Negative

We are using it for our SOC services. We are also using it for our clients. We have our monitoring setup for our SOC staff.

There are many detection features available. There are extensive out-of-box detection capabilities. I cannot mention just one or two at the moment. There are multiple detection rules, and its integration with ADR and Office 365 AI is very nice, to be honest with you. It is scalable, and they have their own appliance that can handle multiple locations. You can deploy it for enterprises with multiple sites.

The advantages of the integration are not entirely out-of-the-box. You have to do it manually. When I'm doing tier response, an out-of-the-box solution is not available. You need to have a Linux server, and from the Linux server, you must perform AI tasks, and there is a lot to be handled in the back end. This is a major consideration about them. The recall feature, if it can be placed in some areas instead of the cloud, and charged for, would be better. Recall the storage where you watch all the traffic, and you can recall it and try to analyze it in the back end. It’s cloud-based. If they offer it on-prem, it would be better. I think they have a solution, but I have never tested it, to be honest with you.

I have been using the solution for years.

It is scalable, and they have their own appliance to handle multiple locations. You can deploy it for enterprises with multiple sites.

They are supportive. From a support perspective, they are supportive, to be honest with you.

I am using something else. I am using Vivo, Vixstrap, Vextra AI, Vectra, and Security Onion as open-source. It depends on the clients.

It is very acceptable when you compare it with Darktrace, for example.

At the end of the day, it's written rules in such a way. The trend in the market is something I did not consider much. The detection rules are written in the back end. There is something happening in such a way to do it again. AI is mentioned too much, and for me, it is only marketing talk. At the end of the day, there is no one hundred percent AI in security. Detection requires manual writing at times. They already handle back-end processes but vendors won't show this. AI is not targeting a specific vendor. AI, for me, is just a trend. It depends on the client. I tailor solutions to client requirements. For visibility and monitoring, I choose the best products. Every application, every NDR solution has its capabilities. It varies by client because I must advise clients on solutions they can use and benefit from. I sometimes advise clients about Vectra as it still serves my clients well. It's fair enough for now. The overall product rating is seven out of ten.

As an end user, I do not have to commit manpower to manage Vectra since most of their use cases are managed by them. It's a hands-off kind of deployment.

The deployment is hands-off, which means it saves us manpower resources since Vectra manages the use cases.

Most of their use cases, including deployment, are managed by the tool itself, requiring less manual input from our team.

Neither Vectra nor Darktrace have a function like a status health check on my log sources and traffic sources.

I have been working with Vectra for one or two years.

It's pretty good with no major issues.

The support is quite reliable depending on the service engineer assigned. I would rate them between eight and nine.

Positive

We are also working with Darktrace.

The setup is generally straightforward.

Vectra is cheaper in terms of pricing and features compared to Darktrace.

Vectra was compared alongside Darktrace.

Vectra serves its purpose well and does not require much manpower for updates.

I'd rate the solution eight out of ten.

Vectra AI generates relevant information. 

Other alternatives, like Darktrace, have a fancier UI. 

I have been using the product for two years. 

Vectra AI is stable. 

The solution is scalable. 

I rate Vectra AI an eight out of ten.

Our primary focus lies in identifying weaknesses to address customer concerns regarding visibility into network operations. This is especially crucial due to the presence of various managed devices within the network. Detecting and managing these devices and enhancing visibility is done by Vectra AI. It also has the capability to detect potential threats and correlate diverse events that occur on the network. Hackers often target systems from different domains, requiring cross-domain correlation. Net NDR solutions, particularly Vectra, excel in fulfilling these needs using AI-driven algorithms. Over time, these algorithms learn from the data, aiding in automatic post-event analysis. 

Within Vectra, multiple models exist, including an AI model which is very important. Vectra is very compatible with various cloud providers, such as Amazon and Azure AD. This is helpful as customers often migrate their network infrastructure to the cloud. 

Additionally, Vectra provides managed detections and responses, enhancing a company's network detection capabilities. The platform also has attack signal intelligence to identify attackers based on their tactics and techniques, preventing them from compromising critical network devices. So it acts as a detection platform, essential for halting potential threats, including clouds like Amazon and Microsoft 365. 

We offer two solutions, Vectra and ExtraHop in the Qatar market. However, ExtraHop has better features that seem more advantageous when compared to Vectra. During demos, I encountered challenges with Vectra when demonstrating its capabilities, such as dealing with expired SSL certificates. Vectra AI is capable but ExtraHop is able to provide comprehensive insights and easier data querying. It excels in data query capabilities which is helpful for customers to access and manipulate their data effortlessly. This is where Vectra needs to enhance its capabilities. Customer support and handling high network traffic are additional areas that it needs to work on. There should be more flexible options to handle customers’ needs. Also, customers desire performance enhancements and integration capabilities with a single solution and cyber security. 

I have been using Vectra AI for two years. 

I would rate the stability an eight out of ten.

I would rate the scalability an eight out of ten.

We have a strong local presence and support in this market, and our company's origins in Turkey also contribute to robust local assistance. While comprehensive support is provided during major incidents and upgrades, we excel in offering immediate assistance for failover situations and downtime prevention. The team is highly specialized in cyber security and SOC technologies. We are quite strong and are able to help ourselves in the field of technical support.

