Vectra AI Reviews

Our primary focus lies in identifying weaknesses to address customer concerns regarding visibility into network operations. This is especially crucial due to the presence of various managed devices within the network. Detecting and managing these devices and enhancing visibility is done by Vectra AI. It also has the capability to detect potential threats and correlate diverse events that occur on the network. Hackers often target systems from different domains, requiring cross-domain correlation. Net NDR solutions, particularly Vectra, excel in fulfilling these needs using AI-driven algorithms. Over time, these algorithms learn from the data, aiding in automatic post-event analysis. 

Within Vectra, multiple models exist, including an AI model which is very important. Vectra is very compatible with various cloud providers, such as Amazon and Azure AD. This is helpful as customers often migrate their network infrastructure to the cloud. 

Additionally, Vectra provides managed detections and responses, enhancing a company's network detection capabilities. The platform also has attack signal intelligence to identify attackers based on their tactics and techniques, preventing them from compromising critical network devices. So it acts as a detection platform, essential for halting potential threats, including clouds like Amazon and Microsoft 365. 

We offer two solutions, Vectra and ExtraHop in the Qatar market. However, ExtraHop has better features that seem more advantageous when compared to Vectra. During demos, I encountered challenges with Vectra when demonstrating its capabilities, such as dealing with expired SSL certificates. Vectra AI is capable but ExtraHop is able to provide comprehensive insights and easier data querying. It excels in data query capabilities which is helpful for customers to access and manipulate their data effortlessly. This is where Vectra needs to enhance its capabilities. Customer support and handling high network traffic are additional areas that it needs to work on. There should be more flexible options to handle customers’ needs. Also, customers desire performance enhancements and integration capabilities with a single solution and cyber security. 

I have been using Vectra AI for two years. 

I would rate the stability an eight out of ten.

I would rate the scalability an eight out of ten.

We have a strong local presence and support in this market, and our company's origins in Turkey also contribute to robust local assistance. While comprehensive support is provided during major incidents and upgrades, we excel in offering immediate assistance for failover situations and downtime prevention. The team is highly specialized in cyber security and SOC technologies. We are quite strong and are able to help ourselves in the field of technical support.

Positive

The initial setup is straightforward. I would rate the setup an eight out of ten.

In the case of deployment, 70% of the public prefers the public cloud while the rest prefer private. These are the only two forms of deployment.

The initial deployment should ideally be completed within two weeks. However, due to the need for fine-tuning, false positive elimination, and deriving enhanced value, an extended period of around two months is necessary. This allows users to cover all the potential threats and risks, ensuring comprehensive coverage

The solution is low-cost and affordable. 

Vectra faces robust competition, but it substantiates its abilities. Depending on client needs, it can easily work with other IT solutions. Yet, for pure network detection and response, Vectra excels, particularly for enterprises demanding very good solutions. It offers superior detection coverage for heightened security. It has an encryption-based approach, enabling threat detection without decrypting any data. Moreover, Vectra stands out with its broad integration capabilities with third-party tools and I personally find it a successful feature.

Overall, I would rate Vectra AI an eight out of ten. 

Vectra AI is an NDR tool, and my company is using it for security and insider threat detection purposes.

What I like best about Vectra AI is that it alerts you about suspicious activities.

An area for improvement in Vectra AI is reporting because it currently lacks some details. For example, when you download a report from Vectra AI, you won't see complete information about the alerts or triggers.

Another area for improvement in the tool is that sometimes, an alert has high severity, yet it's marked as low severity. Vectra AI should have a mechanism to change the severity level from low to high or critical.

I've been using Vectra AI for two years now.

Vectra AI is a stable tool.

Vectra AI is a scalable tool.

My company has a dedicated support team for Vectra AI, so I have the support team's direct contact number and WhatsApp number.

The technical support is excellent, so my rating is five out of five.

The initial setup for Vectra AI wasn't that complex. It won't take long if your environment is ready, with all required ports open. Setting up Vectra AI would be easy.

We implemented Vectra AI together with their technical support team.

My company pays for the Vectra AI licensing fee yearly. I know the figure because my company recently renewed the license, and it's okay, at least for the financial sector.

I'm the admin of Vectra AI, a tool implemented in my company.

The tool was updated three or four months ago, but I'm unsure if I have the latest release.

My company has two SOCs in different areas, so all SOC analysts log in or use Vectra AI, with the alerts forwarded to Splunk. One person is the admin in-house, but he works with support because the tool is customized for my company, as any command can't be run in Linux.

