I primarily use Vectra AI for customers, and I only provide Vectra AI.
Vectra AI Platform
Vectra AIExternal reviews
31 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Advanced threat analytics have improved alert fidelity and support timely incident response
What is our primary use case?
What is most valuable?
The most valuable features I find are the threat signal intelligence and the ability to build high-fidelity alerting for customers, which is one of the biggest value adds.
Cognito Detect is quite useful, but it has only been used in a few companies that have required deeper insights into their network analytics, so not all customers have it. However, the ones that do have found a lot of value in it.
Vectra AI helps in identifying malicious network activities by enabling threat hunting and providing security enriched network analytics, giving considerable visibility over that aspect.
I am evaluating Cognito Recall's impact on my customers' threat investigation processes by noting that the ones using it are quite intensive. They can use Cognito Recall to look back further in time on events raised from a SIEM perspective.
What needs improvement?
I think one area that could be improved about Vectra AI is their marketing. One of the aspects that Darktrace excels at is their marketing, and I do not feel Vectra AI is on that level yet, leading to a lack of visibility over the solution.
For how long have I used the solution?
I have been working with Vectra AI for about three years.
How are customer service and support?
I would rate their technical support a 10, as we have local support in South Africa and the ability to reach out to the teams quickly and effectively when they are in similar time zones, leading to great support globally.
What's my experience with pricing, setup cost, and licensing?
I find the pricing of Vectra AI to be one of the best we have seen as feedback from customers and partners indicates it is very competitive for an EDR solution.
What other advice do I have?
The intuitive dashboards are incredibly useful, with both the Quadrant UX and the Respond UX, so whether looking from a management point of view or an analyst point of view, both dashboards are very intuitive.
The biggest metric I use to demonstrate the dashboard's effectiveness is the ability to respond to an alert effectively, particularly within the SLA timeframe. Many of our customers have an SLA with our partners, and if they keep to that SLA, it means the tool performs effectively. We have not had instances of it not working among our partners.
I assess the benefits of integrating Cognito Stream with existing SIEM systems by noting that Cognito Stream is very similar to Cognito Recall and provides enriched details around the network side in real-time. However, it is not for investigation purposes but rather for visibility purposes over the network.
My overall rating for Vectra AI is 10.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Vectra AI: Fast, Insightful Threat Detection with Strong M365 and Azure AD Integration
What do you like best about the product?
Vectra AI was a valuable addition to our cybersecurity tools. It helps us protect our assets and the company network from modern attacks.
Our security analysts use Vectra AI to go through detections of anomalies in our environment. Easily integrated with M365 and Azure AD.
We were able to quickly identify and prevent data leakage by investigating a suspicious M365 mail forwarding detection by Vectra AI. Other M365 detections we observed included risky Exchange Operations, Phishing simulation configuration change, Suspect eDiscovery Usage, Malicious links sent by external Teams user, and many more.
Detections that helped our SOC team prevent a major cyber incident was Azure AD Admin account creation, Login attempts from a disabled account, Azure AD TOR activity, Azure AD Suspicious device registration, among others.
A great feature is the AI intelligence as well as the Vectra AI Post-Quantum Cryptography Readiness dashboard. Quantum computing threatens today's public-key cryptography, putting SSH and TLS key exchanges at risk of future decryption. This Vectra AI dashboard highlights hosts and daily SSH connections still relying on non-PQC key exchange, helping us identify exposure and prioritize migration to quantum-resistant algorithms.
The interface loads fast and offers clear visualization allowing our SOC analysts to explore our environment to uncover emerging threats.
When assistance was needed, we received fast and professional support from the vendor.
Cost may be a limitation for some, however, for us being a large company with permissive budget, it was a good investment for the value it brought.
Our security analysts use Vectra AI to go through detections of anomalies in our environment. Easily integrated with M365 and Azure AD.
We were able to quickly identify and prevent data leakage by investigating a suspicious M365 mail forwarding detection by Vectra AI. Other M365 detections we observed included risky Exchange Operations, Phishing simulation configuration change, Suspect eDiscovery Usage, Malicious links sent by external Teams user, and many more.
Detections that helped our SOC team prevent a major cyber incident was Azure AD Admin account creation, Login attempts from a disabled account, Azure AD TOR activity, Azure AD Suspicious device registration, among others.
A great feature is the AI intelligence as well as the Vectra AI Post-Quantum Cryptography Readiness dashboard. Quantum computing threatens today's public-key cryptography, putting SSH and TLS key exchanges at risk of future decryption. This Vectra AI dashboard highlights hosts and daily SSH connections still relying on non-PQC key exchange, helping us identify exposure and prioritize migration to quantum-resistant algorithms.
The interface loads fast and offers clear visualization allowing our SOC analysts to explore our environment to uncover emerging threats.
When assistance was needed, we received fast and professional support from the vendor.
Cost may be a limitation for some, however, for us being a large company with permissive budget, it was a good investment for the value it brought.
What do you dislike about the product?
Initial setup required some reading and calls to support. Cost may be a limitation for some.
What problems is the product solving and how is that benefiting you?
Vectra AI helps us protect our assets and the company network from modern attacks. It is a very powerful solution that offers large amount of data neatly presented through very intuitive and modern interface.
