We performed a comparison between Arista NDR and Auvik Network Management (ANM) based on real PeerSpot user reviews.
Find out in this report how the two Network Traffic Analysis (NTA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."This solution help us monitor devices used on our network by insiders, contractors, partners, or suppliers. Its correlation and identification of specific endpoints is very good, especially since we have a large, virtualized environment. It discerns this fairly well. Some of the issues that we have had with other tools is we sometimes are not able to tell the difference between users on some of those virtualized instances."
"The interface itself is clean and easy to use, yet customizable. I like that I can create my own dashboards fairly easily so that I can see what is important to me. Also, the query language is pretty easy to use. I haven't needed to use it a ton, but as I need to go in and do different queries based on their requests, it has been fairly simple to use."
"It gives us something that is almost like an auditing tool for all of our network controls, to see how they are performing. This is related to compliance so that we can see how we are doing with what we have already implemented. There are things that we implemented, but we really didn't know if they were working or not. We have that visibility now."
"When I create a workbench query in Awake to do threat hunting, it's much easier to query. You get a dictionary popup immediately when you try to type a new query. It says, "You want to search for a device?" Then you type in "D-E," and it gives you a list of commands, like device, data set behavior, etc. That gives you the ability to build your own query."
"The most valuable portion is that they offer a threat-hunting service. Using their platform, and all of the data that they're collecting, they actually help us be proactive by having really expert folks that have insight, not just into our accounts, but into other accounts as well. They can be proactive and say, 'Well, we saw this incident at some other customer. We ran that same kind of analysis for you and we didn't see that type of activity in your network.'"
"The query language that they have is quite valuable, especially because the sensor itself is storing some network activity and we're able to query that. That has been useful in a pinch because we don't necessarily use it just for threat hunting, but we also use it for debugging network issues. We can use it to ask questions and get answers about our network. For example: Which users and devices are using the VPN for RDP access? We can write a query pretty quickly and get an answer for that."
"Other solutions will say, "Hey, this device is doing something weird." But they don't aggregate that data point with other data points. With Awake you have what's called a "fact pattern." For example, if there's a smart toaster on the third floor that is beaconing out to an IP address in North Korea, sure that's bizarre. But if that toaster was made in North Korea it's not bizarre. Taking those two data points together, and automating something using machine-learning is something that no other solution is doing right now."
"The most valuable feature is the ability to see suspicious activity for devices inside my network. It helps me to quickly identify that activity and do analysis to see if it's expected or I need to mitigate that activity quickly."
"The ability to have visibility on a network to see the traffic and the ability to see if devices are misconfigured and if something changes in that configuration, are most valuable."
"I love the alerting. With a single pane of glass, it's able to tell me that there's a firewall error, or that something is offline, there is a switch configuration error, or a configuration change has taken place on a certain device."
"Among the most valuable features are the hardware life cycle and configuration backups, when applicable... When it does show you the hardware life cycle for, say, a Cisco device and the configuration backup, that's the most useful aspect for me as a network engineer."
"I like the fact that it's easy to set up and learn our network. I've used some other systems where it takes a lot of time and effort to manage the monitoring system, so you get what you put into it. The nice thing about Auvik is that you put the credentials in, put the agent on the network, and it just does its thing. It sets up alerts that you would most likely turn on anyway without even having to do it. If you add another new device to the network, it detects it and sets alerts up for that device. With the other systems that I've used, I had to manually add those devices in and manually set the alerts for new devices. I like that it's an almost set-it-and-forget-it sort of system."
"Being able to see things like the hardware lifecycle, if our equipment is up to date, if connections are broken, or whether there are physical line breaks, is helpful. We're able to determine connectivity issues. We can monitor pretty much anything that is network-related."
"Auvik makes it super simple to have sub-tenants and you can then view high-level details from the "parent" tenant, which is our MSP interface, while also diving deep into the client-side and having full access there for assigning client-level permissions."
"Auvik has alerts that help you be proactive by telling you when something is behaving abnormally."
"I find the mapping topology, traffic insights, and reporting to be the most valuable features that Auvik offers."
"When I looked at the competitors, such as Darktrace, they all have prettier interfaces. If Awake could make it a little more user-friendly, that would go a long way."
"Arista NDR needs to open legal offices to be closer to customers and partners. It needs more visibility in the NDR market in the Middle East. While they are doing well, they lack sufficient engineers. They need to hire more engineers to meet the demand and expand their presence. The current team is good but not enough to fully capture the market."
