We performed a comparison between Trellix Network Detection and Response and Vectra AI based on real PeerSpot user reviews.
Find out in this report how the two Network Detection and Response (NDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature is MVX, which tests all of the files that have been received in an email."
"The sandbox feature of FireEye Network Security is very good. The operating system itself has many features and it supports our design."
"The MVX Engine seems to be very capable against threats and the way it handles APTs is impressive."
"Support is very helpful and responsive."
"If we are receiving spam emails, or other types of malicious email coming from a particular email ID, then we are able to block them using this solution."
"Its ability to find zero-day threats, malware and anything malicious has greatly improved my customer's organization, especially for protecting the users' browser."
"Before FireEye, most of the times that an incident would happen nobody would be able to find out where or why the incident occurred and that the system is compromised. FireEye is a better product because if the incident already happened I know that the breach is there and that the system is compromised so we can take appropriate action to prevent anything from happening."
"The scalability has not been a problem. We have deployed the product in very high bandwidth networks. We have never had a problem with the FireEye product causing latency issues within our networks."
"It's important for us that the user interface is easy to understand and that is the biggest benefit we see from Vectra AI."
"Cognito Streams gives you a detailed view of what happens in the network in the form of rich metadata. It is just a super easy way to capture network traffic for important protocols, giving us an advantage. This is very helpful on a day-to-day basis."
"It does a reliable job of parsing out the logs of all the network traffic so that we can ingest them into our SIEM and utilize them for threat hunting and case investigations. It is pretty robust and reliable. The administration time that we spend maintaining it or troubleshooting it is very low. So, the labor hour overhead is probably our largest benefit from it. We spend 99% of our time in Vectra investigating cases, responding to incidents, or hunting, and only around 1% of our time is spent patching, troubleshooting, or doing anything else. That's our largest benefit from Vectra."
"The most useful feature is the anomaly detection because it's not signature-based. It picks up the initial part of any attack, like the recon and those aspects of the kill chain, very well."
"The solution provide visibility into behaviors across the full lifecycle of an attack in our network, beyond just the Internet gateway. It makes our security operations much more effective because we are now looking not just at traffic on the border, but we're looking at east-west internal traffic. Now, not only will we see if an exploit kit is being downloaded, but we would be able to see then if that exploit kit was then laterally distributed into our environment."
"Vectra is very compatible with various cloud providers, such as Amazon and Azure AD. This is helpful as customers often migrate their network infrastructure to the cloud."
"One of the most valuable features is all the correlation that it does using AI and machine learning. An example would be alerting on a host and then alerting on other things, like abnormal behavior, that it has noticed coming from the same host. It's valuable because we're a very lean team."
"It provides various dashboards that facilitate the identification of connections and can detect data exfiltration, meaning data sent from your environment to another."
"It doesn't connect with the cloud, advanced machine learning is not there. A known threat can be coming into the network and we would want the cloud to look up the problem. I would also like to see them develop more file replication and machine learning."
"A better depth of view, being able to see deeper into the management process, is what I'd like to see."
"Stability issues manifested in terms of throughput maximization."
"Cybersecurity posture has room for improvement."
"There is a lot of room for Improvement in the offering, from cost to functionality. It is pretty straightforward to implement which is an advantage. However, it falls short in pricing, detection capabilities, and, most importantly, reporting and policy management."
"It would be very helpful if there were better integration with other solutions from other vendors, such as Fortinet and Palo Alto."
"The world is currently shifting to AI, but FIreEye is not following suit."
"Technical support could be improved."
"We are using SMB 3.0, which is an encrypted protocol. When we get some alerts or something, we cannot go deep into the protocol to see what's wrong because it's encrypted. We need to decrypt the protocol in another way, which is quite difficult. We might go back to SMB 2.0 just for this reason, but that's not a good solution."
"In education as a sector, we are looking at AI a lot in terms of how it can be used as part of the teaching and learning side of things. It would be great to have Vectra AI look at a better way to enhance the security posture related to the AI tools in our portfolio."
"Vectra is still limited to packet management. It's only monitoring packet exchanges. While it can see a lot of things, it can't see everything, depending on where it's deployed. It has its limits and that's why I still have my SIEM."
"They use a proprietary logging format that is probably 90% similar to Bro Logs. Their biggest area of improvement is finishing out the remaining 10%. That 10% might not be beneficial to their ML engine, but that's fine. The industry standard is Zeek Logs or Bro Logs, or Bro or Zeek, depending on how old you are. While they have 90% of those fields, they're still missing some fields. In very rare instances, some community rules do not have the fields that they need, and we had to modify community rules for our logs. So, their biggest area of improvement would be to just finish their matching of the Zeek standard."
"I would like to see a bit more strategic metrics instead of technical data. Information that I could show to my executive management team or board would be valuable."
"In comparison with a lot of systems I used in the past, the false positives are really a burden because they are taking a lot of time at this moment."
"We have had a few issues with the integration of Vectra AI with EDR. Some filters have not been working. We've also had issues with the brain not being powerful enough."
"We would like to see more information with the syslogs. The syslogs that they send to our SIEM are a bit short compared to what you can see. It would be helpful if they send us more data that we can incorporate into our SIEM, then can correlate with other events."
More Trellix Network Detection and Response Pricing and Cost Advice →
Trellix Network Detection and Response is ranked 7th in Network Detection and Response (NDR) with 37 reviews while Vectra AI is ranked 2nd in Network Detection and Response (NDR) with 42 reviews. Trellix Network Detection and Response is rated 8.4, while Vectra AI is rated 8.6. The top reviewer of Trellix Network Detection and Response writes "Offers in-depth investigation capabilities, integrates well and smoothly transitioned from a lower-capacity appliance to a higher one". On the other hand, the top reviewer of Vectra AI writes "Integrates well with other security solutions and provides good technical support". Trellix Network Detection and Response is most compared with Fortinet FortiSandbox, Palo Alto Networks WildFire, Fortinet FortiGate, Zscaler Internet Access and Zabbix, whereas Vectra AI is most compared with Darktrace, ExtraHop Reveal(x), Cisco Secure Network Analytics, Arista NDR and Splunk User Behavior Analytics. See our Trellix Network Detection and Response vs. Vectra AI report.
See our list of best Network Detection and Response (NDR) vendors.
We monitor all Network Detection and Response (NDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.