This tool operates on machine learning principles, utilizing its own AI-based models and rules to detect activity within your environment. Initially, Vectra AI observes and monitors your organization's behavior for a two-week period, identifying legitimate services operating within your environment. Once it completes this monitoring phase and detects all services, it begins to assign certainty and severity levels to the network traffic it observes.

Vectra AI offers a range of valuable features. Firstly, it utilizes its own AI-based tools. Secondly, it provides various dashboards that facilitate the identification of connections and can detect data exfiltration, meaning data sent from your environment to another. The tool operates based on metadata, offering comprehensive information about traffic between source and destination. Some key features include the ability to integrate with EDR or EPP solutions, allowing you to secure servers with stability issues or infections. Alternatively, you can use Active Directory to lock down infected hosts if you choose not to incorporate EPP or EDR. These features provide insights into your network, showing connection details, data transfers, VPN connections, and the number of connected EDS event hosts, among other things.

One area where there's room for improvement is the absence of a comprehensive TCP recording and replay feature. While there is an alternative method available, it doesn't provide the same functionality in a graphical interface.

I have been using Vectra AI for the past 12 months.

In terms of stability, I've been using it for the past month, and I haven't encountered any significant issues or downtime. Based on this one-month experience, I would rate its stability as a seven out of ten.

Scalability is excellent and I would rate it a 10 out of 10. Expanding the sensor capacity is relatively straightforward. However, it's crucial to plan for scalability during deployment. If an organization anticipates significant traffic, they should choose a brain that can handle it. Selecting a smaller brain initially and then attempting to expand later may lead to challenges. The scalability largely depends on the organization's needs and Vectra's ability to accommodate them.

From what I've heard, the support team is responsive and helpful. However, I haven't had the opportunity to directly interact with the technical support team.

The on-prem setup requirement is something easy. However, the cloud's environment setup is a bit tricky and complex. Not only because of the Vectra but also due to the some limitations of the cloud setup. The deployment process varies depending on the organization's size and footprint. It typically takes about one week for data centers with a dispersed network across different regions. For Vectra, on-premises deployment is relatively straightforward, but the cloud deployment can be more complex.

It's relatively on the pricier side, but when compared to other solutions. It's not the most budget-friendly option, but it can be considered somewhat more cost-effective in comparison to other alternatives.

I would rate it a seven.

I would advise other organizations using Vectra to ensure they fine-tune their service groups, correctly label their services, and integrate their firewalls and AWS systems. This will help obtain accurate and updated information about DMZ tools, VPN tools, and EC2 tools, allowing Vectra to have better visibility into the services running. This, in turn, can improve the accuracy of the scan feed and provide more precise results, reducing false positives.

Overall, I would rate it seven out of ten.

We've introduced Vectra AI to our clients and had it in proof of concepts with other technologies like Darktrace for network detection and response.

Vectra AI can bring the ability to detect intrusion on the network more so than legacy IDS tools. It goes beyond just doing sample packet capture as Corelight does and provides value to the customer regarding their reporting and what the tool is doing.

The solution's marketing is not good. It probably needs to refresh its branding because a lot of it is confusing. People see it as an expensive tool for what it actually does.

I have been working with Vectra AI for five years.

With tools like Vectra, the more you want to scale, the more you have to ingest, and the higher your costs are. So scalability can be there, but it also comes with an increased price.

The solution's customer support is fairly strong.

Vectra AI didn't have a SaaS model until recently. Companies don't like deploying something complex that'll turn customers away. From what I understand, Vectra AI is somewhat complex in its deployments.

The technology is strong, but everything around the technology outside of support is weak. Vectra AI needs to find a way to make it more cost-effective for customers to compete with some of the other tools on the marketplace that customers are buying. Vectra AI should do sample packet captures for clients with different use cases. They're trying to forcefully push their tool on the market when the market wants something else.

Overall, I rate Vectra AI a five out of ten.

Our primary focus lies in identifying weaknesses to address customer concerns regarding visibility into network operations. This is especially crucial due to the presence of various managed devices within the network. Detecting and managing these devices and enhancing visibility is done by Vectra AI. It also has the capability to detect potential threats and correlate diverse events that occur on the network. Hackers often target systems from different domains, requiring cross-domain correlation. Net NDR solutions, particularly Vectra, excel in fulfilling these needs using AI-driven algorithms. Over time, these algorithms learn from the data, aiding in automatic post-event analysis.

Within Vectra, multiple models exist, including an AI model which is very important. Vectra is very compatible with various cloud providers, such as Amazon and Azure AD. This is helpful as customers often migrate their network infrastructure to the cloud.

Additionally, Vectra provides managed detections and responses, enhancing a company's network detection capabilities. The platform also has attack signal intelligence to identify attackers based on their tactics and techniques, preventing them from compromising critical network devices. So it acts as a detection platform, essential for halting potential threats, including clouds like Amazon and Microsoft 365.

We offer two solutions, Vectra and ExtraHop in the Qatar market. However, ExtraHop has better features that seem more advantageous when compared to Vectra. During demos, I encountered challenges with Vectra when demonstrating its capabilities, such as dealing with expired SSL certificates. Vectra AI is capable but ExtraHop is able to provide comprehensive insights and easier data querying. It excels in data query capabilities which is helpful for customers to access and manipulate their data effortlessly. This is where Vectra needs to enhance its capabilities. Customer support and handling high network traffic are additional areas that it needs to work on. There should be more flexible options to handle customers’ needs. Also, customers desire performance enhancements and integration capabilities with a single solution and cyber security.

