Vectra AI Reviews

Our primary use case for this solution is network traffic analysis. 

When we initially launched the solution, it gave us more detection compared to what we had before, but we needed more details in the field. However, once we added the Cognito feature, Vectra AI became an important solution in our environment. We now use it as a complete cybersecurity platform for detection, analysis, and referring security alerts. Vectra AI is the best. It is a major product in our cybersecurity.

The Vectra AI feature I find the most valuable is Cognito. It just gives us so much detail about the malware putting our environment in danger. 

The solution needs to become more proactive. When Vectra AI is the primary solution in an environment - like it is in our case - we must work on response time. We have a small team so response time at the endpoint level is vital. At the network level, response time actually works with Vectra AI.

We have been using Vectra for three years. This is the third year that it has been in our environment and we really want to continue with the solution.

Vectra AI's tech support is very good. Like I said, we had a rough start with the solution because we did not have the necessary experience in year one. However, whenever we needed it, Vectra's tech support came through to help us out. They gave us the details we needed and always responded to our questions. We also received online training from them. We had an excellent experience with them. 

Positive

I was not involved in the initial deployment. I'm on the team in charge of monitoring our environment. 

We deployed the solution in our environment through a partner firm called IT Security. 

We have seen a return on investment. 

I think the pricing structure is good compared to other products. The price is not too high and it's not too low. It is perfect. 

When we initially deployed Vectra, I was not working on it very much because I did not have very much experience with it. At that time, I was not happy with Vectra and was mainly using other solutions, like Splunk. However, as we learned more about how to use Vectra more effectively, we added additional features and made greater use of the dashboard. In year two, we started seeing Vectra as a tool for analyzing our network traffic. Right now, I think it is a good solution. 

Vectra AI is an NDR tool, and my company is using it for security and insider threat detection purposes.

What I like best about Vectra AI is that it alerts you about suspicious activities.

An area for improvement in Vectra AI is reporting because it currently lacks some details. For example, when you download a report from Vectra AI, you won't see complete information about the alerts or triggers.

Another area for improvement in the tool is that sometimes, an alert has high severity, yet it's marked as low severity. Vectra AI should have a mechanism to change the severity level from low to high or critical.

I've been using Vectra AI for two years now.

Vectra AI is a stable tool.

Vectra AI is a scalable tool.

My company has a dedicated support team for Vectra AI, so I have the support team's direct contact number and WhatsApp number.

The technical support is excellent, so my rating is five out of five.

The initial setup for Vectra AI wasn't that complex. It won't take long if your environment is ready, with all required ports open. Setting up Vectra AI would be easy.

We implemented Vectra AI together with their technical support team.

My company pays for the Vectra AI licensing fee yearly. I know the figure because my company recently renewed the license, and it's okay, at least for the financial sector.

I'm the admin of Vectra AI, a tool implemented in my company.

The tool was updated three or four months ago, but I'm unsure if I have the latest release.

My company has two SOCs in different areas, so all SOC analysts log in or use Vectra AI, with the alerts forwarded to Splunk. One person is the admin in-house, but he works with support because the tool is customized for my company, as any command can't be run in Linux.

I'd recommend Vectra AI to others looking for an NDR solution.

Vectra AI is excellent for NDR purposes, in general. I'm rating it as ten out of ten based on my experience because I'm investigating the Vectra AI alerts. It triggers alerts for suspicious activities, so it's an excellent tool.

I'm a SOC analyst, and I use Vectra AI to detect and respond to security incidents. My team manages the critical detections, and another team takes the low-priority detections. They also use Vectra to hunt for the system root.

We use the Threat Detection and Response platform, and it's quite good at detecting and responding to threats and attacks in real-time. I really like the UI experience because it's simple to use, and we get quite a lot of information very quickly.

Some valuable features of Vectra AI are that it is very intuitive and that there are only a small amount of false positives. Therefore, it's an effective solution.

Another benefit that is unrelated to security is that it allows us to see misconfigurations or things that should not be happening in terms of compliance.

As SOCs, we concentrate on the OS side, and with Vectra AI, we can now see the network from an endpoint point of view. It gives us new alerts and does bring some work because we now have more visibility. However, it's opening up a wide range of things for us.

We have a lot of system solutions and integrations with system solutions. Vectra is a type of black box. It implements AI-informed detection mechanisms, but we cannot create system detections. I understand that the product is designed this way, but it would be great if we could create our own detections as well.

