This tool operates on machine learning principles, utilizing its own AI-based models and rules to detect activity within your environment. Initially, Vectra AI observes and monitors your organization's behavior for a two-week period, identifying legitimate services operating within your environment. Once it completes this monitoring phase and detects all services, it begins to assign certainty and severity levels to the network traffic it observes.

Vectra AI offers a range of valuable features. Firstly, it utilizes its own AI-based tools. Secondly, it provides various dashboards that facilitate the identification of connections and can detect data exfiltration, meaning data sent from your environment to another. The tool operates based on metadata, offering comprehensive information about traffic between source and destination. Some key features include the ability to integrate with EDR or EPP solutions, allowing you to secure servers with stability issues or infections. Alternatively, you can use Active Directory to lock down infected hosts if you choose not to incorporate EPP or EDR. These features provide insights into your network, showing connection details, data transfers, VPN connections, and the number of connected EDS event hosts, among other things.

One area where there's room for improvement is the absence of a comprehensive TCP recording and replay feature. While there is an alternative method available, it doesn't provide the same functionality in a graphical interface.

I have been using Vectra AI for the past 12 months.

In terms of stability, I've been using it for the past month, and I haven't encountered any significant issues or downtime. Based on this one-month experience, I would rate its stability as a seven out of ten.

Scalability is excellent and I would rate it a 10 out of 10. Expanding the sensor capacity is relatively straightforward. However, it's crucial to plan for scalability during deployment. If an organization anticipates significant traffic, they should choose a brain that can handle it. Selecting a smaller brain initially and then attempting to expand later may lead to challenges. The scalability largely depends on the organization's needs and Vectra's ability to accommodate them.

From what I've heard, the support team is responsive and helpful. However, I haven't had the opportunity to directly interact with the technical support team.

The on-prem setup requirement is something easy. However, the cloud's environment setup is a bit tricky and complex. Not only because of the Vectra but also due to the some limitations of the cloud setup. The deployment process varies depending on the organization's size and footprint. It typically takes about one week for data centers with a dispersed network across different regions. For Vectra, on-premises deployment is relatively straightforward, but the cloud deployment can be more complex.

It's relatively on the pricier side, but when compared to other solutions. It's not the most budget-friendly option, but it can be considered somewhat more cost-effective in comparison to other alternatives.

I would rate it a seven.

I would advise other organizations using Vectra to ensure they fine-tune their service groups, correctly label their services, and integrate their firewalls and AWS systems. This will help obtain accurate and updated information about DMZ tools, VPN tools, and EC2 tools, allowing Vectra to have better visibility into the services running. This, in turn, can improve the accuracy of the scan feed and provide more precise results, reducing false positives.

Overall, I would rate it seven out of ten.