Negative

We are using it for our SOC services. We are also using it for our clients. We have our monitoring setup for our SOC staff.

There are many detection features available. There are extensive out-of-box detection capabilities. I cannot mention just one or two at the moment. There are multiple detection rules, and its integration with ADR and Office 365 AI is very nice, to be honest with you. It is scalable, and they have their own appliance that can handle multiple locations. You can deploy it for enterprises with multiple sites.

The advantages of the integration are not entirely out-of-the-box. You have to do it manually. When I'm doing tier response, an out-of-the-box solution is not available. You need to have a Linux server, and from the Linux server, you must perform AI tasks, and there is a lot to be handled in the back end. This is a major consideration about them. The recall feature, if it can be placed in some areas instead of the cloud, and charged for, would be better. Recall the storage where you watch all the traffic, and you can recall it and try to analyze it in the back end. It’s cloud-based. If they offer it on-prem, it would be better. I think they have a solution, but I have never tested it, to be honest with you.

I have been using the solution for years.

It is scalable, and they have their own appliance to handle multiple locations. You can deploy it for enterprises with multiple sites.

They are supportive. From a support perspective, they are supportive, to be honest with you.

I am using something else. I am using Vivo, Vixstrap, Vextra AI, Vectra, and Security Onion as open-source. It depends on the clients.

It is very acceptable when you compare it with Darktrace, for example.

At the end of the day, it's written rules in such a way. The trend in the market is something I did not consider much. The detection rules are written in the back end. There is something happening in such a way to do it again. AI is mentioned too much, and for me, it is only marketing talk. At the end of the day, there is no one hundred percent AI in security. Detection requires manual writing at times. They already handle back-end processes but vendors won't show this. AI is not targeting a specific vendor. AI, for me, is just a trend. It depends on the client. I tailor solutions to client requirements. For visibility and monitoring, I choose the best products. Every application, every NDR solution has its capabilities. It varies by client because I must advise clients on solutions they can use and benefit from. I sometimes advise clients about Vectra as it still serves my clients well. It's fair enough for now. The overall product rating is seven out of ten.

As an end user, I do not have to commit manpower to manage Vectra since most of their use cases are managed by them. It's a hands-off kind of deployment.

The deployment is hands-off, which means it saves us manpower resources since Vectra manages the use cases.

Most of their use cases, including deployment, are managed by the tool itself, requiring less manual input from our team.

Neither Vectra nor Darktrace have a function like a status health check on my log sources and traffic sources.

I have been working with Vectra for one or two years.

It's pretty good with no major issues.

The support is quite reliable depending on the service engineer assigned. I would rate them between eight and nine.

Positive

We are also working with Darktrace.

The setup is generally straightforward.

Vectra is cheaper in terms of pricing and features compared to Darktrace.

Vectra was compared alongside Darktrace.

Vectra serves its purpose well and does not require much manpower for updates.

I'd rate the solution eight out of ten.

We had another product with Vectra AI and used the MDR solution as an add-on. Initially, it wasn't fully appropriately configured, so we didn't get the expected results. Even once configured correctly, we weren't fully satisfied with its response. The issue was both with their service response and the product's capabilities.

The solution's weekly reports needed to have more explanations. However, we needed more explanations because the reports provided were mainly statistical. We were looking for more analysis and insights.

I have been working with the product for less than a year. 

The initial setup was pretty straightforward. 

The solution's pricing was 50 percent lower than the other vendors shortlisted. 

I wouldn't recommend the product to others. We are moving away from it. I rate the overall solution a six out of ten. 

We use Vectra AI for endpoints where we are unable to install agents, like endpoint agents, EDR agents, or antivirus tools. For example, BYOD devices or routers in our network. We don't have any control over those, but we need monitoring capability. 

Vectra AI can monitor the traffic from the wireless router to the firewall or any outgoing traffic. It can give us an idea of whether there is any C&C or C2 communication or any botnet activity from those source IPs. Without having any agents in the endpoint, it is a network monitoring tool. We use this tool to detect threats within the environment where the assets are unmanaged. 

Also, since we tap into certain network points such as firewalls or IDSs, we get more visibility from managed assets as well. So before the endpoint notices the behavior, Vectra notices some of the exfiltration techniques and alerts us.

