Vectra AI Reviews

From our research network in Sweden, we use it to communicate to and from the Internet. The deployment is on our Internet-facing services. We facilitate monitoring for universities who need this as well.

One of the biggest challenges facing us today is data growth and the continual diversification of the IT landscape. It is a very heterogeneous model, where you have on-premises, hybrid, and cloud solutions, as well as service providers, where everything is communicating back and forth towards each other.

We just have one SOC in Sweden.

It keeps up with the network traffic, which is a good thing. It provides more context to plain alerts compared to using an older system. So, it helps an analyst reduce the information overload. 

Vectra AI triages threats and correlates them with the compromised host device. That is how the functionality works. It helps us prioritize which hosts to look into.

It works over the hours when an analyst is not available, so the work keeps going. It can help you prioritize certain traffic patterns and things that you need to handle.

It is a good system that goes hand in hand for both junior and senior analysts. I see it as a nice add-on there.

I would like more integrations with IOCs and threats currently on the Internet. I would also like to know which threats are based on zero-day attacks, current botnets, etc. Therefore, I would like more information on external threats.

We have been using it for evaluation and collaboration together with our customers for the past two years. We have had it in our own production environment for half a year.

We haven't had any major disruptions. We had one hardware error after delivery, but that was taken care of.

Not much maintenance is needed.

It scales nicely since they separate the sensor node from the brain node.

You can scale up to sensors and separate the architecture as you grow. So, you can define your initial steps first. then have a more mature hardware later on.

We are a team of less than 10 people. We have network engineers, security analysts, incident handlers, and operators. We have a broad team.

We have only had direct contact with the customer success team, and that has been great.

Positive

We previously used open-source SIEM models. We switched to Vectra AI to help with the automation of alerts.

The initial setup was fairly straightforward.

The deployment was done over the pilot phase. We changed the links and aggregation a bit on the networking side, but the work was fairly quick.

We had a good dialogue with Vectra regarding the initial setup.

After deploying Vectra AI in our network, it began to add value to our security operations within a week.

We have not yet seen ROI, but we are growing our usage. We need to offload at least one analyst or have it do the work of a couple of analysts over time. 

We had a pricing meeting for the solution, where we set up a certain set of requirements that Vectra could fit on both price and quality.

We evaluated three or four different solutions.

Vectra's licensing model could scale to our research network, which has multiple, 100-gigabit links. Other competitors could not scale that for us. 

Set up specific threat scenarios that you are looking into, then monitor and evaluate on that. For example, it could be a botnet or certain user behavior. Also, the solution works best within an enterprise.

We are currently evaluating upgrading our SIEM and EDR technologies. When we extend our scope of the traffic that we are monitoring, Vectra AI will possibly enable us to do things that we could not do before, which would be a nice side effect.

There are still quite a lot of alarms coming in. It helps to reduce the amount of alerts that an older IDS-based system would have had. While there are still a lot of alarms, there are less alarms than the traditional IDS.

I would rate the solution as nine out of 10.

Our primary focus lies in identifying weaknesses to address customer concerns regarding visibility into network operations. This is especially crucial due to the presence of various managed devices within the network. Detecting and managing these devices and enhancing visibility is done by Vectra AI. It also has the capability to detect potential threats and correlate diverse events that occur on the network. Hackers often target systems from different domains, requiring cross-domain correlation. Net NDR solutions, particularly Vectra, excel in fulfilling these needs using AI-driven algorithms. Over time, these algorithms learn from the data, aiding in automatic post-event analysis. 

Within Vectra, multiple models exist, including an AI model which is very important. Vectra is very compatible with various cloud providers, such as Amazon and Azure AD. This is helpful as customers often migrate their network infrastructure to the cloud. 

Additionally, Vectra provides managed detections and responses, enhancing a company's network detection capabilities. The platform also has attack signal intelligence to identify attackers based on their tactics and techniques, preventing them from compromising critical network devices. So it acts as a detection platform, essential for halting potential threats, including clouds like Amazon and Microsoft 365. 

We offer two solutions, Vectra and ExtraHop in the Qatar market. However, ExtraHop has better features that seem more advantageous when compared to Vectra. During demos, I encountered challenges with Vectra when demonstrating its capabilities, such as dealing with expired SSL certificates. Vectra AI is capable but ExtraHop is able to provide comprehensive insights and easier data querying. It excels in data query capabilities which is helpful for customers to access and manipulate their data effortlessly. This is where Vectra needs to enhance its capabilities. Customer support and handling high network traffic are additional areas that it needs to work on. There should be more flexible options to handle customers’ needs. Also, customers desire performance enhancements and integration capabilities with a single solution and cyber security. 

I have been using Vectra AI for two years. 

I would rate the stability an eight out of ten.

I would rate the scalability an eight out of ten.