"One thing I would like to see is a little bit more education or experience on AWS cloud for their managed services team. We've explained how we have the information set up, that the traffic coming in goes to the AWS load balancer and then gets sent on to our internal servers... but when I get notices they always tell me this traffic is coming from the IPs belonging to the load balancers, not the source IPs. So a little bit more education for their team about how AWS manages the traffic might help out."
"Be prepared to update your SOPs to have your analysts work in another tool separately. There are some limitations in the integrations right now. One of the things that I want from a security standpoint is integration with multiple tools so I don't need to have my analysts logging into each individual tool."
"While the appliance is very good, and I think they're working on it, it would probably help if they integrated the management team cases into the appliance so that everything we are working on with them would be accessible on our platform, on the dashboard, on the portal. Right now, Awake is just an additional team that uses the appliance that we use and then we communicate with them directly. Communication isn't through the portal."
"Awake Security needs to move to a 24/7 support model in the MNDR space. Once they do that, it will make them even better."
"I would like to see the capability to import what's known as STIX/TAXII in an IOC format. It currently doesn't offer this."
"One concern I do have with Awake is that, ideally, it should be able identify high-risk users and devices and entities. However, we don't have confidence in their entity resolution, and we've provided this feedback to Awake. My understanding is that this is where some of the AI/ML is, and it hasn't been reliable in correctly identifying which device an activity is associated with. We have also encountered issues where it has merged two devices into one entity profile when they shouldn't be merged. The entity resolution is the weakest point of Awake so far."
"The general feature set could use some work. For network mapping and network alerting, it's great for what it does. But it could provide more monitoring, such as jitter monitoring, which it doesn't have, and round-trip time for packets. I would like to see more network detail on the actual traffic that's flowing through the network."
"I'd like to see some enhancements to Auvik's network map, including the ability to focus on specific areas without viewing the entire map."
"If I could make a wish list of things that I would like to see from Auvik, I would definitely love to see more vendor integration with specific manufacturers. They've got that integration with Cisco, but it would be awesome to also have that with other major brands, such as HP, Dell, and Lenovo. It should have integration with more vendors, and in general, being able to quickly and easily access vendor-specific tools from the portal would be amazing."
"I'd like to be able to deep dive more into the reporting. The reporting is still being scaled and built out and I would love to see some additional products being added to the stack. For example, Auvik covers certain types of firewalls, but I would like to see more enterprise stuff added to the stack."
"It needs flexibility for the pooling of information. Because it is fully automated, it is pooling everything from the device from a given category. There is no way to exclude things that are not important or if you want to temporarily remove them to see statistics of other things. For example, we get about 100 MB from Auvik. We are unable to limit this. We would rather stop monitoring something, since some features will always give you alerts, because they shouldn't be monitored. However, it is impossible to exclude them, e.g., the internal interface. If somebody disconnects the device from the internal interface, we get an alert. So, this is something that is really painful for us. More flexibility would solve most of our issues."
"The search could be slightly more intelligent. If I type in "Dell" and put an extra "L," Auvik doesn't give a suggestion, "Did you mean 'Dell?'" I have to fix that."
"The logging features could be a little bit better polished, although that aspect is relatively new. It comes in as raw data, with different formats for different vendors. It's not immediately clear to people what's going on with some of that and you have to read through the codes. Some of the higher-end logging solutions, like Splunk, which is very expensive, can parse through it and correlate items better. Improvement to the logging features would be a value-add, but I'm still very happy that it exists."
"We use a service called Tailscale, a peer-to-peer private networking tool. My biggest issue with Auvik was getting it to scan devices across the Tailscale network. I suspect it's not supported there. That would be a valuable extension for us."
More Auvik Network Management (ANM) Pricing and Cost Advice →
Arista NDR is ranked 8th in Network Traffic Analysis (NTA) with 14 reviews while Auvik Network Management (ANM) is ranked 3rd in Network Traffic Analysis (NTA) with 139 reviews. Arista NDR is rated 9.0, while Auvik Network Management (ANM) is rated 8.8. The top reviewer of Arista NDR writes "Gives us network layer visibility into things that may not be covered by other monitoring tools, such as shadow IT". On the other hand, the top reviewer of Auvik Network Management (ANM) writes "Enables us to get on top of issues before they become an outage". Arista NDR is most compared with Palo Alto Networks Advanced Threat Prevention, Vectra AI, Trend Micro Deep Discovery and Cisco Secure Network Analytics, whereas Auvik Network Management (ANM) is most compared with PRTG Network Monitor, LogicMonitor, SolarWinds NPM, Zabbix and Domotz. See our Arista NDR vs. Auvik Network Management (ANM) report.
See our list of best Network Traffic Analysis (NTA) vendors.
We monitor all Network Traffic Analysis (NTA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.