Scribd
Upload
12 views3 pages

Globalprotectcloudservice Vs Zscaler

Prisma Access provides comprehensive security for applications, remote networks, and mobile users, addressing challenges in securing branch offices and scaling operations efficiently. In contrast, Zscaler offers separate products for internet security and remote access, which complicates consistent security management and limits traffic inspection capabilities. Prisma Access boasts a dedicated infrastructure, advanced threat protection, and seamless integration with cloud services, making it a robust choice for organizations seeking reliable security solutions.

Uploaded by

barry.fisher123
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
12 views3 pages

Globalprotectcloudservice Vs Zscaler

Prisma Access provides comprehensive security for applications, remote networks, and mobile users, addressing challenges in securing branch offices and scaling operations efficiently. In contrast, Zscaler offers separate products for internet security and remote access, which complicates consistent security management and limits traffic inspection capabilities. Prisma Access boasts a dedicated infrastructure, advanced threat protection, and seamless integration with cloud services, making it a robust choice for organizations seeking reliable security solutions.

Uploaded by

barry.fisher123
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

Prisma Access vs.

Zscaler

Overview Top Selling Points

SELLING POINTS
Security delivered from the cloud provides the right architecture,
OVERVIEW AND

Prisma Access delivers consistent protection to all your applications, r­ emote networks,
CHALLENGES

and mobile users. Address your security requirements for branch offices, SD-WAN, mobile plus:
workforces, cloud, and data center in an operationally efficient manner. • Provides a full security solution on all ports, protocols, and
Customer Challenges applications for remote networks and mobile users.
It can be difficult to secure branch offices and mobile users as organizations grow, because • Enables deployment of consistent security to all applications.
security teams may not have the budget or people to build out their security infrastruc- • Global presence in 100+ locations with fast scaling and
ture. Prisma Access helps organizations deliver consistent security, maintain operational ­localization capabilities.
­excellence, and shift costs from capex to opex.

Features Target Audience


Directors of
• Protects remote networks with consistent, next-gen security policies and full-mesh VPN
IT/­Information
­connectivity. CIOs, CISOs Security Security Manager
• Uses Panorama network security management to onboard sites, manage policies and query Cortex
Data Lake; single management platform for both the cloud services and on-premises firewalls. As your organiza- Can you securely Can you centrally
tion grows, how enable branch-to- manage security
• Includes all subscriptions (Threat Prevention, URL Filtering, ­WildFire service) with AutoFocus
will you address branch or branch- devices in your data
threat intelligence and Prisma SaaS security as optional add-ons. security for users in to-HQ without an center as well as
• Protects mobile users and ­devices ­regardless of location. branch offices and additional MPLS/ public and private
mobile locations? IPsec product? clouds?
• Automatically scales with growth.

Does the security How long does How will you


differ at different it take to deploy ­integrate and ­secure
locations inside ­security to new your ­acquisitions?
and outside your offices and users?
Data center Public cloud SaaS Internet ­organization?

Security service layer


Access
Prisma

Are operational Does your standard How do you allow


costs and spending product offer a internal application
Connectivity layer under control? full security suite access for mobile
(NGFW, sandbox- and remote users?
ing, threat preven-
tion, URL filtering)?

Branch/
HQ Mobile
retail

© 2020 Palo Alto Networks, Inc. | Prisma Access vs. Zscaler | Confidential and Proprietary Information: For internal use and authorized partners under NDA with Palo Alto Networks only. 1
Prisma Access vs. Zscaler

Zscaler offers two different products: ZIA securing internet and SaaS traffic, and “Zscaler claims to have the world’s largest security cloud.
ZPA securing remote access to apps deployed in data centers or IaaS. Palo Alto Networks is not mature enough in the cloud.”
Architecture Prisma Access is built on public cloud infrastructure with practically unlimited
­resources, allowing it to elastically scale and provide worldwide presence in 100+
• ZIA and ZPA are two different products with two different management platforms,
locations. It is also integrated with cloud native services like WildFire (30,000+
making it impossible to offer one consistent security posture.
customers) and Cortex XDR, offering a complete platform. Zscaler customers do
• ZIA enforces different checks on traffic from users in a branch behind an IPsec/ not get to use all of the 150 sites—they are limited to as few as 30 sites.
GRE tunnel and mobile users with the local Z-App installed. For mobile, only
HTTP/S traffic is inspected. (This behavior is present even with Ztunnel 2.0, “Zscaler advertises optimizing Office/Microsoft 365
which claims to send all traffic toward the security enforcement node.) ­performance.”
• ZIA cannot secure all ports and protocols; the sandbox or DLP policies are only Enabling the “One Click Office 365 Configuration” transparently forwards any
handling HTTP/S and FTP traffic. end user Microsoft 365 traffic and bypasses any security checks. Zscaler indeed
had direct peering with the Microsoft Cloud. Prisma Access uses the direct peering
• ZIA uses fixed assets in POPs that are shared by customers, making it hard to
­between AWS and GCP to Microsoft Cloud. Prisma Access can easily use the App-IDs
scale quickly and offer full separation of resources. ZPA is completely AWS-
to define the exact desired behavior.

