Cisco Secure Web Appliance (formerly Cisco Web Security Appliance [WSA]), powered by Cisco Talos, protects by automatically blocking risky sites and testing unknown sites before allowing users to link to them, helping with compliance. It is available models S690, S390, and S190.
N/A
Zscaler Internet Access
Score 8.9 out of 10
N/A
Zscaler Internet Access™ (ZIA) is a secure web gateway (SWG), delivering cloud native cyberthreat protection and zero trust access to the internet and SaaS apps.
Both are well known but sometime the cost comparison and support out scale each other. Performance wise both are good. Zscaler provided better cost and support terms in our case.
We have both scenarios where we can describe that. For example, in the HQ, where we have about 3,000 users, Cisco IronPort Web Security Appliance is the ideal solution, because we can consolidate all the Internet access, policies, rules, etc. in the same box. However, if you have small offices with a few users, it's hard to justify one big and expensive box that could cost more than the whole office infrastructure.
Zscaler Internet Access is effectively a cloud firewall. It thrives best for traveling users that need a consistent experience as the multiple Service Edges around the world will help reduce the bottleneck and latency of VPNs hosted on firewalls. Also reduces the cost to spin up small locations that wouldn't necessarily need a firewall on site for Zonal traffic (this rings true for any SSE product). However troubleshooting this tool is a bit of a beast as previously mentioned - the logs are pretty minimal and the first reaction after perusing logs is typically to get a pcap file (which used to be a last resort for Network Engineers).
Single Pane of Glass Management - Everything is very easy to access and monitor the entire environment from an internet security perspective.
Install Flexibility - We can and do install Zscaler Internet Access on both our client devices as well as our SD-WAN appliances and servers. This allows us to control internet security even on devices without an agent in our networks.
I think that the interface could need updates to adapt it to a much more current system, achieve quick access to necessary tools and adapt the platform to a much more customizable and comfortable system to work with.
It is undoubtedly a platform that is worth having, however, the license costs could be better adjusted to small businesses so that it can be accessed more easily.
It could be a bit complex to use, the use of codes is quite extensive, it could be adjusted to something much more practical but just as efficient.
The activate button when making changes could be better, activate seems somewhat like a misnomer especially to newer admins/engineers to the product, a more accurate word would be publish.
Blocked action message for the user could be more user friendly
Because it's one of those products you almost don't realize it exists from the end user. From the administrator perspective, you can do everything on its web interface and it's very intuitive to manage, once you know the concepts behind identities, acls, etc. Also, once you build the control structure, I mean, you link 'local' groups with your own Active Directory groups, as we did here, you don't need to be managing those things on the appliance itself.
The application is easy to install and configure on all Windows devices. To troubleshoot any internet issue, we can easily collect all the relevant logs from Zscaler and check the exact issue. The only problem is with the uninstall, as a dedicated crew needs to provide the password.
Our experience with Cisco's support was terrible. Other than the fact that they don't respond to service-related emails with urgency, they also keep on changing the policies that affected us. Recently, they came up with a new look for the same software, which was insanely slow. Renewal of keys for the old interface took months. Overall, the support was not very friendly from the users' point of view.
I cannot give a fair rating for this as I have not had to contact Zscaler support. There was one time we had to contact them because we needed to check if they were having issues on their end. Our ISP was actually the problem but support seemed very friendly.
At home I have a McAfee service that does similar tasks and helps manage the users of my internet. McAfee seems more user friendly and easier to set exceptions.
Zscaler Intenet Access outperformed the competition due to its lightning-fast policy delivery and cross-compatibility. It is easy to track employee usage and block unnecessary websites, reducing company internet usage. Zscalar installed on every system increases cloud-based software bandwidth, decreasing user turnaround time and increasing efficiency.
Security! Security! Security! We are financial company that work with very sensitive information. A lot of unsafe traffic was blocked on the Cisco IronPort WSA over years of using it. We did not earn on it but absolutely sure that we did not lose 'gazillion' of dollars being infected or scammed.
Easy to configure and use, no need to teach new personnel how work with this product (hopefully saving time = saving money).
Unfortunately the price of license subscription made financial managers push IT dept. to look for something cheaper.
We just turned off the general VPN this week, post Zscaler rollout of ZPA & ZIA, but it's still the "new" kid on the block, so "everything" is a Zscaler issue.
The ZIA implementation revealed to us exactly how inadequate our internal policies regarding internet access are. Instead of leveraging the tool to reduce risk factors, we find ourselves adjusting ZIA policies to accommodate user complaints rather than adhering to company policy enforcement.
