Try our new research platform with insights from 80,000+ expert users
Vectra AI Logo

Vectra AI pros and cons

Vendor: Vectra AI
4.3 out of 5
Badge Leader
2,299 followers
Post review

Pros & Cons summary

Vectra AI delivers 24/7 service, enhancing alert quality through AI-powered anomaly detection, and provides aggregated risk scores to prioritize threats. It consolidates alerts into incidents, reducing alert fatigue and administrative burden. Its integration with Office 365 improves network monitoring, though better integration with external solutions and threat feeds is needed. Improvements in false positive tuning, reporting customization, SIEM integration, and detection of complex attacks could enhance its security operations capabilities.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

Vectra AI enables effective prioritization of threats by providing aggregated risk scores based on impact and certainty, reducing alert fatigue and optimizing resource allocation.
It significantly decreases the time to respond to attacks by providing actionable alerts through AI-driven anomaly detection and correlation, enhancing efficiency and reducing manpower requirements.
Cognito Detect's integration with Microsoft platforms, including Office 365, consolidates detection and information, streamlining security operations and improving threat visibility across different platforms.
Vectra AI enriches network activity understanding by correlating threats with compromised host devices, offering detailed insights into the lifecycle of an attack within the network for improved visibility and response strategy.
Cognito Streams offers a comprehensive view of network activities with rich metadata, capturing critical protocol traffic and aiding daily operations by simplifying threat detection and network issue identification.

CONS

Vectra AI requires integration with SIEM for compliance, as it does not sufficiently reduce security analyst workload.
Syslogs sent to SIEM by Vectra AI are minimal, limiting data correlation capabilities.
Vectra AI, being network-based, does not provide complete visibility on host-based activities and complex attacks.
Customization and development options in Vectra AI are limited, affecting incident response capabilities.
Tuning for false positives in Vectra AI is challenging and time-consuming.
 

Vectra AI Pros review quotes

reviewer1259193 - PeerSpot reviewer
Jan 7, 2020
One of the key advantages for us is we define a 24/7 service around it. We use far more of Vectra alerts than we do with our SIEM product because we understand that when we get an alert from Vectra we actually need to do something about it.
Read full review
reviewer1439937 - PeerSpot reviewer
Oct 21, 2020
The most valuable feature for Cognito Detect, the main solution, is that external IDS's create a lot of alerts. When I say a lot of alerts I really mean a lot of alerts. Vectra, on the other hand, contextualizes everything, reducing the number of alerts and pinpointing only the things of interest. This is a key feature for me. Because of this, a non-trained analyst can use it almost right away.
Read full review
DW
Aug 3, 2021
One of the core features is that Vectra AI triages threats and correlates them with compromised host devices. From a visibility perspective, we can better track the threat across the network. Instead of us potentially finding one device that has been impacted without Vectra AI, it will give us the visibility of everywhere that threat went. Therefore, visibility has increased for us.
Read full review
Buyer's Guide
Vectra AI
January 2025
Free Report: Vectra AI Reviews and More
Learn what your peers think about Vectra AI. Get advice and tips from experienced pros sharing their opinions. Updated: January 2025.
DOWNLOAD NOW
832,138 professionals have used our research since 2012.
reviewer1296420 - PeerSpot reviewer
Feb 25, 2020
One of the most valuable features of the platform is its ability to provide you with aggregated risk scores based on impact and certainty of threats being detected. This is both applied to individual and host detections. This is important because it enables us to use this platform to prioritize the most likely imminent threats. So, it reduces alert fatigue follow ups for security operation center analysts. It also provides us with an ability to prioritize limited resources.
Read full review
reviewer1302852 - PeerSpot reviewer
Oct 6, 2022
The most useful feature is the anomaly detection because it's not signature-based. It picks up the initial part of any attack, like the recon and those aspects of the kill chain, very well.
Read full review
TS
Jul 1, 2021
It does a reliable job of parsing out the logs of all the network traffic so that we can ingest them into our SIEM and utilize them for threat hunting and case investigations. It is pretty robust and reliable. The administration time that we spend maintaining it or troubleshooting it is very low. So, the labor hour overhead is probably our largest benefit from it. We spend 99% of our time in Vectra investigating cases, responding to incidents, or hunting, and only around 1% of our time is spent patching, troubleshooting, or doing anything else. That's our largest benefit from Vectra.
Read full review
reviewer1302852 - PeerSpot reviewer
Mar 4, 2020
The solution's ability to reduce alerts, by rolling up numerous alerts to create a single incident or campaign, helps in that it collapses all the events to a particular host, or a particular detection to a set of hosts. So it doesn't generate too many alerts. By and large, whatever alerts it generates are actionable, and actionable within the day.
Read full review
reviewer1362528 - PeerSpot reviewer
Jun 3, 2020
Vectra produces actionable data using automation. That has helped us. It's less manpower now to look at incidents, which has definitely increased efficiency. Right now, in a lot of cases, our mean time to detection is within zero days. This tells me by the time something happened, and we were able to detect it, it was within the same day.
Read full review
reviewer1263180 - PeerSpot reviewer
Jan 12, 2020
It is doing some artificial intelligence. If it sees a server doing a lot of things, then it will assume that is normal. So, it is looking for anomalous behavior, things that are out of context which helps us reduce time. Therefore, we don't have to look in all the logs. We just wait for Vectra to say, "This one is behaving strange," then we can investigate that part.
Read full review
reviewer1444719 - PeerSpot reviewer
Oct 29, 2020
It has helped us to organize our security. We get a better overview on what is happening on the network, which has helped us get quicker responses to users. If we see malicious activity, then we can quickly take action on it. Previously, we weren't getting an overview as fast as we are now, so we can now provide a quicker response.
Read full review
Show 10 more reviews (out of 44)
 

