Zscaler Zero Trust Exchange Platform Reviews

Zscaler Zero Trust Exchange Platform is used to provide secure internet access and Zero Trust based application access for enterprise users, especially in the banking sector. The platform enforces security policies for outbound internet traffic, including URL filtering, SSL inspection, threat prevention, and Zscaler Private Access to provide secure, VPN-less access to internal applications. Instead of using traditional VPN, applications were segmented and published through Zscaler. Access is granted based on user identity and device posture, allowing users to access only specific applications rather than the full network.

Some of the best features of Zscaler Zero Trust Exchange Platform are centered around security, user experience, and the simplicity of deployment. One key feature is Zero Trust access, where users receive access to only specific applications instead of the full network, which significantly reduces the attack surface. Another important feature is the use of app connectors, which establish outbound connections only, so there is no need to expose internal applications to the internet, improving the overall security posture. Zscaler Private Access also provides identity-based access control where access decisions are based on user identity, device posture, and policies rather than IP address. From a user experience perspective, one of the best features is seamless access without VPN, removing the need for manual connections and improving performance. Additionally, it offers application segmentation for granular access control, scalability through cloud-native architecture, and integration with identity providers such as Active Directory and Azure AD. These features deliver secure, fast, and user-friendly access to internal applications.

A significant improvement in user experience occurred after moving from traditional VPN to Zscaler Private Access. Initially with VPN, users faced issues including slow connectivity, especially during peak hours, full network access which increased security risk, frequent VPN disconnects, and login delays. After implementing Zscaler Private Access, the feedback was largely positive. Users experienced faster and more stable access to applications since the traffic is routed directly to the application instead of the entire network, eliminating the need to manually connect to the VPN. Access became seamless in the background, improving overall security as users could access only specific applications rather than the full network. From an IT and security perspective, there was a reduced attack surface, better visibility, and controlled use based on user identity, as well as fewer support tickets related to connectivity issues. The transition improved both user experience and security posture, and adoption was smooth after initial onboarding.

Zscaler Zero Trust Exchange Platform, especially Zscaler Private Access, is very strong, though there are a few areas where improvements can be made. One challenge observed is around initial troubleshooting and visibility. While Zscaler Private Access provides logs, it can sometimes take time to pinpoint the exact cause of access issues, especially in complex environments with multiple policies and identity integration. Another area is the dependency on identity and connector health. Since Zscaler Private Access is heavily reliant on app connectors and identity providers, any issues with these components can impact user access, making proper monitoring critical. During the initial setup, policy configuration and application onboarding require careful planning, especially for larger environments with many applications. These challenges are manageable with proper design and monitoring. Overall, the platform delivers strong security and user experience.

I would recommend a few improvements, especially around user interface, reporting, and troubleshooting experience. From a user interface perspective, while the platform is powerful, the policy configuration and navigation can feel complex, especially for new users. A more simplified and intuitive layout for policy mapping and application access would help reduce the learning curve. In terms of reporting, Zscaler Private Access provides logs, but having more built-in customizable dashboards and analytics would be very helpful. Better visibility into user access patterns, application performance, and real-time troubleshooting insights would improve operational efficiency. From a support and troubleshooting standpoint, it would be beneficial to have more granular centralized visibility, allowing for quick end-to-end tracing of a user request from authentication to application access without switching between multiple views. These improvements would make the platform even more efficient, especially for large-scale enterprise environments.

I have been working with Zscaler Zero Trust Exchange Platform for around three or more years, gaining hands-on experience with Zscaler and Zscaler Private Access, including policy creations, optimization, SSL inspection and configuration, traffic forwarding using PAC and client connectors, troubleshooting user access issues, and integrating identity providers such as Active Directory and Azure AD.

Zscaler Zero Trust Exchange Platform is very stable, especially in enterprise environments. Being a cloud-native platform with a globally distributed infrastructure, consistent performance and high availability are experienced for user access. In day-to-day operations, there have been no major outages impacting users, and the platform performs reliably with stable access to applications. Occasional minor issues can occur, such as connector-related or identity integration dependencies, but these are usually manageable with proper monitoring and redundancy. Deploying multiple app connectors ensures high availability, and monitoring identity providers helps avoid authentication issues. Overall, from this experience, it is a stable and production-ready platform suitable for enterprise use.

Zscaler Zero Trust Exchange Platform is highly scalable, primarily because it is built on a cloud-native, globally distributed architecture. Scaling is straightforward from a user experience perspective. When more users or applications are onboarded, there is no need to provision traditional hardware as in traditional VPN setups. The Zscaler cloud automatically handles the increasing user traffic and load. For application scalability, additional app connectors are deployed as needed, with connectors placed closer to applications, whether on-premises or in cloud environments, ensuring high availability and load distribution. Adding new users is simple through identity integration, and policies can be applied centrally without infrastructure changes. Scaling has been observed from a smaller user base to larger deployments without many major architecture changes, which is a significant advantage. Overall, Zscaler Private Access provides elastic scalability, making it well-suited for growing enterprise environments.

