Zscaler Review 2025: Key Features, Pricing, Pros and Cons

Zscaler operates on a SaaS subscription model and is recognized as a leader in the Security Service Edge (SSE) and SASE markets by analysts like Gartner and Forrester.

What is Zscaler?

Zscaler is a cloud security company providing the Zscaler Zero Trust Exchange™, a platform built on Zero Trust principles. It acts as an intelligent switchboard, securely connecting users, devices, and applications based on identity and context, not network location. 

It inspects all traffic inline to block threats and enforce policies. Its main services, ZIA and ZPA, replace traditional tools like web proxies and VPNs with a cloud-native approach focused on secure access. 

Zscaler aims to enable secure digital transformation by moving security away from the network perimeter to the user and application edge, heavily using identity verification for access control.

Key Features of Zscaler 

The Zscaler platform integrates various security functions, with a strong emphasis on identity as the core of its Zero Trust approach. Here are key features highlighting its Identity and Access Management capabilities:

1. Zscaler Zero Trust Exchange

The Zscaler Zero Trust Exchange is the core platform that underpins all of Zscaler's services. It operates on the fundamental principle of "never trust, always verify,” which is basically a zero-trust framework. This means that access to applications and data is never implicitly trusted based on network location. To strengthen this, users can use zero-knowledge proof authentication to prevent passwords from being overshared.

But on the whole, Zero Trust looks at the verified user identity and contextual factors, such as device posture, location, and the specific application being requested.

2. Zscaler Private Access (ZPA)

Zscaler Private Access (ZPA) is Zscaler's flagship Zero Trust Network Access (ZTNA) solution. It is specifically designed to provide secure remote access to an organization's internal applications, regardless of where those applications are hosted (whether in corporate data centers or various public clouds), effectively replacing traditional VPNs.

• Zero Trust Network Access (ZTNA): ZPA replaces legacy VPN solutions by connecting authenticated and authorized users directly to specific internal applications based on granular policy. This helps make sure only authorized users can reach the applications they are explicitly permitted to use, rather than gaining broad network access.
  
• Identity-Based Segmentation: A core security benefit of ZPA is its ability to segment applications based on user identity and policy. This isolates applications from the network and, crucially, makes authorized internal applications invisible to unauthorized users on the public internet.
  
• Contextual Policy Enforcement: Access decisions made by ZPA are highly dynamic and leverage a range of contextual information. This includes the user's identity, the security posture of their device (e.g., is it corporate-owned, is disk encryption enabled, are security patches up to date), the user's location, and the specific application they are requesting access to.
  
• Clientless Access: For certain applications, ZPA supports clientless access via a web browser. This capability is particularly useful for enabling secure access for users on unmanaged devices (such as personal laptops or devices used by contractors or partners) after they have successfully authenticated, without requiring the installation of the Zscaler Client Connector.‍
• Secure Web Gateway (SWG): Inspects all internet traffic, including SSL/TLS, enforcing policies based on user, group, and location. While primarily focused on threat prevention and content filtering, policies are often tied to user identity.‍
• Cloud Access Security Broker (CASB): Discovers SaaS app usage and enforces security policies (including access controls and DLP) for these apps, often based on user identity and group membership.

3. Usability and Interface

• End-User Experience: Generally positive, especially ZPA compared to VPNs. Often described as seamless and working in the background.
  
• Administrative Console: Mixed reviews. Some find it clean compared to competitors, but many report significant complexity in configuration and policy management. Finding specific settings can be difficult. A steep learning curve is often mentioned. Aside from this, some users also feel the UI needs enrichment, especially graphical data representation.
  
• Performance: This can be highly variable. Zscaler can be fast and reliable, but many users report slowdowns, latency, and issues with specific apps, particularly with SSL inspection enabled. Performance depends on location, network, ISP, app behavior, and applied policies.
  
• Reliability: Generally perceived as reliable and stable, supporting large deployments. However, interruptions, crashes, silent client failures, and authentication errors have been reported with Zscaler by some users.

