Likelihood to Recommend Bugcrowd is great for bug bounty programs and as a cheaper alternative to a full-blown penetration test. Small to medium-sized companies who are serious about security, but don't have the budget for a $40,000 penetration test, this is a great solution. Bugcrowd isn't going to be able to do much of the white-box penetration testing (code reviews), as they are more suited for grey-box and black-box. A program like this will need at least one dedicated person to work with the moderator, verify findings, and decide on the severity of the finding.
Read full review Zscaler Internet Access is an internet tunnel that pairs with the network adapter to secure traffic between servers and workstations. It can refresh policies automatically and log intrusions but does not broadcast intrusions. Cloud-based Zscaler Internet Access is easy to deploy and scale, with no hardware or software needed. In a hybrid model, Zscaler Internet Access performs some security functions on-premises and others in the cloud, allowing organizations to keep infrastructure. There is a slight learning curve from VPN and appliance architecture to this paradigm.
Read full review Pros Having a pool of security researchers helps keep the penetration tests broad, getting the most bang for your buck. The integration with Slack makes it easy to keep tabs on the program and when new findings are submitted. The interface is pretty simple to use and fairly intuitive. Read full review Automatically block the malicious content and websites Scans inbound and outbound network packets Has a proxy server through which all the network calls pass through We have customized Zscaler Internet Access to block websites like Netflix, Hotstar etc which can hinder producivity Read full review Cons The success of your program highly depends on the moderator that is assigned to your project. A good moderator will continue to find researchers until the quota is full. Less than stellar moderators will send out one invite and sees what sticks. Not all researchers are as professional as one might hope. This can ruin the experience. Read full review My personal opinion about Zscaler is their idea is that all the services are online and are moving to the cloud but the truth is some of them have to stay on-premise and employees still need to work from an office. Zscaler simply doesn't have any on-premise solutions like an NGFW to provide a complete package. We are supporting Fortinet NGFW for our on-premise solution. As mentioned earlier Zscaler being hosted online we don't get the full flexibility of managing our firewalls. Although it's a good thing we keep running into problems like when we want to allow list a service from a specific source IP Zscaler cannot provide a static IP for that. They route traffic through multiple IP addresses and the IP's keep changing every 15-20 minutes. So you cannot allow list a specific IP on the receiving end. The only way to move forward would be to allow an entire range of IP's which opens a security loophole on the receiving end. For every small thing we have to keep opening a ticket with Zscaler. Their response rate is fast but still in a fast-moving world it's not fast enough. Especially since we need to get approval from our change control to get something done and then again we have to raise a ticket to get something done from the Zscaler side. Read full review Usability Zscaler is a mandatory solution required by almost every large organization with a workforce working remotely or using cloud-based apps. Its deployment is relatively easy and it keeps on working in the background without actively bothering the user. Apart from a few weird messages which a user is unable to comprehend, Zscaler is able to provide fast and safe access to the internet and other external applications.
Read full review Support Rating I cannot give a fair rating for this as I have not had to contact Zscaler support. There was one time we had to contact them because we needed to check if they were having issues on their end. Our ISP was actually the problem but support seemed very friendly.
Read full review Alternatives Considered Budget was ultimately the reason we went with Bugcrowd initially. Bugcrowd allowed for us to come up with our own bounty scale to fit out budget. Most other companies had a fixed scale, or the scale was not as flexible as we wanted it. Traditional penetration testing companies were very expensive.
Read full review Zscaler Intenet Access proved to be superior and the difference for us was the speed of policy delivery since your policy is applied in a web console and is effective in a matter of seconds. Another point to congratulate the solution is its compatibility with different platforms (macOS, Linux, Windows, Android, and iOS).
Read full review Return on Investment We have received some great results for a great price. We've also received some poor results at the same price. Bugcrowd is not always recognized as a "real" penetration test, but for the most part, we have not had any problems with customer accepting our reports. Overall, Bugcrowd has been an overall good experience, but we have had a poor moderator from time-to-time that has resulted in less than ideal results. Read full review ROI is there and it is safeguarding the data and user access to net. Being a cloud based can be scaled up when required. Third parties can be allowed based on the company IT policies (Clients or Vendors etc.) for business perspective. Read full review ScreenShots Zscaler Internet Access Screenshots