I've been using this solution for six months.

From my point of view, Vectra AI's stability has been quite good. We have never had any issues.

On a scale from one to ten, I would give Vectra AI an overall rating of eight.

We use Cognito.

The biggest challenge we face in protecting the organization against cyber attacks is mean time to detection, operating from a position of an assumed breach. Then being able to detect breaches or malicious traffic within the environment as quickly as possible to reduce dwell time.

We have a small environment with only 300 users. It's very technically focused given the market that we operate in. There are two data centers, four offices, a small IT and security team. Cognito allows us to make the best investment for the most return, given we don't have dedicated SOC analysts looking at a SIEM environment.

Cognito is highly successful in detecting red team engagements and giving clear broad-level assurance and confidence in the product.

It captures network metadata at scale and enriches it with security information. The add-on of Recall is an invaluable investigation tool. It's able to look back and triage incidents.

We have been enabled to do things now that we could not do before: 

• There is more detailed visibility into network behavior. 
• We have the ability to pull out anomalies. 
• The high-fidelity alerts allow our team to focus on what's important.

The administrative privilege detection feature is the most valuable feature. The admin accounts are often highly accessible to the high-risk component of the environment. If those accounts are compromised or are being used in a suspicious manner, those are high-fidelity events for us to look into.

Its ability to reduce alerts by rolling up numerous alerts to create a single incident or campaign for investigation is very useful. Given that we are not a dedicated SOC environment, having to trawl through several false positives is not something that we have the capacity for.

Cognito theoretically provides us with visibility into behaviors across the full lifecycle of an attack in our network beyond just the internet gateway. It has not been fully tested. But hypothetically it would give us full visibility into your attack chain.

We use privileged account analytics for detecting issues with privileged accounts.

Integration with other security components needs improvement. It should have true integration as opposed to just being a separate pane of glass.

I have been using Vectra AI for three years. 

Their stability is bulletproof. 

We're using it across our entire estate, so we don't have plans to increase usage. It's been adopted 100%. 

Their support is excellent. They're very responsive. Exactly as you would hope for from a vendor, which is rare.

Vectra AI displaced an EOL North South solution.

The initial setup was very straightforward. 

We had appliances in each physical data center. It took three or four days to see results.

Deployment time is equivalent to other solutions we have tried. The learning curve and speed of efficiencies are higher coming from Vectra.

We deployed it with the assistance of Vectra. Our experience with them was exceptional. The engineers knew the product. Vectra is extremely responsive to assisting with technical issues. It was a very good experience.

It's hard to scientifically quantify ROI but I would say we have seen ROI, certainly from the risk and threat perspective.

After we deployed the solution it instantly began to add value to our security operations.

Pricing is comfortable. I have no issues with the pricing structure at the moment.

There are no additional costs that I'm aware of unless you layer on MSP, additional soft services, or professional services. But for the solution itself, I don't believe there are.

We looked at Darktrace. 

I think the solution would help the network, cybersecurity, and risk reduction efforts in the future if we were to adopt a SOC, it would be a key threat feed to that environment. As they continue to iterate and enhance the product, it's a critical security component for us now and for the future.

Two security senior analysts work on this solution.

My advice to anybody considering this solution is: don't delay. It does exactly what it's sold to do. It does it efficiently and effectively.

I would rate Vectra AI Cognito a nine out of ten. 

The Detect platform that we have is on-prem. We have what's called "the brain", then we have sensors placed in different key/strategic areas in the organization. It is helping us do a lot of the monitoring. We also have some SaaS offerings from the Recall platform, which look at some of the metadata, etc. If we were doing things like incident response, it gives us a bit more granular type of information to query. However, the Cognito Detect platform is all on-prem.

We are using the latest version.

We had a gap where we didn't necessarily have a managed service, which we do today, but at the time we needed something that would help us detect malicious behavior and anomalies within the organization. We found that Vectra solved this. We were able to find issues within minutes or hours of them occurring, then we were able to action them rather quickly.

Some of the metrics that we try to show from an incident response perspective are the effectiveness of our controls, like mean time to detection and mean time to remediate. E.g., mean time to detection shows how quickly the organization detects it from when it first occurred, then determines the remediation aspect as well. We take those numbers and correlate them back to how effective our tools are in our organization. Vectra's really helped in the sense that our mean time to detect is within zero the majority of the time, meaning that from the time we detect it to the time it occurred is within zero days. This promotes how effective our controls are.