The experience with Zscaler customer support has been good, especially for enterprise-level support. Multiple support cases have been raised mainly around policy behavior, access issues, and initial deployment troubleshooting. In most cases, the response time has been within SLA. The support engineers are technically knowledgeable, particularly for Zscaler Private Access related issues, providing clear guidance and documentation for troubleshooting. For critical issues, the escalation process works well, and timely support is received when needed. In some complex scenarios, troubleshooting can take longer, especially when it involves multiple components such as identity providers or connectors, but overall, the support experience has been reliable.

I would rate the customer support eight out of ten. The main reason is that the support team is technically strong, responsive within SLA, and helpful during troubleshooting, particularly for Zscaler Private Access related issues. However, in some complex scenarios involving multiple integrations, the resolution time can be slightly longer, which is why the rating remains at eight rather than a full ten.

Before implementing Zscaler Private Access, the primary solution for remote access was traditional VPN. While VPN provided connectivity, it had several limitations. Users received full network access, which increased the risk of lateral movement and security exposure. There were also issues with slow performance, frequent disconnects, and scalability challenges, especially during peak usage. The main reason for switching to Zscaler Private Access was to move toward a Zero Trust architecture where access is granted based on user identity and application-level policies rather than network-level access. With Zscaler Private Access, the need for VPN was eliminated, access was restricted to only specific applications instead of the entire network, and both security and user experience were improved. Overall, the shift was driven by the need for better security, scalability, and seamless user access, which Zscaler Private Access effectively addressed.

One additional aspect to highlight is the ease of deployment and scalability that Zscaler Private Access provides. Since Zscaler Private Access works on the outbound connection model using app connectors, there was no need to open any inbound ports or make major changes to the existing infrastructure. This made the deployment much faster and more secure compared to traditional solutions. Another important aspect is the tight integration with identity providers such as Active Directory or Azure AD, allowing for the enforcement of consistent identity-based access policies across users. From an operational perspective, Zscaler Private Access provides good visibility and logging, which helps in quickly troubleshooting issues and understanding user access patterns. Beyond just security, it also simplified operations and reduced the complexity of managing remote access.

A positive return on investment has been realized after implementing Zscaler Private Access. One of the most noticeable improvements was in reduced support effort. A clear drop in VPN-related help desk tickets occurred, especially around connectivity and login issues, which saved significant troubleshooting time for the support team. In terms of time savings, since users no longer manually connect to the VPN, access became seamless, improving user productivity, especially for remote users. From an infrastructure perspective, the need to maintain and scale traditional VPN hardware was eliminated, which reduced both costs and operational overhead. In measurable terms, approximately thirty-five to forty-five percent reduction in connectivity-related support tickets was observed, along with faster issue resolution due to better visibility and improved user productivity due to stable and direct application access. Overall, the platform helped save time, reduce operational effort, and improve security, all contributing to a strong return on investment.

Zscaler Zero Trust Exchange Platform follows a subscription-based licensing model, typically based on the number of users and the modules enabled, such as Zscaler Private Access or Zscaler Internet Access. In terms of pricing, it may appear on the higher side initially compared to traditional VPN solutions, but when the overall value is considered, it justifies the cost. There is minimal setup cost since it is a cloud-delivered platform, eliminating the need to invest in additional hardware such as VPN gateways or maintain infrastructure. From a business perspective, benefits are observed including reduced infrastructure and maintenance costs, lower support overhead due to fewer VPN-related issues, and improved security posture, which is critical for enterprise environments. Overall, while licensing is subscription-based, the platform provides a strong return on investment in terms of security, scalability, and operational efficiency.

Before choosing Zscaler, a few other options in the market were evaluated. Some of the key solutions reviewed included Palo Alto Prisma Access and Netskope Private Access, in addition to some traditional VPN-based solutions. During the evaluation, factors were focused on including ease of deployment and scalability, user experience, granularity of access control, and overall Zero Trust capabilities. Zscaler stood out mainly because of its cloud-native architecture and maturity in Zscaler Zero Trust implementation, especially for Zscaler Private Access. It provided true application-level segmentation, which offered a seamless user experience without a VPN, had strong integration with identity providers, and was relatively simpler to deploy and manage at scale. While other solutions were strong, Zscaler provided a better balance of security, performance, and operational simplicity, making it the preferred choice.

The recommendation would be to start with a clear understanding of the existing application architecture and user access patterns before implementing Zscaler Zero Trust Exchange Platform, especially Zscaler Private Access. A phased rollout is strongly recommended, starting with a few critical applications and a small group of users, monitoring the behavior, and then gradually expanding. This helps identify any policy gaps or access issues early on. Proper integrations with identity providers such as Azure AD or Okta are very important, as Zscaler Private Access relies heavily on identity-based access. Another key point is to invest time in policy design. Defining application segments and access policies correctly will make a huge difference in long-term stability and user experience. Continuous monitoring and tuning based on logs and user feedback are essential to fully optimize the solution.