We have a strong local presence and support in this market, and our company's origins in Turkey also contribute to robust local assistance. While comprehensive support is provided during major incidents and upgrades, we excel in offering immediate assistance for failover situations and downtime prevention. The team is highly specialized in cyber security and SOC technologies. We are quite strong and are able to help ourselves in the field of technical support.

Positive

The initial setup is straightforward. I would rate the setup an eight out of ten.

In the case of deployment, 70% of the public prefers the public cloud while the rest prefer private. These are the only two forms of deployment.

The initial deployment should ideally be completed within two weeks. However, due to the need for fine-tuning, false positive elimination, and deriving enhanced value, an extended period of around two months is necessary. This allows users to cover all the potential threats and risks, ensuring comprehensive coverage

The solution is low-cost and affordable. 

Vectra faces robust competition, but it substantiates its abilities. Depending on client needs, it can easily work with other IT solutions. Yet, for pure network detection and response, Vectra excels, particularly for enterprises demanding very good solutions. It offers superior detection coverage for heightened security. It has an encryption-based approach, enabling threat detection without decrypting any data. Moreover, Vectra stands out with its broad integration capabilities with third-party tools and I personally find it a successful feature.

Overall, I would rate Vectra AI an eight out of ten. 

We have a basic Vectra environment because we mainly only use the NDR for the solution's options. We do mainly filled logins, anomalies, and network flow monitoring.

Vectra AI helped improve our mean time to identify by allowing us to have visibility and reveal some hidden or unknown things.

Vectra AI has had a positive impact on the productivity of our SOC team which is an external party. It as well had a positive impact on our IT environment for detection purposes, adapting, and hardening.

The fact that we get the visualization of what's happening on our network, which is a way of improving our security in-depth is most valuable. That's because with the information we get out of Vectra, we know how to adapt and modify things in our network.

Regarding Vectra AI attack signal intelligence, it is providing us with information on how to adapt or protect ourselves against certain attack vectors. This feature is quite helpful.

I think Vectra AI's automation, reporting, and integration could be improved.

I have been using this solution for two years now.

It's stable as it performs as we expected.

If you have enough power or bandwidth to deploy another sensor, the scalability of this solution shouldn't be very complex.

I would rate the technical support of the Vectra AI solution a seven, on a scale from one to ten, with one being the worst and 10 being the best. The reason for this rating is that they always deliver what we expect and that's good enough for us. The reason that the rating is not a ten, is that we always need to let people improve themselves.

Neutral

I joined the deployment project at a later stage and I worked on deploying the sensors and tuning false positives and similar things. My experience when it comes to deployment was quite good as we had good hands-on engineers which is why the implementation went well. Our deployment was straightforward with our hands-on approach.

When it comes to ROI, in certain places we saw the return and in certain places we didn't. When it comes to security investments and tooling of security, the return on investment takes a bit longer and you always see your investment back. At one point something will happen and you will start using the tool for the reason you bought it.

Before Vectra, we didn't have any feasibility of our network net flow, so this solution gives us a better view of what has been happening on our network and this is what we're trying to solve by implementing Vectra.

We are not using the flood detection response platform.

We are not using Vectra MDR services.

Overall, I would rate this solution a seven, on a scale from one to ten, with one being the worst and ten being the best.

Vectra AI is an NDR tool, and my company is using it for security and insider threat detection purposes.

What I like best about Vectra AI is that it alerts you about suspicious activities.

An area for improvement in Vectra AI is reporting because it currently lacks some details. For example, when you download a report from Vectra AI, you won't see complete information about the alerts or triggers.

Another area for improvement in the tool is that sometimes, an alert has high severity, yet it's marked as low severity. Vectra AI should have a mechanism to change the severity level from low to high or critical.

I've been using Vectra AI for two years now.

Vectra AI is a stable tool.

Vectra AI is a scalable tool.

My company has a dedicated support team for Vectra AI, so I have the support team's direct contact number and WhatsApp number.

The technical support is excellent, so my rating is five out of five.

The initial setup for Vectra AI wasn't that complex. It won't take long if your environment is ready, with all required ports open. Setting up Vectra AI would be easy.

We implemented Vectra AI together with their technical support team.

My company pays for the Vectra AI licensing fee yearly. I know the figure because my company recently renewed the license, and it's okay, at least for the financial sector.

I'm the admin of Vectra AI, a tool implemented in my company.

The tool was updated three or four months ago, but I'm unsure if I have the latest release.

My company has two SOCs in different areas, so all SOC analysts log in or use Vectra AI, with the alerts forwarded to Splunk. One person is the admin in-house, but he works with support because the tool is customized for my company, as any command can't be run in Linux.

I'd recommend Vectra AI to others looking for an NDR solution.

Vectra AI is excellent for NDR purposes, in general. I'm rating it as ten out of ten based on my experience because I'm investigating the Vectra AI alerts. It triggers alerts for suspicious activities, so it's an excellent tool.