Overall, it is good and has reduced our time in identifying the system. It is for unmanaged devices. Previously, if we got an alert from the firewall, it was very difficult to find that particular asset. But with the help of this tool, we can simply run a packet capture and immediately get the hostname and know which user is using it. 

It has greatly reduced our time to remediate the situation. We can identify the user, block their account immediately, and sometimes kick that device off the network completely.

It has a confidence level of around 60% to detect insider threats of anomalies, but we mostly need to fine-tune the product. We are still in the fine-tuning process. Even though it has been one year since we implemented the product, the first six months were spent integrating various log servers and determining where to tap. 

For the past three months, we have been actively investigating the alerts. When we investigate some of the insider alerts, most of the time it is a false positive because the domain is allowed. Vectra does not know that those are allowed domains, such as OneDrive and SharePoint, to access our network devices. 

It considers it malicious because a huge amount of file uploads is seen, according to Vectra. But we know those are known URLs and known behavior. When we slowly started whitelisting, the threat confidence level increased. So right now, for insider threats, it gives around 60% confidence, but around 80% of the incidents were false positives because we are still in the fine-tuning process.

The packet capturing feature is very useful, and as the name suggests, AI uses models to detect abnormal behavior. Some of the patent-matching algorithms they use are very advanced and detect threats at a very early stage.

For me, detections from unmanaged networks are one of the greatest values. You can identify threats from BYOD or even mobile devices, which were not handled before.

The detection algorithms can be improved at the sensor level rather than doing all the things at the brain. For example, if the sensor has some directional algorithm or detects repeating traffic, it can drop those packets at the beginning itself. There is no need to send that traffic to the brain in order to reduce the bandwidth.

AI is picking up a lot now. There is no manual intervention needed. Whenever a detection happens, it can automatically summarize and give it to you. But Vectra doesn't have those kinds of capabilities. It still needs manual intervention to analyze, and they don't have a summarized kind of output. So that can be improved. But apart from that, the detection models and all the other categories have good support for that.

In future releases, I would like to see Vectra AI to generate a summary of the instance.

I have been using it for a year. 

I would rate it at eight. The remaining two points I'm not giving because it's a fairly new product. So far, it is good as per our test and it is able to scale as well.

The only limit is you need to increase the sensors when you have more traffic. For example, the current sensors can handle up to 50 GBPS of traffic per second. If you need more traffic to be utilized, then you need to buy additional sensors to handle the traffic.

From a technical perspective, there is not much more possible, because there are some hard limits in the hardware. You cannot increase the bandwidth. They have other options to increase with more sensors, but it ultimately ends up being a cost factor.

If you have more money, you can buy more sensors and do it.

In our organization, we are an MSSP provider. We use Vectra, and our entire SOC team, which is around 20 people, uses Vectra for our MSSP. We have two customers who are also using this product. Two of the largest telecom industries in Thailand are using this product to understand their behavior as of now. The approximate number of users in those categories will be around ten.

The customer service and support are good. So far, we have not faced any issues at all.

The setup is a very straightforward process. You need to tap the network traffic at your desired point, and it has two components: a sensor and a brain. The sensor collects the logs and forwards them to the brain, which does the detection and everything. They offer a virtual appliance that you can run in your environment. 

The setup process is usually very simple. It took only two days to set up. But, initially, deciding the location of the sensor and other factors took more time. The threat team at Vectra AI engaged with us effectively, provided all the support, understood our architecture and advised us on placing the sensors.

The licensing is on annual basis. 

I would rate it at nine out of ten. The one point I'm reducing is because the model can learn itself. If no one is fine-tuning it, for example, every time we find a huge number of alerts, then only we go and look it up and fine-tune the product. 

If no one is acknowledging it or it seems like regular traffic, then the product can understand that behavior and have a feedback mechanism to correct it, mark it as a false positive, or whitelist it.

My recommendation: 

Understand your network first, and place the sensors in the correct position to receive all kinds of traffic: THC, PDNS, and all those things. If you place the sensors at the egress traffic, you may not receive some of the packets, and you will not have overall visibility. 

So the placement of sensors is very important; you need to understand your network to place them correctly.

Our Customers use Vectra AI to detect networks, endpoints, identities, SaaS-based, and private and public clouds.

The most valuable feature of the solution is that it only shows us the events that are actually critical. The solution is currently used as a central threat detection and response system. It ingests every bit of information from the SIEM, does AI triaging and detection, and sends incredibly high-fidelity alerts to the SIEM for investigation.