Overall, Zscaler Zero Trust Exchange Platform, especially Zscaler Private Access, has been a strong and reliable solution for enabling secure access without any need for traditional VPNs. It has significantly improved both security posture and user experience in deployments. The platform is scalable, easy to manage once properly configured, and aligns well with modern Zero Trust principles. From this experience, with proper planning and policy design, it delivers great value to an organization. There is still room for improvement in areas such as user interface simplicity and faster resolution for complex cases, but overall, it is a very solid and mature solution. I would rate this review nine out of ten.

I work with Zscaler Zero Trust Exchange Platform as a user. We are an HCM company, and we wanted to utilize it as a user because it is our own product company. We have been developing the customer product because the HCM product is focusing on workforce management and payroll. We have been trying to use it as a user itself, not for deployment for different companies.

If we speak about the use cases for Zscaler Zero Trust Exchange Platform, I can use the product for various purposes, not just one. There are multiple use cases because it is basically the HCM product. We have a huge database of customers, and it has a different case-to-case basis. Our model for deployment was huge with multiple use cases. In this case, it is very difficult for me to specify or identify one particular use case. I just log in with SSO and make sure that Zscaler Zero Trust Exchange Platform is able to protect it appropriately. It is not one use case; it is multiple business models we have deployed.

The benefit is the accessibility. When we were using Cisco, especially when we were focusing on VPN, we had multiple issues. Even with the login, we also had an issue. Since we started using Zscaler Zero Trust Exchange Platform, it has auto-configuration, and wherever we have deployed the auto-configuration, we have not encountered any problem. The company is not looking for any specific change or transition from Zscaler Zero Trust Exchange Platform to a different product. Even during deployment, the referral responses were quite appropriate. That is the reason why we have a preference, and I still rate it as good to go.

The deployment is already progressing. We completed deployment last month.

Zscaler Zero Trust Exchange Platform probably needs to be more efficient because scanning takes a lot of time. Some vulnerabilities create issues, and when we wanted to identify the source of the vulnerabilities, specifically focusing on mobile ID and related areas, it was unable to provide assistance. However, according to discussions with Zscaler Zero Trust Exchange Platform, they said that by the end of mid-2026, they are exploring these features, and probably those features can be incorporated or embedded into this particular system. That is the only major negative point.

In terms of responses, Zscaler Zero Trust Exchange Platform is good. In terms of controlling vulnerability, it is good. The only cons I have noticed is that it is a bit slower, and sometimes it is unable to identify the source. These are the key areas for improvement.

We started somewhere in March 2025, and it is going to be a year in March.

Zscaler Zero Trust Exchange Platform is very stable. I am using it on my PC, and I do not see any issues coming to me for the past one year. I have never seen any issues.

Zscaler Zero Trust Exchange Platform is scalable. The only limitation I was mentioning is that it was unable to identify the sources of vulnerability, which they are going to embed by the mid of this year. That is what the promise they have made in their plan. After that, it is scalable.

Zscaler Zero Trust Exchange Platform support is good. We have managed to find 24/7 support region-wise. We have North America, we have Asia Pacific region, Japan, China, New Zealand, and Australia. We managed to identify the 24/7 support. They have provided the numbers and contact supports, and it is almost immediate. I would rate support from Zscaler Zero Trust Exchange Platform from zero to ten points, with ten being the best. I can say seven to eight.

Positive

I have been working with Cisco XDR and Cisco Secure Access. We were using Cisco XDR and Cisco as an endpoint security, especially on VPN. Recently, we have moved from Cisco, and we have gone to Zscaler Zero Trust Exchange Platform. Currently, we are using Zscaler Zero Trust Exchange Platform. Cisco was decommissioned in late 2024, and early 2025, we moved to Zscaler Zero Trust Exchange Platform.

I used Trend Micro sometime in 2022. We were using CrowdStrike until 2024. We replaced it with Prisma. The reason we made the replacement from Prisma to Wiz is because of the cost. I can tell that it is a saving of about half a million dollars a year.

Zscaler Zero Trust Exchange Platform is very easy to deploy with no complication. We did our implementation in-house. We have our own team and our own security team, and it was being assisted by Zscaler Zero Trust Exchange Platform directly. We did not engage any vendor.

We did our implementation in-house. We have our own team and our own security team, and it was being assisted by Zscaler Zero Trust Exchange Platform directly. We did not engage any vendor.

I see return on investment here. When I see that I am trying to cut costs, for example, even when replacing Prisma, we have managed to save about over half a million dollars a year. I can see some of our own products where Zscaler Zero Trust Exchange Platform has been deployed, and I can say over 50,000 US dollars I am able to save a month as compared to the other products. Definitely I will consider this as ROI.

Zscaler Zero Trust Exchange Platform is much, much cheaper when comparing price.