We had another product with Vectra AI and used the MDR solution as an add-on. Initially, it wasn't fully appropriately configured, so we didn't get the expected results. Even once configured correctly, we weren't fully satisfied with its response. The issue was both with their service response and the product's capabilities.

The solution's weekly reports needed to have more explanations. However, we needed more explanations because the reports provided were mainly statistical. We were looking for more analysis and insights.

I have been working with the product for less than a year. 

The initial setup was pretty straightforward. 

The solution's pricing was 50 percent lower than the other vendors shortlisted. 

I wouldn't recommend the product to others. We are moving away from it. I rate the overall solution a six out of ten. 

As an end user, I do not have to commit manpower to manage Vectra since most of their use cases are managed by them. It's a hands-off kind of deployment.

The deployment is hands-off, which means it saves us manpower resources since Vectra manages the use cases.

Most of their use cases, including deployment, are managed by the tool itself, requiring less manual input from our team.

Neither Vectra nor Darktrace have a function like a status health check on my log sources and traffic sources.

I have been working with Vectra for one or two years.

It's pretty good with no major issues.

The support is quite reliable depending on the service engineer assigned. I would rate them between eight and nine.

Positive

We are also working with Darktrace.

The setup is generally straightforward.

Vectra is cheaper in terms of pricing and features compared to Darktrace.

Vectra was compared alongside Darktrace.

Vectra serves its purpose well and does not require much manpower for updates.

I'd rate the solution eight out of ten.

I'm a SOC analyst, and I use Vectra AI to detect and respond to security incidents. My team manages the critical detections, and another team takes the low-priority detections. They also use Vectra to hunt for the system root.

We use the Threat Detection and Response platform, and it's quite good at detecting and responding to threats and attacks in real-time. I really like the UI experience because it's simple to use, and we get quite a lot of information very quickly.

Some valuable features of Vectra AI are that it is very intuitive and that there are only a small amount of false positives. Therefore, it's an effective solution.

Another benefit that is unrelated to security is that it allows us to see misconfigurations or things that should not be happening in terms of compliance.

As SOCs, we concentrate on the OS side, and with Vectra AI, we can now see the network from an endpoint point of view. It gives us new alerts and does bring some work because we now have more visibility. However, it's opening up a wide range of things for us.

We have a lot of system solutions and integrations with system solutions. Vectra is a type of black box. It implements AI-informed detection mechanisms, but we cannot create system detections. I understand that the product is designed this way, but it would be great if we could create our own detections as well.

I've been using this solution for six months.

From my point of view, Vectra AI's stability has been quite good. We have never had any issues.

On a scale from one to ten, I would give Vectra AI an overall rating of eight.

Our primary use cases for this solution are detection and then investigation afterward.

Vectra AI helped our team be more productive and save time. We have less work thanks to it.

We have not had any real threats so far.

Vectra AI helped improved our mean time to identify.

One of the things I am not so happy about when it comes to Vectra is the scoring board. 

In Darktrace, you can point or click on any client and see any connections that have been made directly in the dashboard. You don't have to go to recall. This is likely why Darktrace isn't as fast as Vectra, but it would still be nice to see this feature in Vectra. In addition, Darktrace has an advanced mode, but you are also able to see it directly in the main dashboard. This would be great to see in Vectra as well. 

We started implementing the tool around November. It is a step-by-step process for us because we have several locations and my team was not implementing it independently. We have another team that has to drive to the location. We finished the last location in mid-January.

Vectra AI is a stable solution. It works. 

Vectra AI's scalability is fine. We have a brain, we have a lot of centers, and the solution is easy to implement. Everything works.

The tech support is great. Whenever we had a problem, we got an answer immediately. This helps with having a general feeling that everything works in a solution.

Positive

We previously used a different tool, Darktrace. We used it for four years. The management told us to look for other tools. This was after we switched our main network hardware. We contacted Vectra and took the next step. We were just comparing different tools when we decided to go with Vectra. There were many different tools that were similar but we ultimately chose Vectra. Compared to Darktrace, Vectra's UI is much cleaner, there is less noise, and the performance is way better in the graphical interface. We get much fewer false positives. We also have to put less work into this tool, which is great for companies with small teams.

I was involved in the deployment from start to finish. It was fairly straightforward. The support we received was very good. When we had questions, they were answered immediately by the support engineer assigned to us.

I can't speak to whether or not we have seen a return on investment with this solution because we have not had any real threats so far.

As far as pricing goes, my only reference point is Darktrace. Their pricing is pretty even, which is a fair price.

We have not yet tested the whole tool in a penetration test. However, I would nonetheless give it at least an eight out of ten, with one being the worst and ten being the best. 

Right now, we have a good understanding of the UI and I know that there have been improvements to the visualization. The scoring redirects your focus to things that you should be looking at. The tool we used before Vectra was Darktrace. It was similar to where Vectra is heading now. With the scoring system, Vectra is a better solution.