaaS, and DLP, governance, and all that stuff is very important to me.

They have improved the end-user experience as people are working from home. It is a huge platform for secure remote workers. One of the big issues that people have with Microsoft 365 is how poor the latency is. When we show clients that they are not only secure and protected, they are also going to improve their latency because they are not even going to be using the actual network, and they are going to use Netskope's 200 points of presence to securely access 365, people are kind of blown away.

With private access or next-gen VPN, they are able to keep you secure, but they are invisible in terms of how they do it. Anybody working from home and trying to bring up VPN quickly can pretty much get VPN up and running in a matter of minutes because this doesn't require any VPN technology on-prem. All the VPN technologies that you're using to access applications on-premise can be eliminated by using their software. If you're accessing Microsoft 365 or salesforce.com, you can go straight out from your home office or home internet to that application rather than having to come through a VPN. It still has all the policies enforced, and it mitigates any business risks in terms of how that user is accessing that application and what they're doing inside of it. VPN piece is really critical, especially at this time of Covid, and your latency also goes down.

Your latency gets better by using the platform because they're intercepting your traffic, routing it through their local data center, and then sending it to whichever SaaS service or whatever you're going to. It does it better, faster, and quicker with all your governance policies enforced, rather than you having to go through your data center. So, all the traffic gets hauls there, and then that traffic has got to route somewhere else, and then it has got to go up to the cloud. Your latency actually goes down. They can guarantee 15 milliseconds or less pretty much across anywhere on the planet for about 95% or 90% of it.

I would like to see them go down the path of including SD-WAN. Currently, they don't do SD-WAN. If they could somehow natively do that inside of the platform, that would be amazing. I don't know if they're going to do it, but it would be amazing if they do.

I have been using this solution for two years.

There is a cloud GUI, and we push out the link from the company or internally through the mobile device management (MDM) platform. People just simply click on the link, or it can be just automatically enforced and loaded onto all the devices. It is a very lightweight link that takes up nearly no CPU.

They do one software or one platform. They are the leading CASBY platform in the world. What they can do, nobody can do. They've advanced their software over the last several years to allow people to also do secure web gateway. Now, they're competing with Zscaler, but Zscaler can't do CASBY the way they do. 

There is private access VPN, and there's also a feature for a public cloud. For a public cloud, they can continuously monitor or assess any misconfiguration in AWS EC2 instances, Azure, or Google, and correct it. They are also expanding. They can also help you with compliance. Let's say that MIS3 was secure on February 4th and didn't have any misconfigurations, they can do compliance based on the audit trail or breadcrumb trail. It is probably coming sometime this summer, and it is their version of the next-gen firewall. To do what they can do with one software, Palo Alto had to buy seven companies for their Prisma Platform.

I would rate Netskope Private Access a ten out of ten.

With NetSkope's ZTNA, a huge amount of VPN can be saved. If I opt for a traditional VPN, then I need to purchase a user-based license to use that VPN solution, and it would also cause my users to dial the VPN client every day, which my users won't have to do if they opt for ZTNA from Netskope. ZTNA from Netskope just pushes one configuration profile onto a user's computer, after which the user gets access, along with the access policy on Netskope's portal.

My company uses the solution for the private compute applications, which we have hosted on the cloud platform. To privately access private compute applications, my company uses ZTNA.

In general, with the help of the product, my company is easily able to access private compute applications.

The product is not easy to use. The product needs to be made easier to use.

I have been using Netskope Private Access for two years. I am an implementer of the product.

It is a stable solution.

It is a scalable solution.

The initial setup of Netskope Private Access was very easy.

For the deployment process, you need to deploy a publisher that is provided by Netskope on your cloud platform or the on-premises setup you have. After that, we need to register our applications with the publisher in Netskope's portal, after which we simply need to create the policy for its users. Netskope provides its portal in the cloud version. If I need to access my cloud resource, which is hosted in Azure or AWS or any other cloud platform, then for such a cloud platform, I need to install the publisher from Netskope to create a secure VPN tunnel between Netskope and my platform or the cloud service provider.

Not a lot of people are required for the deployment process since it is very easy to do. One or two people can manage that product after implementation.

I believe that the price for Netskope Private Access is included in the features or functionality my company purchased from NetSkope.

There is no maintenance required for the product.

I recommend the product to those planning to use it.

Most of my company's customers had purchased the solution and got it implemented.

I rate the overall product a ten out of ten.

We use the solution for digital transformation for everyone working both on the perimeter and on homework assignments, accessing apps within proprietary work servers, and putting a publisher behind those servers to secure field trust access.

The most valuable feature is being able to see who is accessing the application, whether it is a managed device or a bring-your-own-device published by Netskope.

The cost has room for improvement. There are cheaper options available.

I have been using the solution for six months.

The technical support is fast even here in Mexico and we have Spanish-speaking engineers.

The setup is straightforward and simple. One of my key advantages over other brands is that I only have one console, where I can create a unified policy across NPA, DLP, and other solutions such as the next generation. This allows me to make one policy across my portfolio.

I give the solution a ten out of ten.