I have been working with Cisco XDR and Cisco Secure Access. We were using Cisco XDR and Cisco as an endpoint security, especially on VPN. Recently, we have moved from Cisco, and we have gone to Zscaler Zero Trust Exchange Platform. Currently, we are using Zscaler Zero Trust Exchange Platform. Cisco was decommissioned in late 2024, and early 2025, we moved to Zscaler Zero Trust Exchange Platform.

I used Trend Micro sometime in 2022. We were using CrowdStrike until 2024. We replaced it with Prisma. The reason we made the replacement from Prisma to Wiz is because of the cost. I can tell that it is a saving of about half a million dollars a year.

Zscaler Zero Trust Exchange Platform's SSL Inspection feature helps to improve security. The threat intelligence capability is true and important. When we are scanning all our applications, especially focusing on application security, we are using the product Invicti. While we are doing vulnerability management prior to Zscaler Zero Trust Exchange Platform and this SSL Inspection feature, subsequently what we have noticed is that the vulnerabilities, especially the security bugs that were coming prior to Zscaler Zero Trust Exchange Platform, were about 20,000 to 22,000. Subsequently, after this, there is a huge reduction. It has come down more than 40 percent. That is definitely an advantage over the previous product.

It helps for the remote workforce. Ours is 100 percent remote. All the accesses have definitely improved because we are also using an SSO platform. Subsequently, what we have been noticing with this feature is the security. My job is to ensure that security is scanned from across the cloud region, across application security, and across on-premises. With this deployment, I have seen the security being in absolute control. We have not seen any incident being reported for the past one year.

We are not getting into too many details internally for metrics, except for the scanning and the results that we have been monitoring. I would rate this review eight out of ten.

Hybrid Cloud

Other

Our main use case for Zscaler Zero Trust Exchange Platform is secure remote access for our workplace at Persistent, as we have a large number of employees working across different locations and client sites. Ensuring secure, seamless access to internal applications without relying on traditional VPN was the primary driver. We use ZPA, which is Zscaler Private Access, heavily for giving our developers and engineers access to international tools and environments for securing internet-bound traffic and enforcing policy across all users, whether they are in office or remote. Over time, we also started leveraging it for third-party vendor access, which has been really useful given the number of external collaborators we work with at Persistent.

We had a scenario not too long ago where we needed to onboard a third-party vendor for a client engagement who needed access to a specific internal environment for a limited period. In the past, that would have been either setting up a VPN account for them or opening up network-level access, which always made our security team uncomfortable. With Zscaler Zero Trust Exchange Platform ZPA, we were able to give them access to just that one specific application; nothing else was visible to them on our network. The best part was the speed of onboarding; we had them up and running within a few hours with a defined access policy tied to their identity. Once the engagement was over, we simply revoked access and cleaned up straightforwardly. It also gave us full visibility into what they were accessing and when, which was important for our compliance and audit requirements at Persistent. That kind of granular control and auditability is something we really could not achieve as easily with our previous setup.

Beyond the remote access and vendor use case, Zscaler Zero Trust Exchange Platform has become a core pillar of our Zero Trust strategy at Persistent. We have moved away from the traditional castle and moat model entirely, and Zscaler Zero Trust Exchange Platform is really the backbone of that shift. We also use it for cloud workload security as Persistent works heavily with cloud environments for our clients; being able to extend the same security policy to cloud-to-cloud traffic has been valuable. From a strategic standpoint, what I appreciate is that it integrates well with our existing identity provider, as we use it alongside Azure AD for conditional access policy. The combination of identity-aware access and Zscaler Zero Trust Exchange Platform's inline inspection gives us much stronger security. Being in a service company where we are managing security for multiple client environments simultaneously, having a single unified platform that scales across different use cases without adding operational complexity is a big deal. Zscaler Zero Trust Exchange Platform fits that need quite well for us.

There have been several meaningful positive impacts at our organization since deploying Zscaler Zero Trust Exchange Platform. The most immediate and visible impact has been the elimination of our VPN infrastructure. That alone reduced operational overhead significantly; there are no more VPN client issues, no more capacity planning for VPN gateways, and our IT help desk tickets related to remote access dropped noticeably. Improved user experience is also a key factor, as our employees and contractors noticed the difference; accessing internal applications became faster and more seamless, especially for our teams working from client sites or different geographies. We have a strong security posture; we went from a perimeter-based model to a truly identity and context-aware access model. That shift fundamentally changed how we think about security at our organization. Compliance and audit readiness is another big benefit for us, as our company works with enterprise clients who have strict compliance requirements; Zscaler Zero Trust Exchange Platform's detailed logging, reporting, and access control have made our audit process significantly smoother. Operational scalability is crucial at our organization as it grows and onboards new clients or employees; scaling security policy no longer requires hardware procurement or complex network changes. Overall, deploying Zscaler Zero Trust Exchange Platform has been a positive outcome across security, operations, and user experience.

The best features Zscaler Zero Trust Exchange Platform offers that stand out the most include app segmentation with ZPA, cloud sandbox and threat intelligence, SSL/TLS inspection, single pane of glass dashboard, identity integration, and scalability.

