PLANS & PRICING

Simple subscription pricing.
Set up in minutes

Secure every step of your transformation journey.

Take the next step

Zscaler Platform Bundles

Comprehensive platform offerings to secure, simplify, and transform your business

Essentials Platform

Start your zero trust journey with secure, reliable internet access and limited Private Access, with other Zscaler innovations.
Secure Internet Access (SWG)
Private Access (for 5% of users)

Also includes:

  • Digital Experience for Platform
  • Standard Versions: Data Protection (alert only), Sandbox, Firewall, Cyber Isolation, Zero Trust for Workloads (1GB/user/month)

推奨

Zscaler Platform

Unlock the complete SASE/SSE solution, including full internet access, private access, and data protection.
Secure Internet Access (SWG)
Private Access (for all users)
Data Protection (inline web, all apps)

Also includes:

  • Standard Versions: Digital Experience, Sandbox, Firewall, Cyber Isolation, Deception, Zero Trust for Workloads (2GB/user/month), Zero Trust SD-WAN (up to 10 sites)

Note: Zscaler Private Access, SaaS Security, DSPM, Deception, Unified Vulnerability Management, Zero Trust for Workloads, Zero Trust SD-WAN, Zscaler Digital Experience (ZDX) Advanced, ZDX Advanced Plus, and Device Segmentation are available as standalone products that do not require a platform bundle.

Add-ons

Add on advanced capabilities

01Inline Cyberthreat Protection

Comprehensive, integrated threat protection for users, devices, and workloads

Both platform bundles come with the Cyberthreat Protection Standard package, which includes standard Sandbox, Firewall, Isolation, and correlated threat insights.
Advanced Modules

Sandbox Advanced

  • Sandbox Standard: EXE, DLL from unknown sites
  • Expanded file type support
  • Quarantine by policy
  • Instant AI verdict
  • Sandbox API for 3,000 files/month/customer
  • Detailed reports, incl. patient zero, zero day payload analysis

Firewall Advanced

  • Firewall Standard: L3/L4 policies, basic DNS control
  • Extensive FW rules framework 
  • Outbound FW with App ID, User ID; user, group, dept.-level rules
  • Cloud IPS for non-web protocols
  • DNS rules and DNS tunnel detection
  • Full detailed FW logging, incl. reporting and dashboards

Cyber Browser Isolation Advanced

  • Cyber Isolation Standard: Isolate unknown destinations
  • Prevent up/download, control copy/paste/print; local browser rendering
  • Mobile browser, policies on destination app, device, risk, user, and AI/smart isolation
  • Isolate Office files, isolation + quarantine, download flattened PDF/CDR, browser-in-browser
  • 1.5 GB/user/month of isolation traffic (upgradeable to unlimited isolation)
02Private Access

Fast, secure, reliable private app access for all users, from any device or location

devices

Zscaler Private Access is available as an integrated component of the Essentials Platform (for 5% of users) and Zero Trust Platform, or as a standalone solution.

Zscaler Private Access (standalone)

  • App Connector (as many as required
  • Private Service Edge (as many as required)
  • Browser-based access and user portal
  • Privileged remote access (>500 users required)
  • Digital Experience Standard
  • 20 application segments
  • Add-on: Segmentation (unlimited app segments, ML-based recommendations, and more)
  • Add-on: AppProtection
03Data Protection

A completely unified platform to secure all data types, across all channels

In addition to core data protection features, add-on modules are available:
Advanced Modules

Endpoint Protection

  • Endpoint data discovery
  • Print, personal cloud, removable storage, local network shares
  • Monitor user activity (dashboards, reports, NSS feeds)

Email Protection

  • Inline data protection (Exchange/Gmail)
  • Out-of-band email API (Exchange/Gmail)

SaaS Security

  • Out-of-band SaaS API (CASB) for all SaaS apps (except Exchange/Gmail)
  • SaaS security posture management (SSPM)
  • SaaS security for third-party apps

Browser Isolation 
(VDI Replacement)

  • VDI replacement and other managed devices use cases (cloud App Control, user/device risk based Isolation)
  • 1.5GB/user/month (measured across all Isolation users)

Data Classification and Encryption

  • Advanced classification, incl. EDM, IDM, OCR
  • Sensitive file encryption
  • Watermarking
  • Privacy control-redaction

01 / 03

04Risk Management

Actionable insights to reduce overall risk

Advanced Modules

Deception Advanced

  • 300 customizable decoys (network, application, identity), deep packet inspection
  • Ransomware detection, local scan/MiTM detection, 5 active file decoys, privilege escalation, defense evasion detection, triage
  • Full SOC workflow: SIEM forwarding, orchestration and containment, ThreatParse rules
  • Custom notifications and reports, RBAC, static IP allow-listing, API access

Risk360 Advanced

  • Cyber risk quantification and reporting framework
  • Granular risk factors derived from Zscaler and third-party security tools
  • Financial exposure detail and board-ready reporting
  • Actionable risk insights with policy and mitigation recommendations

