Arista NDR vs Vectra AI comparison

Read 43 Vectra AI reviews

8,868 Views
4,434 Comparison Views

97% willing to recommend

Arista NDR

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Nov 6, 2024

Vectra AI and Arista NDR are prominent competitors in the realm of network detection and response solutions. Vectra AI appears to have the upper hand due to its precise detection capabilities through AI-enabled filtering and triaging, which are highly praised in reducing alert fatigue.

Features: Vectra AI emphasizes detection precision with AI-enabled filtering and triaging, comprehensive attack lifecycle visibility, and risk-based threat prioritization. Arista NDR is known for its detailed traffic analysis, enriched security insights, and real-time enhanced visibility, coupled with its praised detailed reporting capabilities.

Room for Improvement: Vectra AI could benefit from better integration with third-party systems and improved management of complex host-driven threats. Enhancements for tracking multiple attack sources and better integrating host behavior analysis are needed. Arista NDR should expand its geographic presence and enhance engineering support, especially in underrepresented markets.

Ease of Deployment and Customer Service: Both Vectra AI and Arista NDR offer strong technical support. Vectra AI is recognized for its robust customer service structure, ensuring responsive support. Arista NDR is appreciated for its responsive customer service due to a close-knit support team, but might benefit from an expanded support infrastructure as the company grows.

Pricing and ROI: Vectra AI’s licensing is costly but seen as a valuable investment for enterprises focusing on threat detection. Arista NDR offers competitive pricing, making it a budget-friendly option, ideal for firms seeking cost-effective MDR service integration. Both solutions provide ROI by reducing incident response times and enhancing network security efficiency, though Vectra AI’s complex licensing may deter some customers.

To learn more, read our detailed Arista NDR vs. Vectra AI Report (Updated: October 2024).

Download the complete report

Arista NDR vs. Vectra AI

October 2024

Helped 815,854 peers since 2012

Categories and Ranking

Arista NDR

Ranking in Network Detection and Response (NDR)

10th

Average Rating

9.0

Number of Reviews

Ranking in other categories

Network Traffic Analysis (NTA) (6th)

Vectra AI

Ranking in Network Detection and Response (NDR)

2nd

Average Rating

8.6

Reviews Sentiment

7.2

Number of Reviews

Ranking in other categories

Intrusion Detection and Prevention Software (IDPS) (2nd), Extended Detection and Response (XDR) (9th), Identity Threat Detection and Response (ITDR) (5th), AI-Powered Cybersecurity Platforms (4th)

Mindshare comparison

As of November 2024, in the Network Detection and Response (NDR) category, the mindshare of Arista NDR is 5.1%, down from 5.6% compared to the previous year. The mindshare of Vectra AI is 20.2%, up from 19.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Network Detection and Response (NDR)

Featured Reviews

reviewer1506834

Head of Information Security at a engineering company with 10,001+ employees

Feb 10, 2021

Gives us network layer visibility into things that may not be covered by other monitoring tools, such as shadow IT

One concern I do have with Awake is that, ideally, it should be able identify high-risk users and devices and entities. However, we don't have confidence in their entity resolution, and we've provided this feedback to Awake. My understanding is that this is where some of the AI/ML is, and it hasn't been reliable in correctly identifying which device an activity is associated with. We have also encountered issues where it has merged two devices into one entity profile when they shouldn't be merged. The entity resolution is the weakest point of Awake so far. Even without that it's useful because with the MNDR team, they'll at least do some of that work for us and then we can follow up on certain things. But that is something that we would want to see improved. Because we have the MNDR team, in some ways we don't work as hands-on with the interface itself as we did before. But another thing that would be helpful would be easier ways to integrate it with other systems. The integrations seem to exist, but they're a little weak in terms of how easy they are to set up, or what kind of information can be pulled in. That's something they've said that they're working on, as part of their roadmap, but that is something that I would like to see improved.

Read full review

Tony Whelton

Director IT at Wellington College

Mar 7, 2023

Integrates well with other security solutions and provides good technical support

The biggest feature for us, because we are heavy Microsoft users, is its integration with Office 365. On top of Vectra AI, we use all of the Microsoft security platforms, such as Defender ATP and Sentinel. Having full integration and a central platform to look at all of the threats that are coming through from the different platforms is a huge benefit for us. With one nice front dashboard, we can look at the high-volume threats rather than all of the noise. We do get a lot of noise as our students all own their own devices. With Vectra AI, we can look at threats in a controlled manner, which saves us an extraordinary amount of time. Even if I doubled the manpower, I doubt that I would still have the same visibility that I have with the correct security platform. Vectra AI's Threat Detection and Response platform has done remarkably well. We're well-versed in using the security dashboard from Microsoft Defender, and we're at the stage where we are checking both. We haven't fully switched to relying on only the Vectra dashboard yet. In terms of Vectra AI Attack Signal Intelligence for empowering security analysts within our organization, we have complete faith in the data that's coming through from Vectra. If we could also have what's happening at the front-end, that is, the firewall, then it would give us the complete security front dashboard.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The query language makes it easy to query the records on the network, to do searches for the various threat activities that we're looking for. The dashboard, the Security Knowledge Graph, displays information meaningfully and easily. I am able to find the information that I want to find pretty quickly."