Zscaler Zero Trust Exchange Platform's threat intelligence continuously updates in real-time across their entire global cloud, so when a new threat is identified anywhere on their network, that intelligence is immediately applied to our environment as well. At Persistent, where we are handling sensitive client data, that kind of proactive protection without us having to manually push updates is genuinely valuable. The cloud sandbox goes beyond just blocking as we are also having URL and content filtering. The combination of all these layers—sandbox, threat intelligence, DLP, and SSL inspection—working together as one integrated platform makes it genuinely powerful rather than just another point solution.

After three years of working with Zscaler Zero Trust Exchange Platform, I do have genuine feedback on areas where I feel there is room for improvement. The initial configuration complexity is one area; the onboarding and initial policy setup is not the most intuitive experience. When we first deployed, the learning curve was steeper than expected, especially around setting up app connectors correctly and fine-tuning ZPA policy. Better guided setup wizards or more structured onboarding support would help significantly. Another area is pricing transparency; the licensing model can be quite complex and expensive, especially for large organizations. Understanding exactly what is included in each tier and what requires an additional license is not always straightforward, so a more transparent and flexible pricing structure would be welcome. Reporting and analytics could also be improved; while the dashboard gives good visibility, the out-of-the-box reporting could be more customizable, as we often find ourselves exporting data and building custom reports externally. Troubleshooting and diagnostics also need attention; when something goes wrong, such as an application access issue, the troubleshooting experience could be smoother; pinpointing exactly where a policy is blocking something sometimes takes more time than it should. Technical support response time could be faster for critical issues.

Integration improvement is one area; while Zscaler Zero Trust Exchange Platform integrates well with Azure AD, we have faced some friction when trying to integrate with other SIEM platforms. At our organization, we use multiple security tools across different client environments, and getting Zscaler Zero Trust Exchange Platform logs to flow seamlessly into every SIEM we work with is not always plug-and-play. Better native integration with a wide range of SIEM and SOAR platforms would be really valuable. Additionally, offline mode capabilities, AI-driven policy enhancements, and more granular role-based access control are important features to consider.

We have been using Zscaler Zero Trust Exchange Platform at Persistent for about three years now, initially rolling it out for our remote access use case and over time expanding it across more of our security stack.

Stability is something I have been paying close attention to over our three years of using Zscaler Zero Trust Exchange Platform. I would characterize Zscaler Zero Trust Exchange Platform as generally stable and reliable in our experience. For a platform that sits inline with all of our user traffic and application access, uptime has been consistent. There have been minor disruptions; we have experienced a handful of brief service degradations over the three years, typically lasting anywhere from a few minutes to under an hour. These incidents were usually related to specific Zscaler Zero Trust Exchange Platform data center nodes experiencing issues rather than widespread outages. Planned maintenance windows have been well communicated in advance and scheduled during off-peak hours, so we have rarely been caught off guard by maintenance-related disruptions. Overall, if I had to rate the stability, I would give it an 8 out of 10, as it is reliable the vast majority of the time with occasionally minor disruptions and one more significant incident in our experience.

I would rate the customer service provided for Zscaler Zero Trust Exchange Platform at 4 out of 10.

Previously, before Zscaler Zero Trust Exchange Platform, we used Cisco AnyConnect for VPN as our main remote access solution, combined with on-premises web proxies for internet security and URL filtering. The performance issue at scale was the reason for this change, as the Cisco AnyConnect VPN setup started showing its limitations significantly. When COVID hit and our entire workforce went remote practically overnight, the VPN infrastructure was simply not built to handle that scale, and we experienced significant performance degradation, leading us to move on to Zscaler Zero Trust Exchange Platform.

Based on our three years of experience with Zscaler Zero Trust Exchange Platform, my advice to others looking into using it is to not rush the deployment. Spend adequate time mapping out your application inventory, user groups, and access requirements before touching any configuration, as the quality of your data directly impacts the quality of your deployment. We learned this the hard way at our organization.

I would seriously consider engaging Zscaler Zero Trust Exchange Platform's professional services or a certified partner for initial deployment, especially if your environment is complex. The platform has depth, and having experienced guidance during initial setup saves significant time and prevents costly misconfigurations.

I am happy to share the quantitative ROI metrics we have observed since implementing Zscaler Zero Trust Exchange Platform. The most direct and measurable savings have come from retiring our legacy VPN infrastructure, as we eliminated multiple VPN gateway appliances along with the associated maintenance, licensing, and hardware refresh costs. Conservatively, that translates to pretty significant infrastructure savings over the period. As I mentioned earlier, our IT support productivity improved as our remote access-related help desk tickets dropped by 40 to 50 percent, which is very useful. The phishing incident I noted earlier, where Zscaler Zero Trust Exchange Platform sandbox caught a potential ransomware attack, could potentially save us hundreds of thousands of dollars when factoring in remediation, downtime, and reputation risk.