I'd recommend Vectra AI to others looking for an NDR solution.

Vectra AI is excellent for NDR purposes, in general. I'm rating it as ten out of ten based on my experience because I'm investigating the Vectra AI alerts. It triggers alerts for suspicious activities, so it's an excellent tool.

I'm a SOC analyst, and I use Vectra AI to detect and respond to security incidents. My team manages the critical detections, and another team takes the low-priority detections. They also use Vectra to hunt for the system root.

We use the Threat Detection and Response platform, and it's quite good at detecting and responding to threats and attacks in real-time. I really like the UI experience because it's simple to use, and we get quite a lot of information very quickly.

Some valuable features of Vectra AI are that it is very intuitive and that there are only a small amount of false positives. Therefore, it's an effective solution.

Another benefit that is unrelated to security is that it allows us to see misconfigurations or things that should not be happening in terms of compliance.

As SOCs, we concentrate on the OS side, and with Vectra AI, we can now see the network from an endpoint point of view. It gives us new alerts and does bring some work because we now have more visibility. However, it's opening up a wide range of things for us.

We have a lot of system solutions and integrations with system solutions. Vectra is a type of black box. It implements AI-informed detection mechanisms, but we cannot create system detections. I understand that the product is designed this way, but it would be great if we could create our own detections as well.

I've been using this solution for six months.

From my point of view, Vectra AI's stability has been quite good. We have never had any issues.

On a scale from one to ten, I would give Vectra AI an overall rating of eight.

Our primary use cases for this solution are detection and then investigation afterward.

Vectra AI helped our team be more productive and save time. We have less work thanks to it.

We have not had any real threats so far.

Vectra AI helped improved our mean time to identify.

One of the things I am not so happy about when it comes to Vectra is the scoring board. 

In Darktrace, you can point or click on any client and see any connections that have been made directly in the dashboard. You don't have to go to recall. This is likely why Darktrace isn't as fast as Vectra, but it would still be nice to see this feature in Vectra. In addition, Darktrace has an advanced mode, but you are also able to see it directly in the main dashboard. This would be great to see in Vectra as well. 

We started implementing the tool around November. It is a step-by-step process for us because we have several locations and my team was not implementing it independently. We have another team that has to drive to the location. We finished the last location in mid-January.

Vectra AI is a stable solution. It works. 

Vectra AI's scalability is fine. We have a brain, we have a lot of centers, and the solution is easy to implement. Everything works.

The tech support is great. Whenever we had a problem, we got an answer immediately. This helps with having a general feeling that everything works in a solution.

Positive

We previously used a different tool, Darktrace. We used it for four years. The management told us to look for other tools. This was after we switched our main network hardware. We contacted Vectra and took the next step. We were just comparing different tools when we decided to go with Vectra. There were many different tools that were similar but we ultimately chose Vectra. Compared to Darktrace, Vectra's UI is much cleaner, there is less noise, and the performance is way better in the graphical interface. We get much fewer false positives. We also have to put less work into this tool, which is great for companies with small teams.

I was involved in the deployment from start to finish. It was fairly straightforward. The support we received was very good. When we had questions, they were answered immediately by the support engineer assigned to us.

I can't speak to whether or not we have seen a return on investment with this solution because we have not had any real threats so far.

As far as pricing goes, my only reference point is Darktrace. Their pricing is pretty even, which is a fair price.

We have not yet tested the whole tool in a penetration test. However, I would nonetheless give it at least an eight out of ten, with one being the worst and ten being the best. 

Right now, we have a good understanding of the UI and I know that there have been improvements to the visualization. The scoring redirects your focus to things that you should be looking at. The tool we used before Vectra was Darktrace. It was similar to where Vectra is heading now. With the scoring system, Vectra is a better solution.

We use Vectra AI mainly for presentations.

It's important for us that the user interface is easy to understand and that is the biggest benefit we see from Vectra AI.

When it comes to Vectra AI helping our software's productivity, it has an effect because it's faster and that is quite important.

The feature I found most valuable is the recording because it's easy to analyze logs that I need to analyze.

The rules for threats are not always precise and Vectra AI should improve this.

I have been using this solution for about eight months.

Regarding the stability of this solution, I would say that it is efficient. We've had only one issue in the past eight months with logs.

My impression is that Vectra AI is a scalable solution and that is exactly what we need, which is great. We have around 1,500 devices currently.