Vectra AI Cons review quotes

reviewer1259193 - PeerSpot reviewer
Jan 7, 2020
The solution has not reduced the security analyst workload in our organization because we still need to SIEM. Unfortunately, while Vectra, for us, is a brilliant tool for network investigations, giving wonderful visibility, it doesn't go the whole way to replace our SIEM that is needed for compliance. So, I still have the same amount of alerting and logging that I did before. It gives us more defined ability to see incidents, but it doesn't give us enough information to satisfy a PCI or 27001 audit.
Read full review
reviewer1439937 - PeerSpot reviewer
Oct 21, 2020
Vectra is still limited to packet management. It's only monitoring packet exchanges. While it can see a lot of things, it can't see everything, depending on where it's deployed. It has its limits and that's why I still have my SIEM.
Read full review
DW
Aug 3, 2021
I would like to see data processed onshore. Right now, the cloud components, like Office 365, must be processed on servers outside of Australia. I would like to see a future adoption of onshore processing.
Read full review
Buyer's Guide
Vectra AI
January 2025
Free Report: Vectra AI Reviews and More
Learn what your peers think about Vectra AI. Get advice and tips from experienced pros sharing their opinions. Updated: January 2025.
DOWNLOAD NOW
832,138 professionals have used our research since 2012.
reviewer1296420 - PeerSpot reviewer
Feb 25, 2020
You are always limited with visibility on the host due to the fact that it is a network based tool. It gives you visibility on certain elements of the attack path, but it doesn't necessarily give you visibility on everything. Specifically, the initial intrusion side of things that doesn't necessarily see the initial compromise. It doesn't see stuff that goes on the host, such as where scripts are run. Even though you are seeing traffic, it doesn't necessarily see the malicious payload. Therefore, it's very difficult for it to identify these type of host-driven complex attacks.
Read full review
reviewer1302852 - PeerSpot reviewer
Oct 6, 2022
The reporting from Cognito Detect is very limited and doesn't give you too many options. If I want to prepare a customized report on a particular host, even though I see the data, I have to manually prepare the report. The reporting features that are built into the tool are not very helpful.
Read full review
TS
Jul 1, 2021
They use a proprietary logging format that is probably 90% similar to Bro Logs. Their biggest area of improvement is finishing out the remaining 10%. That 10% might not be beneficial to their ML engine, but that's fine. The industry standard is Zeek Logs or Bro Logs, or Bro or Zeek, depending on how old you are. While they have 90% of those fields, they're still missing some fields. In very rare instances, some community rules do not have the fields that they need, and we had to modify community rules for our logs. So, their biggest area of improvement would be to just finish their matching of the Zeek standard.
Read full review
reviewer1302852 - PeerSpot reviewer
Mar 4, 2020
One thing which I have found where there could be improvement is with regard to the architecture, a little bit: how the brains and sensors function. It needs more flexibility with regard to the brain. If there were some flexibility in that regard, that would be helpful, because changing the mode of the brain is complex. In some cases, the change is permanent. You cannot revert it.
Read full review
reviewer1362528 - PeerSpot reviewer
Jun 3, 2020
I would like to see a bit more strategic metrics instead of technical data. Information that I could show to my executive management team or board would be valuable.
Read full review
reviewer1263180 - PeerSpot reviewer
Jan 12, 2020
We would like to see more information with the syslogs. The syslogs that they send to our SIEM are a bit short compared to what you can see. It would be helpful if they send us more data that we can incorporate into our SIEM, then can correlate with other events.
Read full review
reviewer1444719 - PeerSpot reviewer
Oct 29, 2020
In comparison with a lot of systems I used in the past, the false positives are really a burden because they are taking a lot of time at this moment.
Read full review
Show 10 more reviews (out of 43)

Product Categories

Product Categories
Intrusion Detection and Prevention Software (IDPS)
Network Detection and Response (NDR)
Extended Detection and Response (XDR)
Identity Threat Detection and Response (ITDR)
AI-Powered Cybersecurity Platforms