This is an area where I have candid feedback from our organization regarding pricing, setup cost, and licensing for Zscaler Zero Trust Exchange Platform. Overall, I would assess the pricing as a significant investment. Zscaler Zero Trust Exchange Platform is not the cheap platform; it is a premium enterprise solution, and the pricing reflects that. For our organization, it was a significant investment, but one we felt was justified given the value we have been able to derive.

The licensing model complexity is honestly one of my biggest frustrations, as Zscaler Zero Trust Exchange Platform uses a per-user, per-module licensing model, and understanding exactly what is included in each tier is not easy. Beyond the licensing itself, the initial implementation cost was substantial; we engaged Zscaler Zero Trust Exchange Platform's professional services for our deployment, and while their expertise was valuable, it added meaningful cost on top of the licensing fee. There are also indirect costs worth mentioning; the time investment required for ongoing policy management, tuning, and administration is real.

We went through a formal evaluation process at our organization before committing to Zscaler Zero Trust Exchange Platform. Our closest contender was Palo Alto Prisma Access; we also checked Netscope, Fortinet ZTNA, Microsoft Azure AD Application Proxy, and many others.

AI governance and security are areas we have paid close attention to at our organization. Overall, I would say we are moderately confident in how Zscaler Zero Trust Exchange Platform manages and secures its AI capability, but with some caveats. What gives us confidence is Zscaler Zero Trust Exchange Platform's AI-powered threat detection, which has been reliable in our experience. The models they use for identifying anomalous behavior, detecting zero-day threats through the cloud sandbox, and classifying URLs have proven accurate in real-world scenarios. The fact that it learns from their massive global network of traffic provides a strong foundation. However, where we have reservations is in the transparency around how their AI modules make decisions; from a governance standpoint, we would appreciate more explainability regarding why something was flagged and what signals contributed to that decision.

I can share some concrete numbers and outcomes we have observed at our organization regarding specific outcomes or metrics since implementing Zscaler Zero Trust Exchange Platform. For support ticket reduction, our IT team saw roughly a 40 to 50 percent reduction in remote access-related tickets after moving away from VPN to ZPA; all VPN connectivity issues, client configuration problems, and split tunneling complaints essentially went away, which freed up our IT support team considerably. I would rate this review overall at 8 out of 10.

Hybrid Cloud

Microsoft Azure

In terms of our main use cases, the Zscaler Zero Trust Exchange Platform was typically introduced to replace our traditional VPN methods, and Zscaler Internet Access was used for secure internet access for all users.

The platform offers advanced threat protection features and embedded AI/ML capabilities, making it more proactive in blocking threats. We can create different types of controls such as access controls, file type controls, and cloud app controls to manage user access.

The solution is beneficial for remote work environments by providing extra security features that VDI cannot provide.

Data loss prevention features are available, particularly network data loss prevention. We can create various regex and other rules in Zscaler DLP.

The platform saves workforce hours and integrates with various tools and technologies, which has increased our security posture. We can integrate with SIEM, our AV platform, XDR, and EDR.

There are connection errors sometimes when users move from one location to another location, which can cause latency issues.

Regarding the initial setup and deployment, there should be an export option from older tools to the Zscaler Zero Trust Exchange Platform. This export function would eliminate the need to start from basics. Some rules should be exportable and directly importable to the platform. Additionally, more automation efforts could be included.

I have been working with the Zscaler Zero Trust Exchange Platform for more than four years.

The implementation process is moderate but overall manageable.

Netskope is a similar tool to the Zscaler Zero Trust Exchange Platform. Both are similar tools, but the Zscaler Zero Trust Exchange Platform proved to be better. The Zscaler Zero Trust Exchange Platform has global coverage and low latency regarding support, and it provides a robust Zero Trust architecture. Netskope provides flexible pricing and has granular visibility, and it surpasses the Zscaler Zero Trust Exchange Platform in cloud security capabilities.

The implementation takes approximately six months to complete.

The platform is cost-effective regarding overall benefits. We don't have to purchase many components such as load balancers and proxy servers that were necessary in traditional setups. Being a cloud platform, many aspects are managed by the cloud, making it more beneficial.

The Zscaler Zero Trust Exchange Platform is the industry's first zero-trust SaaS built on an AI platform. The platform deserves a rating of 9 out of 10 due to its extensive features and ease of administration.

Public Cloud

Other

Our main use case for Zscaler Zero Trust Exchange Platform is our information security risk management.

I would say we have excellent account management, smooth marketplace engagement, and processing in how my team or organization uses Zscaler Zero Trust Exchange Platform, even from a procurement or high-level perspective.

From a cost perspective, I would say fair market value, and then from an efficiency perspective, I notice a very good user experience, which is easy to use with Zscaler Zero Trust Exchange Platform.

When I say very good user experience, I have received feedback from my internal stakeholders that makes it easy to use, just very simple and intuitive.

I believe Zscaler Zero Trust Exchange Platform can be improved, but I have no specific feedback based on my procurement experience. There is nothing I would change at this time regarding needed improvements.

I have actually not known how long I have been using Zscaler Zero Trust Exchange Platform. I did a renewal in mid-year.

