Zscaler Offers Secure Web Gateway Features: Review

Zscaler’s self-named cloud security service provides organisations with security covering integrated web, instant messaging, peer to peer, webmail and SMTP-based email, and it does so without any on-premises hardware or software installation requirements. Rather, the Zscaler service spreads its proxy and relay load across the company’s 40 data centres and presents administrators with a rich, flexible, web-based management interface.

Based on my tests of Zscaler’s security services, I’m impressed with its potential to protect users from HTTP- and SMTP-based threats, which are more prevalent than ever—particularly due to the increased use of blended malware threats. (For example, a phishing email drives a user to a site that plants malware on his PC via a browser exploit.)

The service’s policy configuration and reporting options stand out for their depth, and I expect that the Zscaler service should provide a strong complement to companies’ existing end-point and perimeter security solutions. And, as a SAAS (software as a service)-based offering, Zscaler provides additional value by enabling administrators to inspect potentially malicious traffic on the web, rather than allowing it to reach their network perimeter, or, perish the thought, their endpoints.

Zscaler’s cloud security services are sold in a number of different editions, starting from a basic web filtering edition that’s priced at $1.50 (94p) per user per month for 100 users, with discounts available at higher volumes. For more information on the available editions and included functionality, check out the data sheets at tinyurl.com/23lwjtx.

Zscaler in the lab

As a hosted service, Zscaler is very easy to install. All I really had to do was change the administrator password, agree to the terms of service and remember to save my policy changes. I noticed Zscaler guarantees only 99.99 percent uptime monthly, although a representative said “outside of the regularly scheduled maintenance windows affecting just the admin-console, Zscaler has delivered 100 percent availability since launching in August 2008.”

Zscaler uses bandwidth from multiple carriers and maintains dedicated space in multiple data centres operated by different providers. There’s a little more work required to integrate with a directory service or import users. Plus, browsers need to be configured to use the Zscaler service as a proxy; firewalls also need to be reconfigured to allow only web traffic to and from the Zscaler proxy.

The admin interface launches with a clean, easy-to-read dashboard with prominent, context-sensitive options for Logout, Support, Getting Started, Help and Concept. Concept (and the little icons that the company tells me are light bulbs) is interesting and brings up a Flash demo that shares somewhat helpful information that was obviously developed by someone on the marketing, rather than technical, staff.

Help opens in a new window and is pretty useful except that it lacks an index or search capacity. Clicking Support took me to a page where I could submit a trouble ticket. I clicked Getting Started, and a new window popped up that listed configuration steps and provided links to walk through them rapidly. I easily uploaded the eWEEK logo and customised end-user notification messages for when sites or files would be blocked.

The default security policy configuration is most likely acceptable for most organisations. I found it very easy to establish policies for inbound and outbound traffic inspection, scanning different file types and even whitelisting sites by URL where all content should be allowed.