When we get an alert, we're not wasting hours or so trying to determine if, "I need to find more logs. I need to correlate the data." We're getting actionable data that we are able to action on right away. I have found value in that.

We can find things quickly that users shouldn't have been doing in the organization. Simple things, e.g., all of a sudden we have a user whose exfiltrating a lot of gigs of data. Why are they doing that? We found value there. My very small team does not have to waste cycles on investigating issues when we get a good sense of exactly what is occurring fairly quickly.

We have the solution’s Privileged Account Analytics. We have seen detection on certain cases, and it's been good. It actually is a good feature. We already have an organizational approach to privileged accounts, so we have seen a few detections on it but haven't necessarily seen abuse of privilege because of the way our organization handles privilege management. We are an organization where users don't run with privilege. Instead, everybody runs with their basic user account access. Only those that need it have privileges, like our IT administrators and a few others, and those people are very few and far between. 

If we are investigating something, we may be investigating user behavior. Using the metadata, we can find exactly, "What are all the sites he's going to? Is he exfiltrating any information? Internally, is he trying to pivot from asset to asset or within network elements?' Using that rich set of information, we can find pretty much anything we need now. 

The solution provide visibility into behaviors across the full lifecycle of an attack in our network, beyond just the internet gateway. It augments what we are doing within the organization now. Being able to discover/find everything that is occurring within the kill chain helps us dive down to find the root of the problem. It's been beneficial to us because that's a gap we've always had in the past. While we may have gotten an alert in a certain area, trying to find exactly where it originated from or how it originated was difficult. Now, by utilizing the information that Vectra produces, we can find exactly what the root cause is, which helps with discovering exactly how it originated in the first place.

With a lot of the detections or things that are happening, I would not say they're necessarily malicious. Where I find it very valuable is that it gives us an opportunity to understand exactly how users are sometimes operating as well as how systems are operating. In a lot of cases, we have had to go back and reconfigure things because, "Oh, this was not done." We realized that maybe systems were not setup correctly. I really liked this aspect of the solution because we don't like false positives. We don't want Vectra to produce things that are just noise, which is something that it doesn't do. 

Vectra produces actionable data using automation. That has helped us. It's less manpower now to look at incidents, which has definitely increased efficiency. Right now, in a lot of cases, our mean time to detection is within zero days. This tells me by the time something happened, and we were able to detect it, it was within the same day.

It gives you a risk score of everything that you just found. The quadrant approach is useful because if there are things in the lower-left quadrant, then we don't necessarily need to look at them immediately. However, if there's something with a high impact and high risk score, then we will want to start looking at that right away. We found this very valuable as part of our investigative analysis approach.

The solution’s ability to reduce alerts by rolling up numerous alerts to create a single campaign for investigation is very good. Once it starts adding multiple detections, those are correlated to a campaign. Then, all of a sudden, this will increase the risk score. I've found that approach helps us with understanding exactly what we need to prioritize. I find it very useful.

The amount of metadata that the Recall solution produces is enormous. What we can find from that metadata is exceptional. Once you get to know how to use the tool, it's much simpler and more intuitive to use when finding information than using a traditional SIEM, where you have to build SQL type commands in order to retrieve data. So, I do find it very valuable.

I would like to see a bit more strategic metrics instead of technical data. Information that I could show to my executive management team or board would be valuable. 

I would like to see some improvements on the integration aspects of it. They are getting better in this. However, most organizations have a plethora of cybersecurity solutions that they run, and I think that there is a bit more that could be done on the integration side. 

About four years.

The stability is good. I don't think we've ever had an issue with it at all. I don't think I've ever seen it misbehave, crash, or anything like that.

It is continuously updated. Whenever they release a new patch or updates, they push it to the brain (the centralized management).

We have never seen an issue from a scaling perspective. It is not an issue for us.

We have a team of less than four people. We don't really have a Tier 1 or Tier 2. We just have people working in cyber.

There are areas where we would like to increase our capabilities. We have 100 percent visibility for anything leaving the organization. There are some areas within the organization where we would like to monitor some of the internal workings. One of the places where we are looking to expand is into our OT segment. We do have a path for where we would like to see this go.

They are very competent and good. They are always able to solve problems.