"The security knowledge graph has been very helpful in the sense that whenever you try a new security solution, especially one that's in the detection and response market, you're always worried about getting a lot of false positives or getting too many alerts and not being able to pick out the good from the bad or things that are actual security incidents versus normal day to day operations. We've been pleasantly surprised that Awake does a really good job of only alerting about things that we actually want to look into and understand. They do a good job of understanding normal operations out-of-the-box."

"We appreciate the value of the AML (structured query language). We receive security intel feeds for a specific type of malware or ransomware. AML queries looking for the activity is applied in almost real-time. Ultimately, this determines if the activity was not observed on the network."

"The most valuable portion is that they offer a threat-hunting service. Using their platform, and all of the data that they're collecting, they actually help us be proactive by having really expert folks that have insight, not just into our accounts, but into other accounts as well. They can be proactive and say, 'Well, we saw this incident at some other customer. We ran that same kind of analysis for you and we didn't see that type of activity in your network.'"

"The query language that they have is quite valuable, especially because the sensor itself is storing some network activity and we're able to query that. That has been useful in a pinch because we don't necessarily use it just for threat hunting, but we also use it for debugging network issues. We can use it to ask questions and get answers about our network. For example: Which users and devices are using the VPN for RDP access? We can write a query pretty quickly and get an answer for that."

"This solution help us monitor devices used on our network by insiders, contractors, partners, or suppliers. Its correlation and identification of specific endpoints is very good, especially since we have a large, virtualized environment. It discerns this fairly well. Some of the issues that we have had with other tools is we sometimes are not able to tell the difference between users on some of those virtualized instances."

"It gives us something that is almost like an auditing tool for all of our network controls, to see how they are performing. This is related to compliance so that we can see how we are doing with what we have already implemented. There are things that we implemented, but we really didn't know if they were working or not. We have that visibility now."

"When I create a workbench query in Awake to do threat hunting, it's much easier to query. You get a dictionary popup immediately when you try to type a new query. It says, "You want to search for a device?" Then you type in "D-E," and it gives you a list of commands, like device, data set behavior, etc. That gives you the ability to build your own query."

More Arista NDR pros

"It keeps up with the network traffic, which is a good thing. It provides more context to plain alerts compared to using an older system. So, it helps an analyst reduce the information overload."

"One of the key advantages for us is we define a 24/7 service around it. We use far more of Vectra alerts than we do with our SIEM product because we understand that when we get an alert from Vectra we actually need to do something about it."

"The solution is currently used as a central threat detection and response system."

"It provides various dashboards that facilitate the identification of connections and can detect data exfiltration, meaning data sent from your environment to another."

"It's easy to manage, and I love the UX. It's very well designed. When we are looking for something, it's quite easy to find it."

"The key feature for me for Detect for Office 365 is that it can also concentrate all the information and detection at one point, the same as the network solution does. This is the key feature for me because, while accessing data from Office 365 is possible using Microsoft interfaces, they are not really user-friendly and are quite confusing to use. But Detect for Office 365 is aggregating all the info, and it's only the interesting stuff."

"What I like best about Vectra AI is that it alerts you about suspicious activities."

"The biggest feature for us, because we are heavy Microsoft users, is its integration with Office 365. On top of Vectra AI, we use all of the Microsoft security platforms, such as Defender ATP and Sentinel. Having full integration and a central platform to look at all of the threats that are coming through from the different platforms is a huge benefit for us."

More Vectra AI pros

Cons

"The one thing that the Awake platform lacks is the ability to automate the ingestion of IOCs rather than having to import CSV files or JSON files manually."

"Awake Security needs to move to a 24/7 support model in the MNDR space. Once they do that, it will make them even better."

"When I looked at the competitors, such as Darktrace, they all have prettier interfaces. If Awake could make it a little more user-friendly, that would go a long way."

"They've been focused on really developing their data science, their ability to detect, but over time, they need to be able to tie into other systems because other systems might detect something that they don't."