It would be commercially beneficial if Vectra AI had something like Darktrace's Antigena Email or something similar to email protection. 

I have been assisting customers using Vectra AI for nine months.

Vectra AI provides 100% stability because it sends you either a physical box or a VMware deployment, making it very simple and stable. Obviously, VMware will depend on your own environment.

Vectra AI is a scalable solution. Since we have added distribution levels, we've made quite a few deployments. The solution can support up to 1,00,000 endpoints. There's a specific customer that's using Vectra AI and has over 1,00,000 endpoints.

The solution’s technical support team is quite competent.

Positive

Vectra AI's initial setup is very simple. The Vectra AI team is quite competent, and they support and help us set everything up.

The solution's deployment was fairly quick. We had everything up and running within a day. Then, it was just about the information they were putting out that was being collected.

Vectra AI has an annual subscription license. You could choose the components you need for your environment. 

The solution had some very good integrations with firewalls and EDR solutions. Since Vectra AI is more of an internally-detection and response tool, it detects insider threats extremely well.

Before choosing Vectra AI, ensure you have a proper architect for your environment that shows you where all your blindspots could be. This makes the deployment a lot easier. Vectra AI detects threats that people miss, especially manual operators.

Vectra AI has helped save a lot of log analysts time because they don't have to deal with a lot of alert noise and false positives. Using Vectra AI for detection, triaging, and responses speeds up your soft response mechanism and makes the responses much quicker.

Overall, I rate the solution an nine out of ten.

Vectra AI generates relevant information. 

Other alternatives, like Darktrace, have a fancier UI. 

I have been using the product for two years. 

Vectra AI is stable. 

The solution is scalable. 

I rate Vectra AI an eight out of ten.

This tool operates on machine learning principles, utilizing its own AI-based models and rules to detect activity within your environment. Initially, Vectra AI observes and monitors your organization's behavior for a two-week period, identifying legitimate services operating within your environment. Once it completes this monitoring phase and detects all services, it begins to assign certainty and severity levels to the network traffic it observes.

Vectra AI offers a range of valuable features. Firstly, it utilizes its own AI-based tools. Secondly, it provides various dashboards that facilitate the identification of connections and can detect data exfiltration, meaning data sent from your environment to another. The tool operates based on metadata, offering comprehensive information about traffic between source and destination. Some key features include the ability to integrate with EDR or EPP solutions, allowing you to secure servers with stability issues or infections. Alternatively, you can use Active Directory to lock down infected hosts if you choose not to incorporate EPP or EDR. These features provide insights into your network, showing connection details, data transfers, VPN connections, and the number of connected EDS event hosts, among other things.             

One area where there's room for improvement is the absence of a comprehensive TCP recording and replay feature. While there is an alternative method available, it doesn't provide the same functionality in a graphical interface.

I have been using Vectra AI for the past 12 months. 

In terms of stability, I've been using it for the past month, and I haven't encountered any significant issues or downtime. Based on this one-month experience, I would rate its stability as a seven out of ten.

Scalability is excellent and I would rate it a 10 out of 10. Expanding the sensor capacity is relatively straightforward. However, it's crucial to plan for scalability during deployment. If an organization anticipates significant traffic, they should choose a brain that can handle it. Selecting a smaller brain initially and then attempting to expand later may lead to challenges. The scalability largely depends on the organization's needs and Vectra's ability to accommodate them.

From what I've heard, the support team is responsive and helpful. However, I haven't had the opportunity to directly interact with the technical support team.

Positive

The on-prem setup requirement is something easy. However, the cloud's environment setup is a bit tricky and complex. Not only because of the Vectra but also due to the some limitations of the cloud setup. The deployment process varies depending on the organization's size and footprint. It typically takes about one week for data centers with a dispersed network across different regions. For Vectra, on-premises deployment is relatively straightforward, but the cloud deployment can be more complex.

It's relatively on the pricier side, but when compared to other solutions. It's not the most budget-friendly option, but it can be considered somewhat more cost-effective in comparison to other alternatives.

I would rate it a seven.

I would advise other organizations using Vectra to ensure they fine-tune their service groups, correctly label their services, and integrate their firewalls and AWS systems. This will help obtain accurate and updated information about DMZ tools, VPN tools, and EC2 tools, allowing Vectra to have better visibility into the services running. This, in turn, can improve the accuracy of the scan feed and provide more precise results, reducing false positives.