A few years ago when we were looking at this, we had a gap in the organization. We didn't have like a managed service offering. We had an on-prem SIEM, but we didn't have a large team so we didn't have resources fully dedicated to looking to see threats and correlating them with other event logs to see exactly what was occurring. The reason that we didn't have a managed server previously was cost. Therefore, we looked for alternative ways to solve the gap, lower the resource count, and be able to automate and integrate within our enterprise solutions.

It was pretty straightforward. You can plug the appliances in, whether it is into a switch, router, or some other demarc point from a SPAN port, then you let it learn. That is it. There's nothing really you have to do.

Our deployment took days at most. Once you configure it, you just let the system learn. Usually, within a week, it starts to detect things. For it to be effective, it needs to know what the known baseline is.

You plug it in, let it learn, and it's up and running.

We saw ROI within the first six month due to the reduced impact on our staff and we have been deploying it for years. 

Vectra has absolutely reduced security analyst workload in our organization. This was the real thing that we were trying to find: How can we do this? With a small team, it is very hard. We have a small team with a large stock of solutions. Therefore, we were looking for the best way to reduce the amount of manual effort that's required for an individual. We've found Vectra has significantly reduced the workload by probably 200 percent for our staff.

We looked at NextGen traffic analysis type of solutions, like Darktrace. Then, we looked at Vectra. I found Vectra was a bit more intuitive. I think both products had some really good offerings. What really helped us make a decision was we were trying to find things that help us produce actionable items. I liked Vectra because the one thing it was trying to do is it was show you exactly what is happening in the kill chain. The whole premise behind it was, "These are things that are actually occurring in your network, and they're following a specific pattern." I really liked it because in my view it was very actionable and automated.

I don't want to have to spend cycles on things on unnecessary things. One thing I found with Darktrace was it produces a lot of good things, but it's too much in certain cases. Whereas, I like the way Vectra tells you exactly the things that are happening right now in your network, then groups it based on exactly what the type is, providing you a risk score.

Also, it did seem like it was like a resource built into a box with AI capabilities. I found that the amount of effort we have to spend on analysis from it is a low cost to us. Vectra just fit in well with my team mandate.

I found Darktrace was a bit more noisier than Vectra. Sometimes, when you deal with products like this, the noise is time and effort that you may not necessarily have.

Once we started to do the PoCs, we ran Vectra in certain use cases with the sense of, "Okay, let us know exactly what's kind of going on within the network." What we found in a lot of cases is, and these weren't just cybersecurity incidents that were occurring, and Vectra gave us a good sense of how a lot of our solutions were operating. We ended up finding out, "This is exactly what this solution may be doing. Maybe there is a misconfiguration here or there."

There was no complexity with Vectra; it is very simplistic. However, for the tool to be effective, you want to make sure that you place your sensors in appropriate places. Other than that, you let the tool run and do its thing. There's really no overhead.

I would probably rate it as a nine or 10 (out of 10). We have been extremely happy with the solution. It's been one of the best solutions we have in our enterprise. I would put it at the top of the list.

Our primary focus lies in identifying weaknesses to address customer concerns regarding visibility into network operations. This is especially crucial due to the presence of various managed devices within the network. Detecting and managing these devices and enhancing visibility is done by Vectra AI. It also has the capability to detect potential threats and correlate diverse events that occur on the network. Hackers often target systems from different domains, requiring cross-domain correlation. Net NDR solutions, particularly Vectra, excel in fulfilling these needs using AI-driven algorithms. Over time, these algorithms learn from the data, aiding in automatic post-event analysis. 

Within Vectra, multiple models exist, including an AI model which is very important. Vectra is very compatible with various cloud providers, such as Amazon and Azure AD. This is helpful as customers often migrate their network infrastructure to the cloud. 

Additionally, Vectra provides managed detections and responses, enhancing a company's network detection capabilities. The platform also has attack signal intelligence to identify attackers based on their tactics and techniques, preventing them from compromising critical network devices. So it acts as a detection platform, essential for halting potential threats, including clouds like Amazon and Microsoft 365. 

