Try our new research platform with insights from 80,000+ expert users

Palo Alto Networks Advanced Threat Prevention vs Vectra AI comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Dec 19, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Palo Alto Networks Advanced...
Ranking in Intrusion Detection and Prevention Software (IDPS)
6th
Average Rating
8.6
Reviews Sentiment
6.9
Number of Reviews
26
Ranking in other categories
No ranking in other categories
Vectra AI
Ranking in Intrusion Detection and Prevention Software (IDPS)
3rd
Average Rating
8.6
Reviews Sentiment
7.1
Number of Reviews
44
Ranking in other categories
Network Detection and Response (NDR) (2nd), Extended Detection and Response (XDR) (15th), Identity Threat Detection and Response (ITDR) (10th), AI-Powered Cybersecurity Platforms (6th)
 

Mindshare comparison

As of April 2025, in the Intrusion Detection and Prevention Software (IDPS) category, the mindshare of Palo Alto Networks Advanced Threat Prevention is 7.4%, down from 8.0% compared to the previous year. The mindshare of Vectra AI is 11.3%, up from 10.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Intrusion Detection and Prevention Software (IDPS)
 

Featured Reviews

Carlos Bracamonte - PeerSpot reviewer
Robust, reliable, simple to install and good technical support
We are attempting to improve the use of URL filtering beyond threat protection. I'm not sure what the remaining threat protection features are off the top of my head. But beyond that, we use URL filtering. We have three approved cases for using external dynamic lists that are stored in a bucket repository. Then, for each URL site that needs to be whitelisted, we add it to the external dynamic list in order to gain access to this email. I would like Wildfire to be implemented. We use the equivalent in Cisco is the integration policies. We have the Wildfire but we are not currently implementing it. We don't have the license to use it, but we are not currently implementing it until we present the use cases that the company gives some value to and they approve the use of it.
Mohammad Alkurdi - PeerSpot reviewer
Innovative detection features enhance monitoring
The advantages of the integration are not entirely out-of-the-box. You have to do it manually. When I'm doing tier response, an out-of-the-box solution is not available. You need to have a Linux server, and from the Linux server, you must perform AI tasks, and there is a lot to be handled in the back end. This is a major consideration about them. The recall feature, if it can be placed in some areas instead of the cloud, and charged for, would be better. Recall the storage where you watch all the traffic, and you can recall it and try to analyze it in the back end. It’s cloud-based. If they offer it on-prem, it would be better. I think they have a solution, but I have never tested it, to be honest with you.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Most of the features of Palo Alto Threat Prevention are alright. I recommend features like content filtering, IP address, & intelligent firewalls. The reporting feature is very good."
"The most valuable feature of Palo Alto Threat Prevention for our company is the next generation firewall."
"One of the most valuable features is the anti-malware protection."
"The most valuable features are that it's user-friendly, has interesting features, URL filtering, and threat prevention."
"The initial setup was straightforward. It's quite easy. Deployment took one to two weeks."
"I like the solution's interface."
"For those who want a next-gen firewall that's easy to configure and easy to operate, I think you should go for Palo Alto."
"The sandboxing tools offer great prevention for cloud feeds."
"The initial setup was pretty straightforward."
"It provides various dashboards that facilitate the identification of connections and can detect data exfiltration, meaning data sent from your environment to another."
"The automatic filtering that they provide is valuable. The logic inside that makes some detections instead of us is very useful. We are confident that if we are just looking into it and there is nothing, nothing could happen."
"I like the way that Vectra AI focuses on the internal network. Nowadays, most of the attackers are already inside, and they can be inside for many years before they start attacking. With normal monitoring, it's quite difficult to find them."
"It has helped us to organize our security. We get a better overview on what is happening on the network, which has helped us get quicker responses to users. If we see malicious activity, then we can quickly take action on it. Previously, we weren't getting an overview as fast as we are now, so we can now provide a quicker response."
"We particularly like the user experience around the dashboard, which we find to be much more straightforward than the dashboard of some of the competitive products... Vectra is a really easy system to understand and use to prioritize where we need to focus our security resources."
"The administrative privilege detection feature is the most valuable feature. The admin accounts are often highly accessible to the high-risk component of the environment. If those accounts are compromised or are being used in a suspicious manner, that's high-fidelity events for us to look into."
"One of the key advantages for us is we define a 24/7 service around it. We use far more of Vectra alerts than we do with our SIEM product because we understand that when we get an alert from Vectra we actually need to do something about it."
 