Overall, I would rate it seven out of ten.

We've introduced Vectra AI to our clients and had it in proof of concepts with other technologies like Darktrace for network detection and response.

Vectra AI can bring the ability to detect intrusion on the network more so than legacy IDS tools. It goes beyond just doing sample packet capture as Corelight does and provides value to the customer regarding their reporting and what the tool is doing.

The solution's marketing is not good. It probably needs to refresh its branding because a lot of it is confusing. People see it as an expensive tool for what it actually does.

I have been working with Vectra AI for five years.

With tools like Vectra, the more you want to scale, the more you have to ingest, and the higher your costs are. So scalability can be there, but it also comes with an increased price.

The solution's customer support is fairly strong.

Vectra AI didn't have a SaaS model until recently. Companies don't like deploying something complex that'll turn customers away. From what I understand, Vectra AI is somewhat complex in its deployments.

The technology is strong, but everything around the technology outside of support is weak. Vectra AI needs to find a way to make it more cost-effective for customers to compete with some of the other tools on the marketplace that customers are buying. Vectra AI should do sample packet captures for clients with different use cases. They're trying to forcefully push their tool on the market when the market wants something else.

Overall, I rate Vectra AI a five out of ten.

Our primary focus lies in identifying weaknesses to address customer concerns regarding visibility into network operations. This is especially crucial due to the presence of various managed devices within the network. Detecting and managing these devices and enhancing visibility is done by Vectra AI. It also has the capability to detect potential threats and correlate diverse events that occur on the network. Hackers often target systems from different domains, requiring cross-domain correlation. Net NDR solutions, particularly Vectra, excel in fulfilling these needs using AI-driven algorithms. Over time, these algorithms learn from the data, aiding in automatic post-event analysis. 

Within Vectra, multiple models exist, including an AI model which is very important. Vectra is very compatible with various cloud providers, such as Amazon and Azure AD. This is helpful as customers often migrate their network infrastructure to the cloud. 

Additionally, Vectra provides managed detections and responses, enhancing a company's network detection capabilities. The platform also has attack signal intelligence to identify attackers based on their tactics and techniques, preventing them from compromising critical network devices. So it acts as a detection platform, essential for halting potential threats, including clouds like Amazon and Microsoft 365. 

We offer two solutions, Vectra and ExtraHop in the Qatar market. However, ExtraHop has better features that seem more advantageous when compared to Vectra. During demos, I encountered challenges with Vectra when demonstrating its capabilities, such as dealing with expired SSL certificates. Vectra AI is capable but ExtraHop is able to provide comprehensive insights and easier data querying. It excels in data query capabilities which is helpful for customers to access and manipulate their data effortlessly. This is where Vectra needs to enhance its capabilities. Customer support and handling high network traffic are additional areas that it needs to work on. There should be more flexible options to handle customers’ needs. Also, customers desire performance enhancements and integration capabilities with a single solution and cyber security. 

I have been using Vectra AI for two years. 

I would rate the stability an eight out of ten.

I would rate the scalability an eight out of ten.

We have a strong local presence and support in this market, and our company's origins in Turkey also contribute to robust local assistance. While comprehensive support is provided during major incidents and upgrades, we excel in offering immediate assistance for failover situations and downtime prevention. The team is highly specialized in cyber security and SOC technologies. We are quite strong and are able to help ourselves in the field of technical support.

Positive

The initial setup is straightforward. I would rate the setup an eight out of ten.

In the case of deployment, 70% of the public prefers the public cloud while the rest prefer private. These are the only two forms of deployment.

The initial deployment should ideally be completed within two weeks. However, due to the need for fine-tuning, false positive elimination, and deriving enhanced value, an extended period of around two months is necessary. This allows users to cover all the potential threats and risks, ensuring comprehensive coverage

The solution is low-cost and affordable. 

Vectra faces robust competition, but it substantiates its abilities. Depending on client needs, it can easily work with other IT solutions. Yet, for pure network detection and response, Vectra excels, particularly for enterprises demanding very good solutions. It offers superior detection coverage for heightened security. It has an encryption-based approach, enabling threat detection without decrypting any data. Moreover, Vectra stands out with its broad integration capabilities with third-party tools and I personally find it a successful feature.

Overall, I would rate Vectra AI an eight out of ten.