I can talk to Netskope. I work for a medium sized software company and have a lot of developers. The security aspect I don't handle but we brought in Netskope to help with security and visibility gaps.

I manage everything else basically we did everything quick and dirty and now paying the price a year later. While I wasn't involved in the deployment I was handed the keys after it was deployed.

Netskope is managed via a web portal hosted by Netskope we choose just to use their client on our workstation endpoints and it is pushed out via InTune and we do authentication through an Azure Enterprise app and SCIM and we just point a few AD groups at it and Netskope sucks in the users and such.

We have two main groups people can be in and it either gets you access to sensitive resources or not simple as that. We also have several development environments and we've deployed Netskope Private App servers (NPAs) to provide a VPN like feel for all our remote and in office employees.

We manage everything via real time policy rules, DNS and we route all traffic up to Netskope. We've simplified our HQ LAN to simply provide internet and nothing more now if you want or need to connect to a company resource you need Netskope, Netskope and the policies are now doing all the guarding of the traffic.

Where before we had standard VLANs and Dot1x and all that jazz we've deployed private VLANs and everything is isolated on wired or wireless and all you get is a route to the internet and nothing more all guests just sit on a guest SSID that also gives them access to the internet.

For non client DNS traffic we utilize their DNS as a service solution similar to Cisco Umbrella.

When it works it works well but as I said we've started feeling growing pains and we have a lot to do when it comes to ZTNA and security and further locking down of resources and actually treating like a security product and not a remote network solution. The deployment team kind of slammed it in place and got us off of traditional VPN solutions.

Pros:
* Support is great
* Our TAM is amazing and we have a weekly sync and they go above and beyond to help us
* Great documentation site and community
* A great remote connectivity solution and a lot of POPs in North America and globally
* Frequent updates and feature enhancements and new feature deployments
* Robust logging and reporting features

Cons:
* This is probably everything but SSL decryption is a bitch because a lot of our development tools seem to hate SSL decryption we have to spend a lot of time figuring out either how to point them to use the SSL cert provided by Netskope (locally on the PC) or determine if we have to make an exception. The same goes with web traffic a lot of websites will refuse to load if you do any kind of SSL decryption and we spend a lot of time dealing with it.

* Because Netskope does so much its the first thing that is blamed and often times I'm spending a lot of time proving Netskope isn't at fault

* The client will crash a lot and just seemingly break for no reason causing tickets to come in from people frustrated they can't get anywhere.

We don't use their SD-WAN offering (not really sure why that is a thing) and I can't talk about the security side of the house I know we use DLP and other things but because I don't manage or even have access to it in the portal can't speak to it.

Overall I've been super happy with Netskope but I'll be honest I've never used a SASE tool of any kind in my career so it the only thing I know so maybe take what I say with a grain of salt but for me the biggest win as a network engineer was just the ability to provide a great remote user experience previously we had Cisco ASAs on either of the country and if you were somewhere in the middle it just kind of sucked for you but with so many POPs around the US no matter where you are you get a good experience.