Cons

"There is a potential drawback with the lack of support for the ICAP protocol."
"I think they can use some improvement on FID."
"In terms of what needs improvement, the only thing I don't like is the support."
"In Africa, the technical support is probably not as good as in Europe and the USA because it's a specific premium support, partner-enabled premium support and all of that. But it's really good, I don't really have any complaints, it's fairly good. I'll give them 80%."
"The price of licenses should be lowered to make it less costly to scale our solution."
"We are attempting to improve the use of URL filtering beyond threat protection."
"Right now we are focusing on email. If Palo Alto can increase the features related to email filtering and the new malware, it would help us protect our systems."
"Generally, to deploy it will take some downtime, about a day."
"The rules for threats are not always precise and Vectra AI should improve this."
"Integration with other security components needs improvement. It should have true integration as opposed to just being a separate pane of glass."
"They use a proprietary logging format that is probably 90% similar to Bro Logs. Their biggest area of improvement is finishing out the remaining 10%. That 10% might not be beneficial to their ML engine, but that's fine. The industry standard is Zeek Logs or Bro Logs, or Bro or Zeek, depending on how old you are. While they have 90% of those fields, they're still missing some fields. In very rare instances, some community rules do not have the fields that they need, and we had to modify community rules for our logs. So, their biggest area of improvement would be to just finish their matching of the Zeek standard."
"It would be commercially beneficial if Vectra AI had something like Darktrace's Antigena Email or something similar to email protection."
"I would like to see a bit more strategic metrics instead of technical data. Information that I could show to my executive management team or board would be valuable."
"The reporting from Cognito Detect is very limited and doesn't give you too many options. If I want to prepare a customized report on a particular host, even though I see the data, I have to manually prepare the report. The reporting features that are built into the tool are not very helpful."
"ExtraHop has better features that seem more advantageous when compared to Vectra."
"We have a lot of system solutions and integrations with system solutions. Vectra is a type of black box. It implements AI-informed detection mechanisms, but we cannot create system detections. I understand that the product is designed this way, but it would be great if we could create our own detections as well."
 

Pricing and Cost Advice

"Palo Alto Networks Threat Prevention could improve by having consistent pricing at system levels."
"The product’s pricing is expensive for small companies."
"If you want to have all of the good features then you have to pay extra for licensing."
"From one to ten, with one being the most expensive, I would rate the pricing of Palo Alto Networks Threat Prevention a one out of ten. It is my understanding that Palo Alto Networks Threat Prevention is the most expensive one."
"The pricing could be lower."
"The pricing and the licensing are pretty competitive at this stage. As a reseller, I would like to see the price come down a little bit so I can compete better against other firewalls because we do that all the time."
"It is an expensive solution and I would like to see a drop in price."
"The price of the solution is higher than others on the market. A price reduction would be beneficial if it does not impact their database quality."
"The license is based on the concurrent IP addresses that it's investigating. We have 9,800 to 10,000 IP addresses."
"Cost is a big factor, as always. However, I think we have a very good price–performance ratio."
"The pricing is very good. It's less expensive than many of the tools out there."
"Vectra AI's pricing is cheaper than that of Darktrace."
"The solution's pricing was 50 percent lower than the other vendors shortlisted."
"We have a desire to increase our use. However, it all comes down to budget. It's a very expensive tool that is very difficult to prove business support for. We would like to have two separate networks. We have our corporate network and PCI network, which is segregated due to payment processing. We don't have it for deployed in the PCI network. It would be good to have it fully deployed there to provide us with additional monitoring and control, but the cost associated with their licensing model makes it prohibitively expensive to deploy."
"We are running at about 90,000 pounds per year. The solution is a licensed cost. The hardware that they gave us was pretty much next to nothing. It is the license that we're paying for."
"From a licensing perspective, the Vectra detect platform is pretty doable. Also, the hardware prices are nothing that we're not used to. The stream part is a little overpriced compared to the detect part. The reason is that you need to stream data to detect events anyway, so the data is in there. The only thing that's not available is the UI to be able to look at the stream data, which is also on the appliances but is just not activated. That's mainly the thing that we want to improve on."
report
Use our free recommendation engine to learn which Intrusion Detection and Prevention Software (IDPS) solutions are best for your needs.
845,040 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Financial Services Firm
11%
Manufacturing Company
10%
Government
9%
Financial Services Firm
13%
Computer Software Company
13%
Manufacturing Company
8%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Which is the best DDoS protection solution for a big ISP for monitoring and mitigating?
Arbor would be the best bid, apart from Arbor, Palo Alto and Fortinet have good solutions. As this is an ISP, I would prefer Arbor.
What is your experience regarding pricing and costs for Palo Alto Networks Threat Prevention?
The pricing is competitive, and with current campaigns and discounts, it provides an excellent device for a reasonable price.
What is the biggest difference between Corelight and Vectra AI?
The two platforms take a fundamentally different approach to NDR. Corelight is limited to use cases that require the eventual forwarding of events and parsed data logs to a security team’s SIEM or ...
What do you like most about Vectra AI?
The solution is currently used as a central threat detection and response system.
What is your experience regarding pricing and costs for Vectra AI?
It is very acceptable when you compare it with Darktrace, for example.
 

Also Known As

No data available
Vectra Networks, Vectra AI NDR
 

Overview

 

Sample Customers

University of Arkansas, JBG SMITH, SkiStar AB, TRI-AD, Temple University, Telkom Indonesia
Tribune Media Group, Barry University, Aruba Networks, Good Technology, Riverbed, Santa Clara University, Securities Exchange, Tri-State Generation and Transmission Association
Find out what your peers are saying about Palo Alto Networks Advanced Threat Prevention vs. Vectra AI and other solutions. Updated: March 2025.
845,040 professionals have used our research since 2012.