We offer two solutions, Vectra and ExtraHop in the Qatar market. However, ExtraHop has better features that seem more advantageous when compared to Vectra. During demos, I encountered challenges with Vectra when demonstrating its capabilities, such as dealing with expired SSL certificates. Vectra AI is capable but ExtraHop is able to provide comprehensive insights and easier data querying. It excels in data query capabilities which is helpful for customers to access and manipulate their data effortlessly. This is where Vectra needs to enhance its capabilities. Customer support and handling high network traffic are additional areas that it needs to work on. There should be more flexible options to handle customers’ needs. Also, customers desire performance enhancements and integration capabilities with a single solution and cyber security. 

I have been using Vectra AI for two years. 

I would rate the stability an eight out of ten.

I would rate the scalability an eight out of ten.

We have a strong local presence and support in this market, and our company's origins in Turkey also contribute to robust local assistance. While comprehensive support is provided during major incidents and upgrades, we excel in offering immediate assistance for failover situations and downtime prevention. The team is highly specialized in cyber security and SOC technologies. We are quite strong and are able to help ourselves in the field of technical support.

Positive

The initial setup is straightforward. I would rate the setup an eight out of ten.

In the case of deployment, 70% of the public prefers the public cloud while the rest prefer private. These are the only two forms of deployment.

The initial deployment should ideally be completed within two weeks. However, due to the need for fine-tuning, false positive elimination, and deriving enhanced value, an extended period of around two months is necessary. This allows users to cover all the potential threats and risks, ensuring comprehensive coverage

The solution is low-cost and affordable. 

Vectra faces robust competition, but it substantiates its abilities. Depending on client needs, it can easily work with other IT solutions. Yet, for pure network detection and response, Vectra excels, particularly for enterprises demanding very good solutions. It offers superior detection coverage for heightened security. It has an encryption-based approach, enabling threat detection without decrypting any data. Moreover, Vectra stands out with its broad integration capabilities with third-party tools and I personally find it a successful feature.

Overall, I would rate Vectra AI an eight out of ten. 

We have a basic Vectra environment because we mainly only use the NDR for the solution's options. We do mainly filled logins, anomalies, and network flow monitoring.

Vectra AI helped improve our mean time to identify by allowing us to have visibility and reveal some hidden or unknown things.

Vectra AI has had a positive impact on the productivity of our SOC team which is an external party. It as well had a positive impact on our IT environment for detection purposes, adapting, and hardening.

The fact that we get the visualization of what's happening on our network, which is a way of improving our security in-depth is most valuable. That's because with the information we get out of Vectra, we know how to adapt and modify things in our network.

Regarding Vectra AI attack signal intelligence, it is providing us with information on how to adapt or protect ourselves against certain attack vectors. This feature is quite helpful.

I think Vectra AI's automation, reporting, and integration could be improved.

I have been using this solution for two years now.

It's stable as it performs as we expected.

If you have enough power or bandwidth to deploy another sensor, the scalability of this solution shouldn't be very complex.

I would rate the technical support of the Vectra AI solution a seven, on a scale from one to ten, with one being the worst and 10 being the best. The reason for this rating is that they always deliver what we expect and that's good enough for us. The reason that the rating is not a ten, is that we always need to let people improve themselves.

Neutral

I joined the deployment project at a later stage and I worked on deploying the sensors and tuning false positives and similar things. My experience when it comes to deployment was quite good as we had good hands-on engineers which is why the implementation went well. Our deployment was straightforward with our hands-on approach.

When it comes to ROI, in certain places we saw the return and in certain places we didn't. When it comes to security investments and tooling of security, the return on investment takes a bit longer and you always see your investment back. At one point something will happen and you will start using the tool for the reason you bought it.

Before Vectra, we didn't have any feasibility of our network net flow, so this solution gives us a better view of what has been happening on our network and this is what we're trying to solve by implementing Vectra.

We are not using the flood detection response platform.

We are not using Vectra MDR services.

Overall, I would rate this solution a seven, on a scale from one to ten, with one being the worst and ten being the best.

We use Vectra AI to sniff the network using Ixia taps so that we can identify potentially malicious activity on the network and at all points of the kill chain. What it's exceptionally good at doing is correlating seemingly unrelated events.

It's in our data center, but the versioning is controlled by Vectra. They push it out discreetly so I don't have any touch on that.

We have 89,000 concurrent IPS that we're analyzing and it's distilled it down to under 1,000 IP addresses that warrant deeper investigation. It's filtering out 99 percent of the traffic that would otherwise be noise, noise that we would never get through.