I rate it a seven because I am still working through some kinks from a performance and a support perspective.

I cannot comment on the best features Zscaler Zero Trust Exchange Platform offers, as I am in procurement.

Positive

All three features—secure remote access, user authentication, and data protection—stand out to me from my experience in procurement. I advise others looking into using Zscaler Zero Trust Exchange Platform to give it a try. I provided this review with an overall rating of seven.

We are not resellers. We are utilizing it. We come from consulting firms, providing it to customers along with services, operational support, implementation support, and more. It involves various users in our organization.

I find it to be good. The solution is cloud-based with the latest inspection engines, which I find to be amazing. We are less dependent on data centers and device management, which reduces our efforts significantly. 

It improves our device management, data center management, and updating devices. We need fewer engineers for this management, and it reduces time and efforts for data center management, device upgrades, and IT support.

There is not much room for improvement. We are users and operational engineers, so we might not have the insight that solution providers have when they compare different solutions. They might be able to identify if something is missing with Zscaler.

I have been using it for three years now.

I would rate its stability as a ten out of ten. It is very high, and it is good.

It is instant and very flexible according to requirements.

Customer service is good, you could say. I would rate it a nine out of ten. Sometimes, support takes time since the solution has some bugs that need fixing.

Positive

We did not evaluate other options before choosing Zscaler. It was proposed, and we used it.

The initial setup is easy and user-friendly, engineer-friendly, and environment-friendly.

There is nothing announced. It is a third-party issue.

The ROI is good.

We did not evaluate other options; this was proposed, and we used it.

I recommend the solution. It's amazing. I would rate it a nine out of ten.

Public Cloud

Other

We primarily use Zscaler SASE as a web filter to have secure internet connectivity for all our endpoints, users, and branch offices. The agent installed on all endpoints controls individual internet access, ensuring that only approved sites and applications are available for end users. It also blocks access to any website identified as a threat or security-compromised. Additionally, it is used to enable zero trust network configuration, allowing users from their homes to connect to Zscaler Zero Trust network using Zscaler private access component.

Zscaler has positively impacted our organization by providing a seamless configuration for remote access needs. Our employees are satisfied with the accessibility, as it eliminates the need for a VPN, allowing users to access required resources from anywhere seamlessly. This enhances user experience significantly.

The most valuable features of Zscaler SASE include web filtering, application control, and the private access configuration. The private access configuration is particularly valuable as it allows user-based access control, limiting access to only what is needed for specific users and applications.

The connectivity monitoring part should be included in the core license without any extra charges. As a user, I should be able to see how seamlessly end users are connecting, but currently, this feature is an add-on that requires an additional license fee.

I have been working with Zscaler SASE for approximately over a year now.

The stability of Zscaler SASE has been rated an eight out of ten. There have been issues with some of the edge networks where users were unable to access the internet, which is why it's not rated higher.

The scalability of Zscaler SASE is rated a ten. As an agile cloud solution, it is easily scalable by adding licenses. However, since we are not a company that frequently adds a lot of users, scalability is not a primary concern for us at this point.

Customer service and support have been excellent. We typically raise a call via email or using a portal, and the support we receive is very seamless and timely within the SLA. They have been very supportive and provided the necessary solutions and clarifications.

Positive

Before Zscaler, we evaluated other solutions such as Netskope. We chose Zscaler due to its stability and the product roadmap, which were far better.

The initial setup was somewhat complex due to the need to review and tweak the network configuration, particularly for legacy networks. However, these challenges were resolved through collaboration with multiple vendors and internal teams.

For deployment, vendor support included two or three resources. Internally, we had one person handle the deployment via Microsoft Intune, and additional internal team members assisted with testing and rolling out to around 2,300 users. In total, there were three people from the vendor and three from our side, although the internal resources were not dedicated full-time.

The pricing of Zscaler SASE is quite high, rated at nine out of ten.

We considered Netskope before deciding on Zscaler.

I'd rate the solution nine out of ten.

Public Cloud

There's a different mechanism and modules. For example,  ZIA is primarily for internet access from the user's side. We can forward the traffic using the ZIA client connector agent installed on user machines like laptops and desktops. 

Users can log in using their credentials and even use single sign-on. Once logged in, their traffic is forwarded to the Zscaler cloud. 

Based on the user profile, we can define policies on what type of content they can access, like streaming or specific file types. It provides data protection as well. 

Alternatively, there's another configuration. If we can't install an agent, we can forward traffic using a PAC file URL to Zscaler servers.

With Zscaler, there are various modules like ZIA, private access, and digital exchange. All focus on internet access, but there's a concept where all traffic is forwarded using the Zscaler agent. 

Previously, they used a different portal where traffic from tools like Jira and FortiGate was allowed. The issue was that third-party applications weren't always supported. We had to configure them manually, and often we had to forward traffic to the Zscaler Cloud.