OBJECTION HANDLING
based, indirectly confirming the challenge of using POPs.
“Zscaler is a Magic Quadrant Leader for Secure Web
HOW TO COMPETE

• ZIA customers are sharing a pool of public IPs when they are exiting the Zscaler
cloud; one “blacklisted” customer could affect others. Also, by whitelisting these
­Gateways.”
public IPs for your SaaS applications, you are whitelisting others as well. Securing your web traffic is just one piece of the puzzle in the overall security
­posture. Palo Alto Networks has been a Leader in the MQ for Network Firewalls eight
• ZPA is just an application broker. Once the user authenticates and connects to the
years running, and is able to provide a single platform and consistent policies across
app, there is zero inspection of the exchanged traffic, allowing an infected valid
all use cases (all locations, all applications).
user to spread any malware.
“Zscaler offers a 99.999% SLA for service availability.”
• ZPA requires a parallel infrastructure of connectors to be deployed and main-
tained by the customer within the data center or IaaS environment. Being available doesn’t mean it is working as expected. Zscaler offers only a 95%
SLA for ensuring a security processing latency of 100 ms or below as a monthly
Need Third Parties to Make the Full Solution average, compared to the Prisma Access latency of only 10 ms as an hourly average
• For securing north-south traffic from a branch/HQ, you need a third-party vendor with a 99.99% SLA.
to terminate an IPsec/GRE tunnel on premises (one extra management platform).
“Zscaler handles SSL decryption on their own hardware,
• For securing the branch-to-branch/branch-to-HQ connectivity, you need poten-
­providing extra performance.”
tially another third-party firewall, in case you opted for an SD-WAN vendor for
Zscaler excludes SSL decryption from its SLA and uses colocated hardware
the previous point.
­appliances that are shared among all customers. Prisma Access has dedicated
• Securing the perimeter does not protect against lateral movement; for microseg- cloud scale resources for each customer to handle processing needs. Not depend-
mentation, you would again need a third-party solution. ing on static hardware enables faster scaling (horizontally and vertically) as well
• No in-house API CASB solution. Again, you need a third-party solution to com- as faster adoption of new hardware-dependent features.
plete the security posture.

© 2020 Palo Alto Networks, Inc. | Prisma Access vs. Zscaler | Confidential and Proprietary Information: For internal use and authorized partners under NDA with Palo Alto Networks only. 2
Feature Comparison Matrix

Zscaler
Functionality Prisma Access (5.7 release, ZIA Business bundle)

Advanced next-gen firewall Yes Add-on with limited capabilities

Traffic inspection on all ports and protocols Yes Limited capabilities

Advanced cloud sandbox Yes Yes, with limited capabilities

File control Yes Yes, with limited capabilities

Threat coverage check (IPS & AV signature) Yes No

Secure access for branch-to-branch and HQ-to-branch Yes Need third party

Secure remote access to data center/IaaS Yes Add-on (ZPA) with no traffic inspection

Microsegmentation/Blocking of lateral movement Yes No

Consistent policies for mobile user/branches and web/SaaS/remote access Yes No

Security policies inheritance/layers Yes No

Dedicated infrastructure per customer Yes No

Dedicated public IPs per customer Yes No

Additional Resources
https://compete.paloaltonetworks.com (internal)
https://www.paloaltonetworks.com/partners/nextwave-partner-portal/help-me-sell/competitive (partner)

© 2020 Palo Alto Networks, Inc. | Prisma Access vs. Zscaler | Confidential and Proprietary Information: For internal use and authorized partners under NDA with Palo Alto Networks only. 3

You might also like