I have been using Vectra AI for two years.

I would rate the stability an eight out of ten.

I would rate the scalability an eight out of ten.

We have a strong local presence and support in this market, and our company's origins in Turkey also contribute to robust local assistance. While comprehensive support is provided during major incidents and upgrades, we excel in offering immediate assistance for failover situations and downtime prevention. The team is highly specialized in cyber security and SOC technologies. We are quite strong and are able to help ourselves in the field of technical support.

The initial setup is straightforward. I would rate the setup an eight out of ten.

In the case of deployment, 70% of the public prefers the public cloud while the rest prefer private. These are the only two forms of deployment.

The initial deployment should ideally be completed within two weeks. However, due to the need for fine-tuning, false positive elimination, and deriving enhanced value, an extended period of around two months is necessary. This allows users to cover all the potential threats and risks, ensuring comprehensive coverage

The solution is low-cost and affordable.

Vectra faces robust competition, but it substantiates its abilities. Depending on client needs, it can easily work with other IT solutions. Yet, for pure network detection and response, Vectra excels, particularly for enterprises demanding very good solutions. It offers superior detection coverage for heightened security. It has an encryption-based approach, enabling threat detection without decrypting any data. Moreover, Vectra stands out with its broad integration capabilities with third-party tools and I personally find it a successful feature.

Overall, I would rate Vectra AI an eight out of ten.

We use it as our internal network monitoring solution.

It's interesting to consider how it has helped our organization because it's a security product. But the way it has helped is that nothing has gone wrong. And it has certainly enhanced our internal security capabilities.

Vectra has helped accelerate our threat investigations, providing us with real-time visibility of potential threats to the network that we can act upon or triage accordingly. Prior to the implementation of Vectra, we didn't have that visibility. We had a number of disparate security tools, each with its own alerting functionality. Vectra has significantly helped with a consolidated view of potential threats. And the prioritization of threats allows us to focus specifically on those threats that we believe present the greatest risk and to react to those threats extremely quickly.

Vectra MDR is also very important for us, given the relatively small size of our internal team, and it gives us 24/7 capability that we didn't have before we used Vectra's MDR service.

We particularly like the user experience around the dashboard, which we find to be much more straightforward than the dashboard of some of the competitive products. In the grand scheme of things, we're a relatively small organization with approximately 1,000 users and a small internal security team. Compared with some of its competitors, Vectra is a really easy system to understand and use to prioritize where we need to focus our security resources.

We use Microsoft 365 and Vectra extends our ability to track attacker activity, whether that happens on-premises, in a data center, or in a SaaS environment. It provides complete coverage and visibility across our ICT estate. That was a real positive when we were going through the selection process. The simplicity of the dashboard and the categorization of alerts as low, medium, high, or critical, presents us with the potential of a security risk. We can then choose to investigate it, regardless of whether it's an on-premises or cloud-security risk. They are presented in the single-pane-of-glass dashboard, and that allows us to take the appropriate action. The detection and prioritization of attacker behaviors are extremely important.

A blind spot that I have is around the ease with which you can automate threat intervention.

We've been using Vectra AI for approximately 12 months.

It seems to be extremely stable. We've not had any issues in that respect.

Vectra has visibility across our entire ICT network, which is a combination of on-premises and cloud environments. Our cloud solution is Azure, and it extends to about 1,000 users. The vast majority of them are now remote or mobile workers.

It has comfortably managed the needs of our organization and I don't have any concerns if we were to need, at some point in the future, to either scale or switch the current balance between on-prem and cloud.

We are very satisfied with the support. It has been excellent so far. It has been very timely, very personalized, and always quick to find solutions. We've been really pleased with it.

We didn't have a previous solution. We have no internal networking monitoring capability.

We started with a proof of concept and then we committed to the Vectra solution. That's when we began the formal implementation. From the very initial engagement to the proof concept and through the transition to service, it took approximately six months.

The deployment went very well and that was a real positive in terms of the engagement with the onboarding and the customer experience.

Across our ICT team, six individuals were involved in security, infrastructure, project management, and service transition.

There is no maintenance of the solution on our side.

The implementation was supported directly by Vectra UK itself.

The return on investment from the product comes from not incurring unplanned costs because of a security incident.

The upfront pricing model that we have would have been more beneficial if it had been a recurring license fee, but that wasn't a massive issue for us. It's fairly priced.

We evaluated other options very thoroughly. It became a two-horse race between Vectra and Darktrace. The differentiators for us were the UI experience, the MDR, and we felt that there was better engagement with the Vectra presales team. They better understood our needs and how Vectra would fit as a solution.

The percentage of critical alerts from Vectra that are critical or true positives, to be fair, is relatively small, probably about 10 percent, but that's more a reflection of the fact that we're still a relatively new client and that the system is still learning. What we have noticed though is that the triage process is effective and we don't get multiple false negatives once we've identified an issue.

We bought Vectra AI through our IT partner, which is CDW. They were only involved in the procurement process. We used a partner to ensure that we could demonstrate that we had done so according to compliance.

I would definitely recommend Vectra and to do a proof of concept. We learned quite a lot through that proof-of-concept process. Those lessons certainly helped us when we went into the implementation process and to engage internal ICT team stakeholders and anticipate central issues in the implementation process. A proof of concept would be invaluable for anybody thinking about implementing this or one of the competitive solutions.

At the moment, we're really pleased with the product and it's a really good fit for the size of our organization.