Sophos Cloud Web Gateway (discontinued) vs. Zscaler Internet Access

Sophos Secure Web Gateway works perfectly for any SMB/Enterprise environment where the IT Admin wants to control the internet. With that said, I can not think of an organization that doesn't need to control or audit the usage of their internet.

Incentivized

Zscaler Internet Access has extremely powerful category selection and it is very easy to create your own destinations for inspection and policy exceptions (SSL exception specifically). It is also very affordable and just as powerful (if not more) than some of the other solutions I have used in the past to achieve internet security.

Incentivized

• When IT Admins need to deploy virtually.
• When IT Admins want to have high availability without an extra cost (via the Virtual Appliance Deployment).
• When IT Admins want to control and give the internet fair use within the organization.

Incentivized

• The depth that Cloud App control policies can go into. Being able to control individual actions within an application, more than just all or nothing access.
• The UX/UI design makes it really easy to navigate the portal.
• Understanding how cloud app/url control policy gets evaluated and creating/editing existing policy is extremely straightforward.

Incentivized

• Administrator Permissions: There's not enough granularity on the administrative side. We ran into an issue where we wanted to restrict junior admins from being able to see traffic per user. But in doing so, it also prevented them from adusting some other settings they had to have access to, like setting exceptions for sites.
• CA Database: I occasionally run into issues where the list of certificate authorities in the appliance is not up to date, and I have to manually add a CA. These aren't rare, never-heard-of authorities, either, but they are usually subsidiaries of one of the major ones.
• Feedback: Sometimes it takes some good detective skills to track down why a legitimate site isn't working. It's often because of content hosted elsewhere (images, for example), but the reports aren't always clear as to what actually gets blocked. It takes some trial and error sometimes to unblock something that should be okay for our business.

Incentivized

• Easier interface on the menus so they don't disappear.
• Help, I'm contacting support only through the ZIA portal, but I'm unable to use the link easily.
• Mobile interface changes.
• The searching function for the logs is tricky and challenging to use, and the menu always pops down when trying to find the proper function.

Incentivized

While Zscaler Internet Access (ZIA) delivers critical value in cloud security and RBI compliance, I rate renewal likelihood 7/10 due to evolving needs versus platform limitations. Below is my rationale:

Key Gaps:

1. Advanced Threat Costs:

ZIA’s add-ons (e.g., Advanced DLP, Sandboxing) incur 35%+ cost premiums – straining budgets as transaction volumes (UPI/iMobile) grow 50% YoY.

2. API Banking Scalability:

ZIA’s API rate limits throttle real-time policy sync during UPI peaks (10K+ TPS), forcing workarounds for finacle integrations.

3. RBI Future-Proofing:

Limited native support for upcoming digital rupee (CBDC) security rules requires custom development, increasing compliance overhead.

Incentivized

The application is easy to install and configure on all Windows devices. To troubleshoot any internet issue, we can easily collect all the relevant logs from Zscaler and check the exact issue. The only problem is with the uninstall, as a dedicated crew needs to provide the password.

Incentivized

There are often performance issues reported

Incentivized

Zscaler's ZIA support is quick and knowledgable. They respond within 1-2 hours of you submitting your ticket. They are very thorough and are typically ready to jump on a live troubleshooting session. Our ZIA platform and how we use is it unique so at times tickets can be open for weeks but we alway get quality support compared to other unrelated product support in our enterprise

Incentivized

I had experience in the past with Barracuda and WatchGuard. Barracuda was fine, although I found it harder to configure and administrate. Less intuitive, but possibly more robust. WatchGuard was a nightmare, it either blocked too many things or not enough, and the rules were too complex. I would pick Sophos over either of these, both for ease of use, and for cost.

Incentivized

Zscaler Internet Access is most akin to ZPA - we bought both at the same time to handle all traffic internally and externally. In terms of quality - I would make the statement that Zscaler Internet Access is a simpler product but that's also cause there are no App Connectors involved in that process.

Incentivized

• We have not had a single instance of malware since installing Web Gateway. We have other ways to prevent infections and attacks, of course, so this is just one tool in the box, but we had a handful before this from people visiting sites they should not have. Web Gateway has prevented those, at least.
• There was some pushback initially as users had to deal with some business sites not working (usually due to CA problems). After the initial growing pains, however, we've seen very few other problems.
• The appliance updates itself, in the middle of the night, so that reduces some overhead and planned downtime.

Incentivized

• Has allowed us to remove other products that were suboptimal
• Saved us money overall by stacking it with other Zscaler products
• Created a more secure work environment for our users through intelligent internet policies that are not needlessly restrictive while still maintaining security best practices

Incentivized