The solution captures network metadata at scale and enriches it with security information, but that's because we are using the API calls to inject our CMDB data into the brain. It speeds things up quite significantly. Being an enterprise, sometimes it can take a day or two just to find the person responsible for looking after a particular server or service. This way, the information is right there at our fingertips. When we open up the GUI, if we have a detection we look at the detection and see the server belongs to so-and-so. We can reach out to that party directly if we need to. It streamlines the investigation process by having the data readily available to us and current. Each one is unique, but typically, from initial detection to completion of validation (that it's innocuous or that there's something else is going on) it's within 24 to 48 hours

It also provides visibility into behaviors across the full lifecycle of an attack in our network, beyond just internet gateway. It gives us visibility for when something is inside the network and it's maybe doing a lateral movement that it wouldn't normally be doing. Or if we have a system that has suddenly popped up on the network and we can see that it's a wireless router, for example, we pick that up right away. We can see it and we can deal with it. If people put unauthorized devices on the network — a wireless router from home — we can pick that up right away and deal with it.

In addition, Vectra triages threats and correlates them with compromised host devices. We can do a search based on the threat type and get the host. It streamlines things and makes it faster to get to the root cause of an issue.

And while it hasn't reduced the security analyst workload in our company, it has reduced the workload in that analysts are not having to look at stuff that absolutely means nothing. There is still a lot to do, but it has allowed us to focus better on the workload that needs to be done.

It has also increased our security efficiency. It has reduced the time it takes us to respond to attacks by 100 percent. If you're not aware of it you can't respond to it. Now, it's making us aware of it so we can respond to it, which is a 100 percent improvement.

The solution enables us to answer investigative questions that other solutions are unable to address. We will detect the fact that there is some suspicious domain activity going on — a DNS query is going out to MGAs and it really shouldn't be. The other systems are just passing that through, not even realizing that it shouldn't be happening. We see them and we can take action on them.

The dashboard gives us a scoring system that allows prioritization of detections that need attention. We may not necessarily be so concerned about any single detection type, or event, but when we see any botnet detections or a brute force attack detections, we really want to get on top of those. 

The solution's ability to reduce false positives wasn't very good, initially, because it was picking up so much information. It took the investment of some time and effort on our part to get the triage filters in place in such a fashion that it was filtering out the noise. Once we got to that point, then there was definitely value in time-savings and in percolating up the high-risk events that we need to be paying attention to.

I'd like to be able to get granular reports and to be able to output them into formats that are customizable and more useful. The reporting GUI is lacking.

I've been using Vectra for three years.

The stability is excellent.

We've had no issues so far with the scalability. Right now, it covers about 90 percent of our network. We are considering increasing the usage to incorporate it in the new cloud environments that we're standing up.

Their technical support is excellent.

I was not involved in the initial setup, but I was involved in a review of the setup when I took it over, to make sure that it is doing what it's supposed to be doing. The initial setup would have been straightforward, but it would have been very large.

The implementation strategy would have been to make sure that it got to all the places that it needed to be, and to work out a way to make that happen by getting the Ixia taps into the right locations in our enterprise.

In terms of staff from our side involved in deployment, it's web-based so there weren't a lot. Maintenance is ongoing from Vectra and they do it on the back-end. It just works. It's a black box for us.

Take time to understand how the triage filtering works and standardize it early on. Use a  standardized naming convention and be consistent.

It's a very effective tool, but if you don't pay attention to what it's telling you, then it's like anything else. If you don't use it, then it's no good. You have to trust that what it's telling you is correct and then you can take the appropriate action.

For the most part, the users who log into it in our company are people on the security operations team. It's pretty much a closed tool. Access is limited to the people in the security center of excellence.

In terms of the solution's ability to reduce alerts by rolling up numerous alerts to create a single incident or campaign for investigation, we don't use it that way. We've set up enough triage filters over the course of the last year-and-a-half to get all the noise out of the way; stuff that is either innocuous or really isn't bad. Then we're focusing on what's left, which is typically, for lack of a better term, the bad stuff or the stuff that we need to pay attention to.

Regarding the solution's privileged account analytics for detecting issues with privileged accounts, we've used it, but not to the extent that we would like to. We just don't have enough manpower to be able to do that at this point. But it's important because we can see when an account is doing something that it shouldn't be doing, or that it doesn't normally do, or that it's connecting to a place that it doesn't normally connect to, or that it's escalating its privileges unexpectedly. We see all that and then we can respond accordingly.