Guardicore is a segmentation company, now part of Akamai since the late 2021 acquisition, aiming to displace legacy firewalls. The Guardiocre software-only approach is decoupled from the physical network to provide a faster alternative to firewalls. It is built for the agile enterprise that offers greater security and visibility in the cloud, data-center and endpoint.
N/A
Zscaler Private Access
Score 7.9 out of 10
N/A
Zscaler Private Access™ (ZPA) gives users secure access to private apps and OT devices while enabling zero trust connectivity for workloads.
This is the best possible solution for enterprise-level organizations where server counts will be in the thousands. To manage these and understand the communication can be very cumbersome without this tool. Ease of creation map zone and application-wise can be relaxing to OS teams and support teams as well. There is no limit to labeling schema of servers and it gives the freedom to do so.
The tool is, for the most part, very intuitive. Most of our issues so far (working through them with our Resident Engineer) are the one-off applications. We are working on some exemptions to make them functional. Besides that, the team loves the tool and how it can provide better security than our previous tool.
Application Segmentation and Listener Configuration - The way applications are defined and listened for is fundamental to ZPA, but can be a source of frustration, especially when dealing with legacy or non-HTTP protocols
The ZCC is the user's primary gateway, but its control over local system network behavior can sometimes clash with enterprise requirements.
The solution is deployed throughout the organization. Teams are working and integrating it with the help desk tool wherever required. Helps in identifying the network traffic flows in lateral movement and east and west as well. Allows policies by default and later fine-tuning to be done to narrow it and enforce blocking action. Exporting reports from the tool is easy and can be observed for any issues.
Few things stand out. The ease of access: It very convenient - one click to open add details and done. Packet capture: Can't talk enough about this feature. Troubleshooting private access is always problematic,but this feature helped a lot. One thing that can be improved is early warning about expiring authentication
Support has been available 24*7. It also depends on criticality but support is available. Also, the right expertise from the team helps in identifying the issue quickly and this helps in less production downtime if required. The ticket is resolved with RCA.
1) No limit to labeling schema. 2) Ease of creating maps with respect to zone, environment, subnets, etc. 3) Ease of creating policies and publishing the same. 4) Deception 5) Integration with monitoring tool (grafana) 6) Changes in the agent can be considered if there are legacy systems, time-consuming but can be achieved with the right information.
All of these tools are for different needs. Zscaler Private Access being for internal seems very simple as it really only allows filtering up to L4 whereas ZIA allows for filtering up to L7. ZDX often tries to give insight into the environment but since it only works with preconfigured items, that then means when a new problem shows up - ZDX isn't helpful troubleshooting postmortem. For the internal side of the house - Zscaler Private Access' strength is its simplicity to configure.
Positive: We have now charged users internally for the service
Negative: Dealing with users who also have the Zscaler Client Connector for their company, can cause confusions
Negative: Enabling the Zscaler Internet Access entitlement has been a major headache for us because Zscaler Private Access users can't autheniticate through ZIA on a non corporate device.