CASB is an interesting space, Zscaler has a multi-pronged with regards to CASB and it really depends on on the use-cases you are wanting to solve.
In general, CASB can be broken into three core capabilities:
- Unsanctioned IT
- Sanctioned IT
- Zscaler, as a SWG, has a very strong capability in the unsanctioned space. As we are inline for all web traffic we see every request for every cloud app. When deployed to best practice Zscaler sees this for all Internet traffic regardless of where the user is, on Earth. We have a comprehensive reporting solution for unsanctioned IT discovery, using app intelligence of our own, as well as metrics ingested by the likes of Microsoft Cloud App Security (MCAS) and Sky High (McAfee).
See the “Cloud Applications” section here for more info --> https://help.zscaler.com/zia/about-dashboards
MCAS feeding --> https://help.zscaler.com/zia/configuring-mcas-feed
**CASB API --> **https://help.zscaler.com/zia/about-partner-integration-management
For sanctioned, Zscaler has direct integrations with MCAS and Skyhigh, Zscaler can feed both platforms with log data, and these platforms can also provide a feedback loop to Zscaler via mutual API integrations. It’s worth noting that driving sanctioned controls like “who’s sharing what to whom” is in the domain of pure CASB players.
For DLP, as per our unsanctioned controls, we provide DLP for all data in motion that Zscaler is inspecting. Using DLP to probe into the API’s of cloud apps and set classification markers is again in the domain of pure CASB players.
As for where Netskope sits on the competitive landscape, I suggest we open a dialogue with your Zscaler friendly SE and Customer Success teams for your business, please let me know if you need introductions.
Hope this helps from a high level.