Zscaler Platform Bundles

Comprehensive platform offerings to secure, simplify, and transform your business

Essentials Platform

Start your zero trust journey with secure, reliable internet access and limited private access, with other Zscaler innovations.
Secure Internet Access (SWG)
Private Access (for 5% of users)

Also includes:

  • Digital Experience for Platform
  • Standard Versions: Data Protection (alert only), Sandbox, Firewall, Cyber Isolation, Zero Trust for Workloads (1GB/user/month)

RECOMMENDED

Zscaler Platform

Unlock the complete SASE/SSE solution, including full internet access, private access, and data protection.
Secure Internet Access (SWG)
Private Access (for all users)
Data Protection (inline web, all apps)

Also includes:

  • Standard Versions: Digital Experience, Sandbox, Firewall, Cyber Isolation, Deception, Zero Trust for Workloads (2GB/user/month), Zero Trust SD-WAN (up to 10 sites)

Note: Zscaler Private Access, SaaS Security, DSPM, Deception, Unified Vulnerability Management, Zero Trust for Workloads, Zero Trust SD-WAN, Zscaler Digital Experience (ZDX) Advanced, ZDX Advanced Plus, and Device Segmentation are available as standalone products that do not require a platform bundle.

Add-ons

Add on advanced capabilities

01Inline Cyberthreat Protection

Comprehensive, integrated threat protection for users, devices, and workloads

Both platform bundles come with the Cyberthreat Protection Standard package, which includes standard Sandbox, Firewall, Isolation, and correlated threat insights.
Advanced Modules

Sandbox Advanced

  • Sandbox Standard: EXE, DLL from unknown sites
  • Expanded file type support
  • Quarantine by policy
  • Instant AI verdict
  • Sandbox API for 3,000 files/month/customer
  • Detailed reports, incl. patient zero, zero day payload analysis

Firewall Advanced

  • Firewall Standard: L3/L4 policies, basic DNS control
  • Extensive FW rules framework 
  • Outbound FW with App ID, User ID; user, group, dept.-level rules
  • Cloud IPS for non-web protocols
  • DNS rules and DNS tunnel detection
  • Full detailed FW logging, incl. reporting and dashboards

Cyber Browser Isolation Advanced

  • Cyber Isolation Standard: Isolate unknown destinations
  • Prevent up/download, control copy/paste/print; local browser rendering
  • Mobile browser, policies on destination app, device, risk, user, and AI/smart isolation
  • Isolate Office files, isolation + quarantine, download flattened PDF/CDR, browser-in-browser
  • 1.5 GB/user/month of isolation traffic (upgradeable to unlimited isolation)
02Private Access

The most comprehensive private application access for any user, any app, any device

ZPA is available as part of the Essentials Platform (for 5% of users) and Zscaler Platform bundles in addition to the standalone in the ZPA Platform. Get complete value with the Private Access add-on:

AI-powered App Segmentation and Insights

  • Unlimited app segments
  • Ensures least privileged access with frequent AI recommendations (every 14 days)
  • Provide recommendation reasons to help customers to make a choice of acceptance
  • Visual insights on recommendations, user-app assignments, and policy utilization
  • Download of details for offline analysis and reporting on user and app usage
  • Easy import of apps into ZPA making it less error-prone

AppProtection

  • Inspect Layer 7 app traffic and provide visibility for web or identity-based attacks
  • Mitigate web risks including OWASP Top 10 such as SQL injection, cross-site scripting, and server-side request forgery
  • Detect and identify Active Directory attacks such as kerberoasting and enumeration
  • Zero-day threat protection with virtual patches against latest CVEs
  • Detect and report suspicious browser-based activity
  • Align with MITRE ATT&CK framework
03Data Protection

A completely unified platform to secure all data types, across all channels

In addition to core data protection features, add-on modules are available:
Advanced Modules

Endpoint Protection

  • Endpoint data discovery
  • Print, personal cloud, removable storage, local network shares
  • Monitor user activity (dashboards, reports, NSS feeds)

Email Protection

  • Inline data protection (Exchange/Gmail)
  • Out-of-band email API (Exchange/Gmail)

SaaS Security

  • Out-of-band SaaS API (CASB) for all SaaS apps (except Exchange/Gmail)
  • SaaS security posture management (SSPM)
  • SaaS security for third-party apps

Browser Isolation 
(VDI Alternative)

  • VDI Alternative and other managed devices use cases (cloud App Control, user/device risk based Isolation)
  • 1.5GB/user/month (measured across all Isolation users)

Data Classification and Encryption

  • Advanced classification, incl. EDM, IDM, OCR
  • Sensitive file encryption
  • Watermarking
  • Privacy control-redaction

01 / 03

04Risk Management

Actionable insights to reduce overall risk

Advanced Modules

Deception Advanced

  • 300 customizable decoys (network, application, identity), deep packet inspection
  • Ransomware detection, local scan/MiTM detection, 5 active file decoys, privilege escalation, defense evasion detection, triage
  • Full SOC workflow: SIEM forwarding, orchestration and containment, ThreatParse rules
  • Custom notifications and reports, RBAC, static IP allow-listing, API access