Positive

The initial setup is straightforward. I would rate the setup an eight out of ten.

In the case of deployment, 70% of the public prefers the public cloud while the rest prefer private. These are the only two forms of deployment.

The initial deployment should ideally be completed within two weeks. However, due to the need for fine-tuning, false positive elimination, and deriving enhanced value, an extended period of around two months is necessary. This allows users to cover all the potential threats and risks, ensuring comprehensive coverage

The solution is low-cost and affordable. 

Vectra faces robust competition, but it substantiates its abilities. Depending on client needs, it can easily work with other IT solutions. Yet, for pure network detection and response, Vectra excels, particularly for enterprises demanding very good solutions. It offers superior detection coverage for heightened security. It has an encryption-based approach, enabling threat detection without decrypting any data. Moreover, Vectra stands out with its broad integration capabilities with third-party tools and I personally find it a successful feature.

Overall, I would rate Vectra AI an eight out of ten. 

We use it as our internal network monitoring solution.

It's interesting to consider how it has helped our organization because it's a security product. But the way it has helped is that nothing has gone wrong. And it has certainly enhanced our internal security capabilities.

Vectra has helped accelerate our threat investigations, providing us with real-time visibility of potential threats to the network that we can act upon or triage accordingly. Prior to the implementation of Vectra, we didn't have that visibility. We had a number of disparate security tools, each with its own alerting functionality. Vectra has significantly helped with a consolidated view of potential threats. And the prioritization of threats allows us to focus specifically on those threats that we believe present the greatest risk and to react to those threats extremely quickly.

Vectra MDR is also very important for us, given the relatively small size of our internal team, and it gives us 24/7 capability that we didn't have before we used Vectra's MDR service.

We particularly like the user experience around the dashboard, which we find to be much more straightforward than the dashboard of some of the competitive products. In the grand scheme of things, we're a relatively small organization with approximately 1,000 users and a small internal security team. Compared with some of its competitors, Vectra is a really easy system to understand and use to prioritize where we need to focus our security resources.

We use Microsoft 365 and Vectra extends our ability to track attacker activity, whether that happens on-premises, in a data center, or in a SaaS environment. It provides complete coverage and visibility across our ICT estate. That was a real positive when we were going through the selection process. The simplicity of the dashboard and the categorization of alerts as low, medium, high, or critical, presents us with the potential of a security risk. We can then choose to investigate it, regardless of whether it's an on-premises or cloud-security risk. They are presented in the single-pane-of-glass dashboard, and that allows us to take the appropriate action. The detection and prioritization of attacker behaviors are extremely important.

A blind spot that I have is around the ease with which you can automate threat intervention.

We've been using Vectra AI for approximately 12 months.

It seems to be extremely stable. We've not had any issues in that respect.

Vectra has visibility across our entire ICT network, which is a combination of on-premises and cloud environments. Our cloud solution is Azure, and it extends to about 1,000 users. The vast majority of them are now remote or mobile workers.

It has comfortably managed the needs of our organization and I don't have any concerns if we were to need, at some point in the future, to either scale or switch the current balance between on-prem and cloud.

We are very satisfied with the support. It has been excellent so far. It has been very timely, very personalized, and always quick to find solutions. We've been really pleased with it.

Positive

We didn't have a previous solution. We have no internal networking monitoring capability.

We started with a proof of concept and then we committed to the Vectra solution. That's when we began the formal implementation. From the very initial engagement to the proof concept and through the transition to service, it took approximately six months.

The deployment went very well and that was a real positive in terms of the engagement with the onboarding and the customer experience.

Across our ICT team, six individuals were involved in security, infrastructure, project management, and service transition.

There is no maintenance of the solution on our side.

The implementation was supported directly by Vectra UK itself.

The return on investment from the product comes from not incurring unplanned costs because of a security incident.

The upfront pricing model that we have would have been more beneficial if it had been a recurring license fee, but that wasn't a massive issue for us. It's fairly priced.

We evaluated other options very thoroughly. It became a two-horse race between Vectra and Darktrace. The differentiators for us were the UI experience, the MDR, and we felt that there was better engagement with the Vectra presales team. They better understood our needs and how Vectra would fit as a solution.

The percentage of critical alerts from Vectra that are critical or true positives, to be fair, is relatively small, probably about 10 percent, but that's more a reflection of the fact that we're still a relatively new client and that the system is still learning. What we have noticed though is that the triage process is effective and we don't get multiple false negatives once we've identified an issue.

We bought Vectra AI through our IT partner, which is CDW. They were only involved in the procurement process. We used a partner to ensure that we could demonstrate that we had done so according to compliance.

I would definitely recommend Vectra and to do a proof of concept. We learned quite a lot through that proof-of-concept process. Those lessons certainly helped us when we went into the implementation process and to engage internal ICT team stakeholders and anticipate central issues in the implementation process. A proof of concept would be invaluable for anybody thinking about implementing this or one of the competitive solutions.

At the moment, we're really pleased with the product and it's a really good fit for the size of our organization.