I would say that we have seen an ROI with Vectra AI.

We use the Threat Detection and Response platform, mainly for forensics. It's quite effective because it's easy to understand and everything is in real-time.

Overall, I would rate this solution an eight, on a scale from one to ten, with one being the worst and ten being the best. 

I work as an analyst who determines how our services should be built and integrated. We use Vectra to address a lack of visibility in our client environments. The tool has the potential to solve problems in a few areas, with new features on the way. We're exploring ways to build our services on top of the Vectra platform. 

We are considering the various integration options and how we can build a solid portfolio using this suite of products in future services. We have other tools like Palo Alto, and we hope to leverage our services on other platforms. There are several internal integration challenges that we need to examine.

Vectra gives my clients a sense of comfort. For example, in some of our cases last year, Vectra enabled us to understand each exploit's phases of attack, helping us to segment those phases. We knew how the phases were executed, so we could search for all those signs. It put the client at ease to know we could see signs of successful exploitation and demonstrated our value to them. 

We're software clients building services on top of Vectra for our customers. It's crucial for us to get the alerts we need and decide which quarter should be our focus. We're still trying to navigate the solution, but we're getting closer to determining how we want to build our services. We know how to deliver the services, but there are nuanced ways we can improve. However, learning the cloud UI and new scoring models has been an adjustment. 

The core product provides excellent visibility, but my favorite feature is Vectra Recall. It enables us to use archived data to address current or active threats that may not have been detected.

I have yet to see real-time attacks, and I'm the kind of person who needs hands-on experience. At the same time, they are triggering alerts on our regular scanning tools like Nessus. It triggers if they are noisy enough. Vectra's Threat Lab showcases this, but I need a case to work with to know from experience. 

Vectra Recall could be utilized much more, and I'm seeing some indications of that today with the investigative components. I use the visualize feature to visualize components and dashboards a lot. I'm interested in new ways to build automated searches or having them leveraged already from Vectra.

I have used Vectra AI for around a year.

Vectra AI is stable on the sensor side. It doesn't create a heavy maintenance burden on our team. There is a thin line between what we need to do and what our client needs to do. The client has an outsourcing partner doing things for them, and there aren't many issues with the detection platform. Recall sometimes goes down when we make too many queries, but it comes back up quickly. 

Vectra AI is highly scalable. Our clients vary in size, ranging from 400 IPs to massive deployments with upwards of 20,000 IPs. So it's just a matter of getting the initial scoping and what type of visibility you want to have.

I rate Vectra customer support ten out of ten. They're excellent, and they'll find the correct answer even if they don't know it at first. We use tech support and the customer success team. They are top-notch and responsive to any suggestions we have as an MSP. 

Positive

I have some personal experience with one of Vectra's main competitors, but I won't mention them by name. I'm trying to go beyond all the marketing hype, and I have huge respect for both tools. As an analyst, I want to find the bad guys at the end of the day, and I've had good experiences with both. We have more experience with the other tool, and I'm comfortable detecting threats on both. They're equally capable in this field.

Vectra AI has advantages, including a more extensive list of attack and defense references. Vecta has better at-a-glance integration options with EDR tools like CrowdStrike. There are nuanced differences between the products, and one might be more suitable depending on your needs. 

There are more dimensions than detection capabilities. It depends on the partner model and the market. Vectra covers many of those areas, and it's our primary vendor. 

Our platform team was responsible for implementing Vectra. The greatest challenge was getting the initial scoping a hundred percent correct. Sometimes the client comes from Vectra, and/or they come from us. The handover must be hundred percent because we know exactly what we will deliver. Existing and future clients need to ensure the scoping is perfect. 

The scope is sometimes unclear and isn't apparent until you start. The scoping needs to be right for you to have a good deployment. You know your integration options and will connect X of these sensors.

Once the scoping is correct, everything else is straightforward for our team to implement. 

I haven't gotten much feedback about the return on investment. Because nothing is happening yet, we need some reassurance that we can see when it does. We must feel confident that it will actively respond when something happens. 

We can use Vectra to create visibility, like Microsoft coming out with end-of-life PCERPC integrations. We can help the clients even though it's not on the security operations team. You can utilize the network data once you have it and we can build the services to provide assistance above and beyond detection.

I rate Vectra AI a nine out of ten.

Our primary use case for this solution is network traffic analysis. 