Risk360 Advanced

  • Cyber risk quantification and reporting framework
  • Granular risk factors derived from Zscaler and third-party security tools
  • Financial exposure detail and board-ready reporting
  • Actionable risk insights with policy and mitigation recommendations

Unified Vulnerability Management Advance

  • Deduplication, contextualization, mitigating controls, and correlation of findings
  • Context from 150+ sources (CVEs, assets, users, apps, identity, behavior + mitigating controls)
  • Closed-loop integration with workflow tools
  • Out-of-the-box visual reports for overall risk trends and analysis
05Zero Trust SD-WAN

Secure connectivity for branches, campuses, and factories, without VPNs or lateral threat movement

Standard

Includes up to 10 virtual sites with platform purchases of >500 users, and:

  • Visibility, Zscaler Internet Access (ZIA), and Zscaler Private Access (ZPA) 
  • Up to 10 IoT devices/site
  • 20 GB of traffic/month/site

Note: Device counts and traffic are aggregated across all sites

Advanced

Includes everything in Standard, plus:

  • Gateway features (WAN, LAN, DNS, DHCP) and ISP path selection
  • Up to 50 IoT devices/site included
  • 100 GB of non-user traffic/month/site included

Note: Device counts and traffic are aggregated across all sites

Advanced Plus

Includes everything in Advanced, plus:

  • Advanced firewall, IDS, IPS
  • IoT/OT discovery and classification, tagging, IoT policy control

Note: Device counts and traffic are aggregated across all sites

06Privileged Remote Access

Fast, direct, secure access to industrial systems and devices for third-parties and vendor technicians—with full governance controls.

Standard

Included with platform purchases of >500 users

  • Up to 10 systems (RDP/VNC/SSH)
  • 1 pair of App Connectors per system
  • Up to 1 GB monthly data pooled across all systems

Includes:

  • Full protocol isolation—SSH, RDP, VNC
  • Interactive authentication
  • Clipboard controls (text copy/paste)
  • Sandboxed file transfer (with Advanced Cloud Sandbox)
  • Just-in-time/time-bound access

Advanced

  • Subscribed by number of systems (RDP/VNC/SSH)
  • 1 pair of App Connectors per system
  • Up to 10 GB monthly data per system pooled across all systems

Includes everything in Standard, plus:

  • Credential vaulting and injection
  • Emergency access1
  • Cloud session recording and playback2
  • Session monitoring
  • Ushered access
  1. Emergency access for up to 100 users, not counted towards platform user count.
  2. Cloud recording for up to 10 hours/month per system, pooled across all systems; 365 days of cloud storage.
07Workload Communications

Security for workloads and servers with a modern zero trust architecture

Standard

  • Basic controls to protect workloads using stateful filtering
  • Comprehensive protection for apps deployed in the cloud or data center

Advanced

Everything in Standard, plus:

  • Secure workload-to-internet access with deep packet inspection
  • Log storage for regulatory compliance
  • Source IP anchoring
  • Sublocation-based workload segmentation
  • Workload data leak protection
  • Cyber protection for workloads with standard FW and DNS control

Advanced Plus

Everything in Advanced, plus:

  • Inline data protection
  • Advanced data classification
  • Advanced FW protection for workloads, incl. Sandbox
  • Cloud NSS and log recovery
08Digital Experience Monitoring

AI-powered detection and resolution of app, network, and device issues to keep users productive

Modules

Standard

Ideal for organizations monitoring digital experiences from user devices, network paths, and applications.
 

Includes:

  • Unified monitoring
    • User experience
    • Application
    • Device health
    • Network performance
  • Email alerts
  • 3 applications
  • Poll at 15-minute intervals
  • 3 alert rules
  • Data retention: 2 days

Advanced

Comprehensive monitoring at scale for advanced IT support, service desk, network, and security needs.
 

Everything in Standard, plus:

  • AI-powered root cause analysis
  • All apps, plus Teams/Zoom/Webex call quality
  • Read-only shareable URLs and user details snapshots
  • Organization-wide device model and software version review
  • Trend reports across apps, locations, devices, and networks
  • Performance impact analysis of specific app or user data
  • ITSM tool integration via API/webhooks
  • 15 applications
  • Poll at 5-min intervals
  • 25 alert rules
  • Data retention: 14 days

Advanced Plus

The ultimate DEM solution, with maximum visibility, altering, and troubleshooting capabilities.
 

Everything in Advanced, plus:

  • Troubleshooting of device issues caused by active processes
  • List incidents across applications, Zscaler data centers, last mile ISPs, and Wi-Fi
  • Proactive user alerts for Wi-Fi/ISP issues
  • Copilot AI assistant for instant troubleshooting and insights
  • Web and network performance monitoring and analysis from Zscaler hosted locations
  • 50 applications
  • Poll at 5-min intervals
  • 100 alert rules
  • Data retention: 14 days

Looking for information about legacy plans and bundles?