"While the appliance is very good, and I think they're working on it, it would probably help if they integrated the management team cases into the appliance so that everything we are working on with them would be accessible on our platform, on the dashboard, on the portal. Right now, Awake is just an additional team that uses the appliance that we use and then we communicate with them directly. Communication isn't through the portal."

"I would like to see a bit more in terms of encrypted traffic. With the advent of programs that live off the land, a smart attacker is going to leverage encryption to execute their operation. So I would like to see improvements there, where possible. Currently, we're not going to be decrypting encrypted traffic. What other approaches could be used?"

"I would like to see the capability to import what's known as STIX/TAXII in an IOC format. It currently doesn't offer this."

"Arista NDR needs to open legal offices to be closer to customers and partners. It needs more visibility in the NDR market in the Middle East. While they are doing well, they lack sufficient engineers. They need to hire more engineers to meet the demand and expand their presence. The current team is good but not enough to fully capture the market."

More Arista NDR cons

"We had another product with Vectra AI and used the MDR solution as an add-on. Initially, it wasn't fully appropriately configured, so we didn't get the expected results. Even once configured correctly, we weren't fully satisfied with its response. The issue was both with their service response and the product's capabilities."

"I think Vectra AI's automation, reporting, and integration could be improved."

"One area where there's room for improvement is the absence of a comprehensive TCP recording and replay feature."

"The rules for threats are not always precise and Vectra AI should improve this."

"One thing which I have found where there could be improvement is with regard to the architecture, a little bit: how the brains and sensors function. It needs more flexibility with regard to the brain. If there were some flexibility in that regard, that would be helpful, because changing the mode of the brain is complex. In some cases, the change is permanent. You cannot revert it."

"We would like to see more information with the syslogs. The syslogs that they send to our SIEM are a bit short compared to what you can see. It would be helpful if they send us more data that we can incorporate into our SIEM, then can correlate with other events."

"You are always limited with visibility on the host due to the fact that it is a network based tool. It gives you visibility on certain elements of the attack path, but it doesn't necessarily give you visibility on everything. Specifically, the initial intrusion side of things that doesn't necessarily see the initial compromise. It doesn't see stuff that goes on the host, such as where scripts are run. Even though you are seeing traffic, it doesn't necessarily see the malicious payload. Therefore, it's very difficult for it to identify these type of host-driven complex attacks."

"I would like more integrations with IOCs and threats currently on the Internet. I would also like to know which threats are based on zero-day attacks, current botnets, etc. Therefore, I would like more information on external threats."

More Vectra AI cons

Pricing and Cost Advice

"We switched to Awake Security because they were able to offer a model that was significantly less expensive and the value that we get out of it is higher."

"Awake Security was the least expensive among their competitors. Everyone was within $15,000 of each other. The other solutions were not providing the MNDR service, which is standard with Awake Security's pricing/licensing model."

"The solution has saved thousands of dollars within the first day. Our ROI has to be in the tens of thousands of dollars since October last year."

"The solution is very good and the pricing is also better than others..."

"Awake's pricing was very competitive. It's not a cheap option though. It's an investment to utilize it, but it's one that we decided was worth the cost, with the managed services. At our scale, it was a much better option to utilize their software and their managed services to handle this, rather than hiring another person to be an analyst. It was quite cost-effective for us."

"Because I represent a hedge fund, I have some leverage. I told them that they had to meet my conditions if they wanted me as a client. It was the same way with Awake. They wanted an initial four-year agreement. Initially, we signed on for a one-year contract, but they wanted the four-year deal when it came time for the renewal. I told them that I was not doing that. I said that they either had to do it on my terms, or I'd go somewhere else."

"The pricing seems pretty reasonable for what we get out of it. We also found it to be more competitive than some other vendors that we've looked at."

"The licensing is on an annual basis."

"Their licensing model is antiquated. I'm not a fan of their licensing model. We have to pay for licensing based on four different things. You have to pay based on the number of unique IPs, the number of logs that we send through Recall and Stream, and the size of our environment. They need to simplify their licensing down to just one thing. It should be based on the amount of data, the number of devices, or something else, but there should be just one thing for everything. That's what they need to base their licensing on. Cost-wise, they're not cheap. They were definitely the most expensive option, but you get what you pay for. They're not the cheapest option."

"There are additional features that can be purchased in addition to the standard licensing fee, such as Cognito Recall and Stream."

"The pricing and licensing are quite straightforward because they're based on the IP licenses. As a result, they are easy to count."

"The license is based on the concurrent IP addresses that it's investigating. We have 9,800 to 10,000 IP addresses."

"The upfront pricing model that we have would have been more beneficial if it had been a recurring license fee, but that wasn't a massive issue for us. It's fairly priced."