Unified Vulnerability Management Advance

  • Deduplication, contextualization, mitigating controls, and correlation of findings
  • Context from 150+ sources (CVEs, assets, users, apps, identity, behavior + mitigating controls)
  • Closed-loop integration with workflow tools
  • Out-of-the-box visual reports for overall risk trends and analysis
05Zero Trust SD-WAN

Secure connectivity for branches, campuses, and factories, without VPNs or lateral threat movement

Standard

Includes up to 10 virtual sites with platform purchases of >500 users, and:

  • Visibility, Zscaler Internet Access (ZIA), and Zscaler Private Access (ZPA) 
  • Up to 10 IoT devices/site
  • 20 GB of traffic/month/site

Note: Device counts and traffic are aggregated across all sites

Advanced

Includes everything in Standard, plus:

  • Gateway features (WAN, LAN, DNS, DHCP) and ISP path selection
  • Up to 50 IoT devices/site included
  • 100 GB of non-user traffic/month/site included

Note: Device counts and traffic are aggregated across all sites

Advanced Plus

Includes everything in Advanced, plus:

  • Advanced firewall, IDS, IPS
  • IoT/OT discovery and classification, tagging, IoT policy control

Note: Device counts and traffic are aggregated across all sites

06Privileged Remote Access

Fast, direct, secure access to industrial systems and devices for third-parties and vendor technicians—with full governance controls.

Standard

Included with platform purchases of >500 users

  • Up to 10 systems (RDP/VNC/SSH)
  • 1 pair of App Connectors per system
  • Up to 1 GB monthly data pooled across all systems

Includes:

  • Full protocol isolation—SSH, RDP, VNC
  • Interactive authentication
  • Clipboard controls (text copy/paste)
  • Sandboxed file transfer (with Advanced Cloud Sandbox)
  • Just-in-time/time-bound access

Advanced

  • Subscribed by number of systems (RDP/VNC/SSH)
  • 1 pair of App Connectors per system
  • Up to 10 GB monthly data per system pooled across all systems

Includes everything in Standard, plus:

  • Credential vaulting and injection
  • Emergency access1
  • Cloud session recording and playback2
  • Session monitoring
  • Ushered access
  1. Emergency access for up to 100 users, not counted towards platform user count.
  2. Cloud recording for up to 10 hours/month per system, pooled across all systems; 365 days of cloud storage.
07Workload Communications

Security for workloads and servers with a modern zero trust architecture

Standard

  • Basic controls to protect workloads using stateful filtering
  • Comprehensive protection for apps deployed in the cloud or data center

Advanced

Everything in Standard, plus:

  • Secure workload-to-internet access with deep packet inspection
  • Log storage for regulatory compliance
  • Source IP anchoring
  • Sub-location-based workload segmentation
  • Workload data leak protection
  • Cyber protection for workloads with standard FW and DNS control

Advanced Plus

Everything in Advanced, plus:

  • Inline data protection
  • Advanced data classification
  • Advanced FW protection for workloads, incl. Sandbox
  • Cloud NSS and Log Recovery
08Digital Experience Monitoring

AI-powered detection and resolution of app, network, and device issues to keep users productive

Modules

Standard

Ideal for organizations monitoring digital experiences from user devices, network paths, and applications.
 

Includes:

  • Unified monitoring
    • User experience
    • Application
    • Device health
    • Network performance
  • Email alerts
  • 3 applications
  • Poll at 15-minute intervals
  • 3 alert rules
  • Data retention: 2 days

Advanced

Comprehensive monitoring at scale for advanced IT support, service desk, network, and security needs.
 

Everything in Standard, plus:

  • AI-powered root cause analysis
  • All apps, plus Teams/Zoom/Webex call quality
  • Read-only shareable URLs and user details snapshots
  • Organization-wide device model and software version review
  • Trend reports across apps, locations, devices, and networks
  • Performance impact analysis of specific app or user data
  • ITSM tool integration via API/webhooks
  • 15 applications
  • Poll at 5-min intervals
  • 25 alert rules
  • Data retention: 14 days

Advanced Plus

The ultimate DEM solution, with maximum visibility, altering, and troubleshooting capabilities.
 

Everything in Advanced, plus:

  • Troubleshooting of device issues caused by active processes
  • List incidents across applications, Zscaler data centers, last mile ISPs, and Wi-Fi
  • Proactive user alerts for Wi-Fi/ISP issues
  • Copilot AI assistant for instant troubleshooting and insights
  • Web and network performance monitoring and analysis from Zscaler hosted locations
  • 50 applications
  • Poll at 5-min intervals
  • 100 alert rules
  • Data retention: 14 days

Request a demo

Connect with our product experts to see the Zscaler platform in action, discuss your unique challenges and use cases, and learn more about specific bundle pricing.

Looking for information about legacy plans and bundles?