4. Mobile Client Connector (iOS/Android)

Essential agent for forwarding traffic from mobile devices for ZIA/ZPA. Supports SAML/MFA authentication, policy enforcement, trusted network detection, captive portal handling, and auto-updates. Requires specific permissions on the device.

• With Android users, complaints include frequent crashes, hangs, silent failures, causing phone instability, and difficulty disabling/uninstalling. Success may depend on configuration and potentially disabling SSL inspection for some apps.
  
• With iOS, some users report buggy OS interactions (especially Wi-Fi), inconsistent authentication, the app was reported to show "Connected" but not pass traffic, and was also mentioned to have VPN status issues.

5. Other Noteworthy Zscaler Features and Identity Access Solutions

• Zscaler Identity Threat Detection and Response (ITDR): Specifically focuses on securing identity infrastructure like Active Directory. Provides visibility into identity misconfigurations and risky permissions. Detects identity-based attacks like credential abuse and privilege escalation. 
• ZSLogin: A feature designed to secure and streamline administrative access to the Zscaler platform itself. Supports passwordless multi-factor authentication (MFA) for administrators. Provides unified identity management for Zscaler administrators.
• Zscaler Client Connector: The endpoint agent that forwards traffic and enables policy enforcement. Supports various authentication methods, including SAML with MFA, often integrated with existing Identity Providers (IdPs) like Okta or Azure AD. Device posture checks (part of context) can influence access.

Zscaler Pricing

Based on reports, Zscaler pricing starts around $28,000 on the lower average range for it’s customers on annual basis. A more typical average pricing for enterprise on an annual basis can be around $52,000 annually.

• Model: Subscription-based Software-as-a-Service (SaaS).Typically priced per-user, per-year, with recurring annual or multi-year contracts.
  
• Tiers: Offers bundled tiers like "Business," "Transformation," and "Unlimited," which progressively add more features. These bundles combine ZIA, ZPA, ZDX, and Data Protection capabilities. Individual products might be purchasable separately.
  
• Transparency: Lack of public pricing is a common feedback point; quotes require direct engagement with sales. Some examples exist on AWS Marketplace but may not reflect custom enterprise deals. Vertice benchmarks rate pricing simplicity relatively low.
  
• Cost Factors: Final cost depends on user count, selected products/bundles/tiers, contract length (discounts often available for longer terms), and negotiated volume discounts.
  
• Free Trial: A 30-day free trial is typically offered with limited functionality and users.

Zscaler Reviews and Ratings

The overall sentiment towards Zscaler is positive. That said, the most frequently raised concern pertains to the cost of the platform, particularly for larger organizations, those that require multiple premium features, or those impacted by the reported change in the Free Tier model.  

• Aside from this, some user feedback indicates concerns regarding the stability, performance, and usability of the mobile client connector applications for iOS and Android devices.
  
• Gartner: Consistently named a "Leader" in the Magic Quadrant for Security Service Edge (SSE). Strengths noted include market momentum, strong vision, global network, partner ecosystem, and capabilities (data security, ZTNA). Cautions include admin console complexity, pricing/sales issues, and client-reported performance/latency.
  
• Forrester: Also recognized as a "Leader" in the Forrester Wave™ for SSE Solutions, Q1 2024. Received top score for "Market Presence" ("800-pound gorilla") and highest scores for Vision, Innovation, Ecosystem, ZTNA, SWG, DEM, and Threat Prevention. Core SWG is considered "among the best".

Overall View of Zscaler

Zscaler is a clear leader in cloud security, driving the shift to Zero Trust. Its Zero Trust Exchange platform offers scalable, cloud-native security (ZIA, ZPA, etc.), replacing legacy systems. Analyst recognition validates its strong capabilities, especially in SWG and ZTNA.