On the improvement side, when we bypass certain internet traffic types, it's currently recommended to have a one-click option, but audio and video aren't always supported. Thus, we need to bypass that kind of traffic. So, it is an area of improvement.

Another issue is with DNS exclusions and internet bypasses. Even if we put some URLs into DNS exclusion, it doesn't always work. So we often have to use a VPN gateway bypass. If they provided functional DNS exclusions and internet bypasses, it'd be much smoother.

I have been using it for the last three years. 

If I had to provide a rating between one to ten, I'd give it a seven out of ten. Some areas need improvement, like classification understanding, general and fingerprinting. Some classifications aren't adequately addressed by the DLP rules they provide.

The customer service and support are very good because we have dedicated team support on that and a dedicated customer success manager also. If the technical team doesn't resolve within the alert timing, I can escalate, and they assign a senior person to the call.

The current era is moving towards having a single agent manage everything. We can set up the SAP. Previously, we were using the proxy solution. This is on-prem and very hectic to manage. And policy synchronization was also a challenge. 

Zscaler is a SaaS-based solution, making it easy for users from any location to connect. It's very easy to use with minimal operational challenges. Not just Zscaler, but other SaaS solutions like NetScope and Palo Alto as well.

As for the DLP, there's a web-based version and a hosted ERP version. I haven't tested the OS DLP capabilities yet, but the web-based version is in line.

There are around 50,000 end users in our organization. In my organization, I'm part of the COE group, Centralope Accelerate, and I'm in charge of projects, implementations, and escalated support issues.

I have three team members under me at a proxy level, and then there are about ten people at level one. They handle basic troubleshooting, and if they can't resolve issues, they escalate to level two or even to me.

When I look back two or three years, I feel it's worth it. The product has been good for our infrastructure and has positively changed our user experience. 

However, in the current scenario, we need to think more strategically and consider integrating other services like private access, DLP, CASB, etc.

It's expensive currently. But when purchasing for a large number of users, there's room to negotiate. It's really up to the procurement team. 

From my experience, it's a pricey product, but with a larger user count, there's flexibility in the pricing.

If your requirements are at an intermediate level and you need to access DMC, then I would recommend this solution. If you require more detailed data classification, you might want to consider Netscope as they provide very granular classification. However, it really depends on the company's needs and requirements.

Overall, I would rate the solution an eight out of ten. 

Public Cloud

The primary use cases for the Zscaler include secure channel access for applications, private file service access, and remote connectivity to the active directory. These are the top three essential functionalities provided by Zscaler.

Previously, we utilized HubSpot, which required connecting to our office data center and then reaching other data centers for different applications. Internal private access changed this by allowing us to deploy connectors directly in front of the applications, eliminating the need for a single-site private access connection.

The pricing for Private Access seems to be on the expensive side, and I believe they should consider making it more competitive with other solutions. Specifically, they could improve pricing by offering customizable packages that cater to each customer's specific needs.

Connectivity to voice-over IP (VoIP) solutions, both private and VoIP, is scheduled to be included in the upcoming week.

I have been working with the solution for the past few months.

I would rate the stability a nine out of 10. 

The technical support is good. 

Positive

We chose Zscaler because of its superior functionality, especially in terms of its medium capabilities.

A well planned deployment plan can be executed in fifteen days. 

Identifying private applications and the users accessing them are the two key components. Discovering the private applications associated with Zscaler is one part, while the other involves determining the number of users accessing these applications, which is crucial for deciding Zscaler’s deployment.

I would rate the process of initial setup a five out of 10.

I would advise evaluating the solutions as per the requirements, and would rate it a nine out of ten. 

Hybrid Cloud

This is the primary Private Access solution, the VPN solution.

Zscaler brought a new concept to the world or to the networks, basically introducing the zero-trust technologies of the product to bring in the buzzword about it and then make it a norm or create it as a norm. 

So, this is a product that can give you zero trust when it comes to the VPN solution compared to the legacy VPN. So, it has become a mandate to manage.

Zscaler Private Access does not currently offer the ability to assign static IP addresses, which are necessary for supporting telephony or backend communication. 

While Zscaler supports client-initiated connections, it does not support server-initiated connections. This is a feature that Zscaler may consider adding in the future.

I have been using this solution for a year. 

It is a stable solution.

It is a scalable solution. We have around 5,000 end users using this solution.

The customer service and support are okay. I am not a fan of the service. 

The response time is long, and the willingness is lacking. They are not eager to support.

Neutral

My company used Pulse Secure and SonicWall.

With the zero-trust concept coming in across the secure, we wanted to try out Zscaler and see whether it worked well for our organization. So that's the reason we switched to Zscaler. 

The initial setup was easy. 

With the VPN solutions that sort of pretty much expensive.

I would recommend using the solution. I would rate it around eight out of ten because it is a good product. I don't have any major concerns as such. 

The competition is not up to the level; Netskope is doing well. Palo Alto and other products have just launched their products within the previous two or three quarters, and the market is yet to try their tech work, but Zscaler is a tested product, and it is doing good.

Private Cloud

Other