When we initially launched the solution, it gave us more detection compared to what we had before, but we needed more details in the field. However, once we added the Cognito feature, Vectra AI became an important solution in our environment. We now use it as a complete cybersecurity platform for detection, analysis, and referring security alerts. Vectra AI is the best. It is a major product in our cybersecurity.

The Vectra AI feature I find the most valuable is Cognito. It just gives us so much detail about the malware putting our environment in danger. 

The solution needs to become more proactive. When Vectra AI is the primary solution in an environment - like it is in our case - we must work on response time. We have a small team so response time at the endpoint level is vital. At the network level, response time actually works with Vectra AI.

We have been using Vectra for three years. This is the third year that it has been in our environment and we really want to continue with the solution.

Vectra AI's tech support is very good. Like I said, we had a rough start with the solution because we did not have the necessary experience in year one. However, whenever we needed it, Vectra's tech support came through to help us out. They gave us the details we needed and always responded to our questions. We also received online training from them. We had an excellent experience with them. 

Positive

I was not involved in the initial deployment. I'm on the team in charge of monitoring our environment. 

We deployed the solution in our environment through a partner firm called IT Security. 

We have seen a return on investment. 

I think the pricing structure is good compared to other products. The price is not too high and it's not too low. It is perfect. 

When we initially deployed Vectra, I was not working on it very much because I did not have very much experience with it. At that time, I was not happy with Vectra and was mainly using other solutions, like Splunk. However, as we learned more about how to use Vectra more effectively, we added additional features and made greater use of the dashboard. In year two, we started seeing Vectra as a tool for analyzing our network traffic. Right now, I think it is a good solution. 

From our research network in Sweden, we use it to communicate to and from the Internet. The deployment is on our Internet-facing services. We facilitate monitoring for universities who need this as well.

One of the biggest challenges facing us today is data growth and the continual diversification of the IT landscape. It is a very heterogeneous model, where you have on-premises, hybrid, and cloud solutions, as well as service providers, where everything is communicating back and forth towards each other.

We just have one SOC in Sweden.

It keeps up with the network traffic, which is a good thing. It provides more context to plain alerts compared to using an older system. So, it helps an analyst reduce the information overload. 

Vectra AI triages threats and correlates them with the compromised host device. That is how the functionality works. It helps us prioritize which hosts to look into.

It works over the hours when an analyst is not available, so the work keeps going. It can help you prioritize certain traffic patterns and things that you need to handle.

It is a good system that goes hand in hand for both junior and senior analysts. I see it as a nice add-on there.

I would like more integrations with IOCs and threats currently on the Internet. I would also like to know which threats are based on zero-day attacks, current botnets, etc. Therefore, I would like more information on external threats.

We have been using it for evaluation and collaboration together with our customers for the past two years. We have had it in our own production environment for half a year.

We haven't had any major disruptions. We had one hardware error after delivery, but that was taken care of.

Not much maintenance is needed.

It scales nicely since they separate the sensor node from the brain node.

You can scale up to sensors and separate the architecture as you grow. So, you can define your initial steps first. then have a more mature hardware later on.

We are a team of less than 10 people. We have network engineers, security analysts, incident handlers, and operators. We have a broad team.

We have only had direct contact with the customer success team, and that has been great.

Positive

We previously used open-source SIEM models. We switched to Vectra AI to help with the automation of alerts.

The initial setup was fairly straightforward.

The deployment was done over the pilot phase. We changed the links and aggregation a bit on the networking side, but the work was fairly quick.

We had a good dialogue with Vectra regarding the initial setup.

After deploying Vectra AI in our network, it began to add value to our security operations within a week.

We have not yet seen ROI, but we are growing our usage. We need to offload at least one analyst or have it do the work of a couple of analysts over time. 

We had a pricing meeting for the solution, where we set up a certain set of requirements that Vectra could fit on both price and quality.

We evaluated three or four different solutions.

Vectra's licensing model could scale to our research network, which has multiple, 100-gigabit links. Other competitors could not scale that for us. 

Set up specific threat scenarios that you are looking into, then monitor and evaluate on that. For example, it could be a botnet or certain user behavior. Also, the solution works best within an enterprise.

We are currently evaluating upgrading our SIEM and EDR technologies. When we extend our scope of the traffic that we are monitoring, Vectra AI will possibly enable us to do things that we could not do before, which would be a nice side effect.

There are still quite a lot of alarms coming in. It helps to reduce the amount of alerts that an older IDS-based system would have had. While there are still a lot of alarms, there are less alarms than the traditional IDS.

I would rate the solution as nine out of 10.