However, adoption requires careful consideration of its complexity, the need for specialized expertise, potential performance tuning efforts, and variable standard support quality. The lack of pricing transparency and potentially high costs are significant factors. The mobile client appears to be a weaker point needing thorough testing.

Implementing Zscaler is a strategic shift requiring planning, resources, expertise, and managing organizational change, not just a tool deployment. While powerful, the trade-offs between its capabilities and the required investment (cost, effort, expertise) must be carefully evaluated.

Infisign: The Ideal Zscaler Alternative

While Zscaler is a reliable software, some users mentioned they feel like the setup process can require a good amount of technical expertise. With Infisign’s IAM Suite for enterprise employees and UniFed for customer-facing platforms, you get tools that allow versatility no matter your use case.

Moreover, you get to work with an astounding 6000+ API & SDK integrations to connect with your existing technology stack. ‍

Infisign allows broad compatibility with Web-Based and Legacy Ecosystems, allowing companies to secure both modern web applications and older, traditional IT systems.

• Zero Trust Authentication: Infisign is an ideal Zscaler alternative as it is built on a zero-trust framework from the ground up, needing users to verify their identity at set intervals, during changing devices, locations, or IP addresses based on risk.
• Passwordless Authentication: Passwordless authentication methods like biometrics, push notifications, device passkeys, and QR codes prevent the oversharing of passwords and unauthorized usage.
• Single Sign On (SSO): With Infisign’s SSO, you can improve user convenience and combat password fatigue, allowing users to log in just once for access across their tech stack. Infisign lets you do this in under 4 hours.
• ABAC: Gain fine-grained control with Attribute-Based Access Control. Go beyond traditional RBAC by adding and removing hundreds of users to your tech stack simultaneously based on roles, departments, or any defined criteria. 
• Network Access Gateway: Secure access to on-premises applications from the cloud using encrypted network gateways with the Network Access Gateway (NAG).
• AI Access Assist: AI Boost IT efficiency using AI, enabling administrators to add and remove users in under a minute using familiar tools like chatbots, Slack, and Teams, facilitating rapid access changes even while on the go.
• Impersonation: With impersonation, you can give customers or clients temporary admin access if their main admin account isn’t working or if their admin is out on leave.
• Adaptive MFA with Conditional Access for a layered security approach that balances protection and user convenience with the requirement for multiple authentication. Pair this with conditional access policies to establish strict protocols that proactively prevent suspicious access attempts.
• Just In Time Access: This lets you give users and employees admin access or access to specific tools or systems for a short amount of time. It helps you stay on track with compliance rules and keeps a record you can check later.
• Managed Password Web Authentication: This lets users have on SSO-like functionality for older and web-based tools that don’t work with regular SSO setups like SAML, OAuth, or OIDC.

Ready to see the difference? Schedule a free demo call today to explore how Infisign solves your enterprise identity and access management needs.

FAQs for Zscaler 

What is Zscaler's core approach to security? 

Zscaler's core approach is based on a cloud-delivered Zero Trust architecture, which shifts away from traditional perimeter-based security. The principle is "never trust, always verify," brokering secure connections based on identity and context rather than network location.

What are the main products offered by Zscaler? 

Zscaler's main products include Zscaler Internet Access (ZIA), which functions as a cloud-native Secure Web Gateway for internet and SaaS access, and Zscaler Private Access (ZPA), which provides Zero Trust Network Access to internal applications. They also offer Zscaler Digital Experience (ZDX) for performance monitoring and Zscaler Data Protection (DLP/CASB).

How does Zscaler's architecture benefit companies? 

The cloud-native architecture offers significant benefits, including high scalability and resilience, elimination of the need for on-premises security appliances, global distribution through a large network of data centers for lower latency, and a reduced attack surface by connecting users directly to applications.

What are some common criticisms or challenges associated with Zscaler? 

Common criticisms include the complexity of setup and configuration, the perceived high cost, potential variability in performance (especially with SSL inspection), inconsistent quality of standard customer support, and reported issues with the mobile client connector.