End the Device, Network, App Performance Debate

From 11:27 AM ET on February 27 through 10:47 AM ET on March 2, Zscaler Digital Experience (ZDX) synthetic monitoring recorded a sustained availability degradation for Claude (claude.ai). Requests to the front door were returning HTTP 307 redirects that then landed on 403 denials — a pattern that typically points to a security or routing layer blocking the final request. For the enterprises that had added Claude to their daily workflow, the question wasn't academic: is this us, our network, or the provider?

Answering that question — for any app, any incident — is the work ZDX is built for.

Two new capabilities, now GA

ZDX Real User Monitoring (RUM) and ZDX Device Remediation are now generally available in ZDX. Before getting into what each one does, it's worth naming the problem they solve.

Performance incidents don't respect org charts. "The app is slow" can be caused by the device, the local Wi-Fi, the ISP, the Zscaler cloud path, or the application itself. When teams only see part of the path, tickets bounce between groups and resolution time grows.

The challenge has gotten harder, not easier, as enterprise dependence on third-party SaaS has expanded. Modern stacks span everything from Microsoft 365 and Salesforce to a growing list of GenAI and developer tools — each one a potential tier-1 dependency that IT has to support but doesn't control. When one of them degrades, the first job is triage: isolate the cause, determine ownership, and route the response.

Most IT operations are also overwhelmingly reactive. Issues surface when users complain, and response starts with a familiar sequence — collect logs, try to reproduce, schedule a remote session, escalate, repeat. Even when the fix is known, executing it consistently across hundreds or thousands of devices is hard.

The goal: shift from reactive firefighting to proactive experience management, where teams spot degradation early, determine ownership quickly, and remediate what's fixable — without stitching together four different tools and four different agents.

Why ZDX is positioned to do this

ZDX is integrated directly into the Zscaler Zero Trust Exchange and delivered through the Zscaler Client Connector — the same agent customers already run for security. That means monitoring and remediation don't require a new device agent or a separate data plane.

Sitting in the traffic path lets ZDX correlate signals that are usually siloed:

• ISP and internet-path intelligence derived from traffic across the Zscaler cloud
• Device and application telemetry from the device
• Synthetic checks that continuously probe app availability and HTTP behavior from multiple locations — the kind of monitoring that surfaced the SaaS outage described above, with clear availability trends and actionable HTTP signals that let customers move from guesswork to informed escalation in minutes
• Session-level evidence from real users via a browser plug-in (now, with RUM)

The practical benefit is that teams move faster from symptom to evidence to root cause to action, and Level 1 support can resolve more issues without escalating.

One example of this in action: Peer Impact Analysis — a ZDX capability that shows whether a performance drop is isolated to one user's Wi-Fi or reflects a broader ISP or backbone issue affecting many users. When the problem is in the ISP path, IT can use ZIA policies to reroute traffic to a different Zscaler data center while the ISP recovers, rather than waiting for the provider.

The ZDX Score now includes RUM

ZDX uses a 0–100 ZDX Score to quantify experience: Good (66–100), Okay (34–65), Poor (0–33).

What's new: the ZDX Score now incorporates both synthetic checks and Real User Monitoring in a single score. Teams have one consistent metric to start triage, then can drill into the underlying signals to decide where to investigate.

ZDX Real User Monitoring (RUM)

Synthetic checks are valuable because they're repeatable, and they're often the first signal that something is wrong. The Claude availability detection above is a good example of what synthetics do well: continuously probe an application from outside, surface availability and HTTP status, and confirm whether the issue is with the provider or the customer's own path.

RUM is different — and it's important to be clear about the distinction. RUM captures performance from real browser sessions inside the applications a customer has instrumented. It applies to SaaS and private apps.

Where RUM helps is inside the customer's own experience stack. Synthetics can tell you an app's front door is up; RUM tells you whether the user's actual workflow — the form submission, the API call, the third-party script load deep in the page — is succeeding or failing, and where the time is being spent.

What different teams get from RUM:

• Service Desk: Device, browser, and JavaScript error context to resolve client-side issues faster — or escalate with data tied to the user's actual experience.
• Network Operations: Evidence to determine whether a slowdown originates in the user's path (Wi-Fi, ISP, routing) or in the application and its third-party dependencies.
• Security: Session-level details that help isolate access or policy-related issues without guessing whether a control change is needed.

A customer example: A large healthcare organization used ZDX RUM to show that a third-party application was taking 16 seconds to display an order page. Once the third-party team saw the evidence, they reduced it to 6 seconds — a 62% improvement. The point isn't the percentage; it's that the conversation with the third party was grounded in real session data instead of anecdote.

ZDX Device Remediation

Many experience-impacting issues are repeatable device problems: caches that need clearing, services that hang, disks that fill up, configuration drift. The fix is usually known—the bottleneck is executing it consistently at scale. Device Remediation lets IT teams detect and resolve common system issues across targeted devices using custom or pre-configured scripts — no remote session required per device.

Service Desk Teams: Reduce IT support tickets and improve performance by cleaning up disks and caches (browser, DNS, Teams); restarting non-responsive Windows (Antivirus)/ZIA/ZPA services; analyzing BSOD and battery life; reducing application-specific TLS connection failures caused by customer trust stores in developer tools (ZIA); controlling configuration of network cards and protocols supported (IPV6).

Security Teams: Enforce security compliance and reduce risk by identifying posture gaps (e.g., unsigned binaries, expired certs) and remediating drift in configurations (BitLocker, antivirus, ZIA/ZPA), including rebooting devices or re-enabling disabled security software.

Network Teams: Find and fix network problems faster by troubleshooting with automated nslookup/traceroute/ping, analyzing DNS response times, and ensuring Windows Location Services are enabled.

A customer example: An observability engineer at an independent investment research firm described the pattern plainly:

"By executing disk cleanup scripts immediately following ZDX full-disk alerts, we can target specific devices and proactively resolve storage issues, significantly lowering our MTTR."

A second customer, a major European shipping firm, put the broader impact this way:

"Using ZDX Device Remediation, we capture granular device telemetry — including DNS resolution latency and per-process memory consumption on-demand, without requiring remote-session tools. This allows us to execute silent remediations like flushing DNS caches or managing leaked processes, restoring the user experience in minutes and eliminating multi-day ticket escalations."

ZDX Device Remediation validates a remote script run’s success by confirming the job completed and then using the success rate indicator (the green/red bar) to show what percentage of targeted devices reported a successful execution. The devices count and start/end timestamps provide added confirmation of the run’s scope and when it is executed.

Whether the question is "is this us or the provider?" on a SaaS outage, "is this the network or the app?" on a slow workflow, or "can we fix this without a remote session?" on a recurring device issue — the work is the same: get to evidence fast, route to the right owner, and act when the fix is on your side.

ZDX provides end-to-end visibility across device, network, and application — integrated into the Zero Trust Exchange and delivered through the same agent customers already run.

With RUM and Device Remediation now GA, customers get two practical additions to that foundation:

• RUM and synthetics in one ZDX Score — a single metric for triage, backed by both baseline checks and real session evidence
• Remediation at scale — the ability to fix common device issues through custom or pre-configured scripts, reducing escalations for known, fixable problems

For teams that want to operationalize these capabilities, start by enabling RUM on a small set of high-impact apps, define two or three safe remediation scripts tied to clear triggers, and measure success by experience recovery rather than ticket volume alone.