"It is an expensive solution, but it's not the most expensive we've seen. We also know how much we're going to pay, unlike with some other providers where all of a sudden our license explodes."

"The solution's pricing was 50 percent lower than the other vendors shortlisted."

More Vectra AI pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Network Detection and Response (NDR) solutions are best for your needs.

See recommendations

815,854 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

16%

Financial Services Firm

10%

Educational Organization

Government

Computer Software Company

16%

Financial Services Firm

12%

Manufacturing Company

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you like most about Arista NDR?

Arista NDR's scalability is very good, making it easy to add more hardware components. You can order additional hardware and integrate it by stacking it with the existing setup. This feature cannot...

What is your experience regarding pricing and costs for Arista NDR?

The tool's pricing is expensive but it is competitive.

What needs improvement with Arista NDR?

Arista NDR needs to open legal offices to be closer to customers and partners. It needs more visibility in the NDR market in the Middle East. While they are doing well, they lack sufficient enginee...

What is the biggest difference between Corelight and Vectra AI?

The two platforms take a fundamentally different approach to NDR. Corelight is limited to use cases that require the eventual forwarding of events and parsed data logs to a security team’s SIEM or ...

What do you like most about Vectra AI?

The solution is currently used as a central threat detection and response system.

What is your experience regarding pricing and costs for Vectra AI?

The licensing is on annual basis.

Trend Micro Deep Discovery vs Arista NDR

Comparisons

Compared 15% of the time

Cisco Secure Network Analytics vs Arista NDR

Compared 15% of the time

Palo Alto Networks Advanced Threat Prevention vs Arista NDR

Compared 13% of the time

Darktrace vs Arista NDR

Compared 11% of the time

ExtraHop Reveal(x) vs Arista NDR

Compared 7% of the time

More Arista NDR Competitors

Darktrace vs Vectra AI

Compared 36% of the time

ExtraHop Reveal(x) vs Vectra AI

Compared 12% of the time

Cisco Secure Network Analytics vs Vectra AI

Compared 6% of the time

Corelight vs Vectra AI

Compared 5% of the time

Trend Micro Deep Discovery vs Vectra AI

Compared 3% of the time

More Vectra AI Competitors

Product Reports

Download Arista NDR product report

Arista NDR

November 2024

Download Vectra AI product report

October 2024

Also Known As

Awake Security Platform

Vectra Networks, Vectra AI NDR

Learn More

Arista

The Advent of Advanced Network Detection and Response & Why it Matters

Overview

Arista NDR (formerly Awake Security) is the only advanced network detection and response company that delivers answers, not alerts. By combining artificial intelligence with human expertise, Arista NDR hunts for both insider and external attacker behaviors, while providing autonomous triage and response with full forensics across traditional, IoT, and cloud networks. Arista NDR delivers continuous diagnostics for the entire enterprise threat landscape, processes countless network data points, senses abnormalities or threats, and reacts if necessary—all in a matter of seconds. The Arista NDP platform stands out from traditional security because it is designed to mimic the human brain. It recognizes malicious intent and learns over time, giving defenders greater visibility and insight into what threats exist and how to respond to them.

The 5 Levels of Autonomous Security paper

Vectra AI is used for detecting network anomalies and potential malicious activities, providing visibility into network traffic and enhancing threat detection across environments.

Organizations deploy Vectra AI mainly on-premises with additional cloud components. It helps with compliance, incident response, security monitoring, detecting insider threats, and correlating network events. Vectra AI captures and enriches network metadata, provides detailed dashboards, reduces false positives, and supports cross-environment behavioral analysis to enhance threat detection and prioritization. While valued for its high accuracy and alert aggregation, it has room for improvement in UI/UX, packet management, and integration with SIEMs and other tools. It is noted for expensive pricing and limited proactive threat response features.

What are Vectra AI's most valuable features?

High accuracy in identifying threat locations
Aggregation of alerts into single incidents
24/7 threat detection
Visibility into the entire attack lifecycle
Risk score aggregation
Effective triaging of alerts
Integration with other tools

What benefits or ROI should users look for?

Enhanced threat detection and prioritization
Comprehensive network visibility
Reduction in false positives
Better incident response capabilities
Improved compliance monitoring

In specific industries, Vectra AI is deployed to monitor complex networks and alleviate challenges in threat detection. It is particularly effective in sectors requiring stringent compliance and security measures, offering insights and capabilities crucial for protecting sensitive data and maintaining operational integrity.

Sample Customers

- Dolby Laboratories- Seattle Genetics- ARM Energy- Ooma- Prophix- Yapstone

Tribune Media Group, Barry University, Aruba Networks, Good Technology, Riverbed, Santa Clara University, Securities Exchange, Tri-State Generation and Transmission Association