Friday, October 15, 2021

Zscaler vs Palo Alto Prisma Access vs Cloudflare Teams

We're currently looking at coming up with security solutions for our mostly remote workforce and wanted to get people's opinions on the big players out there. We are currently looking at the companies in the title.

I could be wrong, but here are my notes so far:

Zscaler

  • Seems like they were the first to do it
  • Proxy-based - Inbound VPN is a separate product that needs some sort of Linux server on-prem
  • Ticks all the security boxes
  • Cost might be nuts

Palo Alto Prisma

  • Basically Global protect in the Google cloud
  • Relying on ~5 gateways being up vs. Zscalers entire network
  • Full fledged VPN, option for Proxy
  • Easy enough to do inbound VPN to on-prem assets
  • Cost seems reasonable for what you get

Cloudflare Teams

  • Newer to the game
  • Dead simple to setup Cloudflare Gateways via DNS and WARP client
  • Cloudflared tunnels are really cool
  • Security Policy controls seem a little less capable than Palo or Zscaler
  • Comparatively cheap.

Most of our stuff is SaaS or Public cloud. We have a small subset of users who need inbound VPN to some on-prem assets, which can just be taken care of with our on-prem firewalls. We really just need to control content filtering/DNS and want to be able to perform endpoint compliance checks to gain access to our SSO portals.

That makes me lean towards Cloudflare, but I am worried about how capable the product really is. I have Cloudflare Teams running in my lab, and it works great, but I'm not doing anything too crazy with it.

Anyone done comparisons with these? What do you like? What don't you like?



No comments:

Post a Comment