Popular Comparisons

Popular Comparisons
Darktrace vs Vectra AI Logo
Darktrace vs Vectra AI
Palo Alto Networks Advanced Threat Prevention vs Vectra AI Logo
Palo Alto Networks Advanced Threat Prevention vs Vectra AI
Trend Micro Deep Discovery vs Vectra AI Logo
Trend Micro Deep Discovery vs Vectra AI
Splunk User Behavior Analytics vs Vectra AI Logo
Splunk User Behavior Analytics vs Vectra AI
Trend Micro TippingPoint Threat Protection System vs Vectra AI Logo
Trend Micro TippingPoint Threat Protection System vs Vectra AI
Check Point IPS vs Vectra AI Logo
Check Point IPS vs Vectra AI
Fortinet FortiGate IPS vs Vectra AI Logo
Fortinet FortiGate IPS vs Vectra AI
Palo Alto Networks URL Filtering with PAN-DB vs Vectra AI Logo
Palo Alto Networks URL Filtering with PAN-DB vs Vectra AI
Cisco Secure IPS (NGIPS) vs Vectra AI Logo
Cisco Secure IPS (NGIPS) vs Vectra AI
Cisco Sourcefire SNORT vs Vectra AI Logo
Cisco Sourcefire SNORT vs Vectra AI
Trellix Intrusion Prevention System vs Vectra AI Logo
Trellix Intrusion Prevention System vs Vectra AI
Lumu vs Vectra AI Logo
Lumu vs Vectra AI
ExtraHop Reveal(x) 360 vs Vectra AI Logo
ExtraHop Reveal(x) 360 vs Vectra AI
Zscaler Cloud IPS vs Vectra AI Logo
Zscaler Cloud IPS vs Vectra AI
Proofpoint Identity Threat Defense vs Vectra AI Logo
Proofpoint Identity Threat Defense vs Vectra AI
See all alternatives

Product Categories

Product Categories
Intrusion Detection and Prevention Software (IDPS)
Network Detection and Response (NDR)
Extended Detection and Response (XDR)
Identity Threat Detection and Response (ITDR)
AI-Powered Cybersecurity Platforms

Popular Comparisons

Popular Comparisons
Darktrace vs Vectra AI Logo
Darktrace vs Vectra AI
Palo Alto Networks Advanced Threat Prevention vs Vectra AI Logo
Palo Alto Networks Advanced Threat Prevention vs Vectra AI
Trend Micro Deep Discovery vs Vectra AI Logo
Trend Micro Deep Discovery vs Vectra AI
Splunk User Behavior Analytics vs Vectra AI Logo
Splunk User Behavior Analytics vs Vectra AI
Trend Micro TippingPoint Threat Protection System vs Vectra AI Logo
Trend Micro TippingPoint Threat Protection System vs Vectra AI
Check Point IPS vs Vectra AI Logo
Check Point IPS vs Vectra AI
Fortinet FortiGate IPS vs Vectra AI Logo
Fortinet FortiGate IPS vs Vectra AI
Palo Alto Networks URL Filtering with PAN-DB vs Vectra AI Logo
Palo Alto Networks URL Filtering with PAN-DB vs Vectra AI
Cisco Secure IPS (NGIPS) vs Vectra AI Logo
Cisco Secure IPS (NGIPS) vs Vectra AI
Cisco Sourcefire SNORT vs Vectra AI Logo
Cisco Sourcefire SNORT vs Vectra AI
Trellix Intrusion Prevention System vs Vectra AI Logo
Trellix Intrusion Prevention System vs Vectra AI
Lumu vs Vectra AI Logo
Lumu vs Vectra AI
ExtraHop Reveal(x) 360 vs Vectra AI Logo
ExtraHop Reveal(x) 360 vs Vectra AI
Zscaler Cloud IPS vs Vectra AI Logo
Zscaler Cloud IPS vs Vectra AI
Proofpoint Identity Threat Defense vs Vectra AI Logo
Proofpoint Identity Threat Defense vs Vectra AI
See all alternatives
Related questions
  • 33
I'm building a next-gen AI powered threat intelligence platform. What's missing from existing solutions?
  • 366
What is the biggest difference between Corelight and Vectra AI?
  • 163
What are the threats associated with using ‘bogus’ cybersecurity tools?
  • 11
When evaluating Intrusion Detection, what aspect do you think is the most important to look for?
  • 224
What is your recommended cost-effective solution to detect and prevent APT attacks?
  • 7
What product do you recommend for a Campus IPS appliance implementation?
  • 114
How do you use the MITRE ATT&CK framework for improving enterprise security?
  • 487
What are the pros and cons of Darktrace vs CrowdStrike Falcon vs alternative EPP solutions?
  • 118
Which alternative solutions (other than Darktrace) do you recommend for an SMB?
  • 40
Which is the best intrusion detection and prevention solution?