Easy to Learn, Clear, and Truly Helpfulclear use of product
What do you like best about the product?
easy to work with and clear method of learning to use
What do you dislike about the product?
i have zero problems with it and find it quite helpful
What problems is the product solving and how is that benefiting you?
it is helping us to do better threat hunting and know things before they become problems
AI‑driven threat detection has transformed alert fatigue and now enables faster response and leaner soc operations
What is our primary use case?
Vectra AI is being used as an NDR solution to sell to customers as a managed service. The product has been productized to sell to customers as an NDR solution. The network is scanned for any anomalies or threats that are detected and fed to the customer's SIEMs and SOARs.
In one financial sector scenario, a customer was complaining about reduced alert fatigue and detecting an attack missed by traditional tools. They wanted an AI solution that could detect anomalies with the best MTTD and MTTR response times to reduce overhead over the SOC teams.
Vectra AI has been used for identity management, which was integrated with Microsoft Entra ID and Active Directory to monitor account activity. A customer wanted in-depth analysis on their identity management solution. Another scenario involved integrating with the customer's cloud solutions, where they wanted a solution that provided cloud detection and response through AWS and Microsoft 365 environments.
What is most valuable?
The best features of Vectra AI are related to AI. For the NDR part, Attack Signal Intelligence features were mainly responsible for behavior AI, high-fidelity signaling, and prioritization. These features were great for anomaly detection and behavioral-based detection, able to catch zero-day attacks and living-off-the-land attacks. For high-fidelity signaling, it automatically triaged, filtered, and correlated signals, which dramatically reduced alert fatigue noise on the customer side by approximately 80% and eliminated alert fatigue on the SOC teams. Regarding the identity detection and response IDR solution, it monitored Active Directory and Entra ID for any attacks, allowing the SOC to detect any compromised credentials.
Alert noise was dramatically reduced by nearly 80%, allowing SOC analysts to focus more on true threats, which made them more productive and resulted in higher operational efficiency. Attack Signal Intelligence helped reduce irrelevant alerts by 80% to 90%, with metrics showing a 100-plus reduction in investigation workloads and roughly saving about 55,000 hours of investigation time. Investigation time has decreased significantly, empowering analysts with detection and advanced unknown threats that Vectra AI provided. Its knowledge base and database are very up to date, allowing for spotting zero-day attacks with full visibility and helping to stop attacks in minutes.
Vectra AI has reduced the MTTD and MTTR, increasing operational and process efficiency, and has helped reduce the number of SOC analysts that needed to be hired. Thanks to the AI features, the number of employees and SOC analysts hired has been reduced.
What needs improvement?
Pricing could be improved, as many customers have complained about the pricing model and pricing complexity.
Regarding the product itself, extending direct control and simplifying workflows would be beneficial. More granular built-in responses and cloud remediations could be improved. A native CMDB-like feature and risk scoring would be a big advantage. Improved compatibility with the SASE ecosystem expansion would also be valuable.
For how long have I used the solution?
Vectra AI has been in use since 2018.
What do I think about the stability of the solution?
Vectra AI is considered a stable solution.
What do I think about the scalability of the solution?
Vectra AI is scalable because it can work through different kinds of solutions and is compatible with all kinds of cloud solutions. The appliance capacity is very good, whether virtual or physical, providing significant scalability.
How are customer service and support?
Customer support receives a rating of nine out of ten due to being very supportive and responding quite efficiently.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
A different solution was not previously used.
What was our ROI?
A good return on investment has been seen. For cost savings over a period of three years, it could be about 350%. The payback period is roughly six months. Productivity savings could be about 800,000, with SOC efficiency increasing nearly 40%. Workload reduction on the SOC side is now 100% lighter than previously.
Which other solutions did I evaluate?
Other options were not evaluated, as at that time, Vectra AI was the only NDR solution that had AI features. They began with the AI concept that was being sought.
What other advice do I have?
Vectra AI should be considered if looking for an NDR solution and not just an EDR solution only. It provides great value and quality, provided that customers can pay for the licenses, which are quite expensive. Vectra AI is represented as a partner and reseller in business with this vendor. This review has been given a rating of eight out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Threat detection has improved and malicious emails are now identified quickly
What is our primary use case?
What is most valuable?
Vectra AI offers artificial intelligence capabilities with visibility that can be integrated into our day-to-day operations and other tools, including malware detection tools and cyber threat tools.
Vectra AI has positively impacted my organization. Last year while using it, we received many malicious email threats and virus incidents, including a trojan virus that had reportedly been deployed by someone. Our company used Vectra AI to detect the malicious threats and viruses before they could cause more damage, and we successfully stopped the threats.
Using Vectra AI, I notice that server downtime has decreased significantly. We now experience only two to three hours of downtime, whereas without Vectra AI and other tools, our downtime would exceed 48 to 72 hours.
What needs improvement?
Vectra AI could be improved by focusing on all threat types, not only malicious threats or virus threats. All threats, including hacking attempts, should be comprehensively addressed.
The user interface of Vectra AI is good, so there are no improvements needed in that area. However, reporting and integration with other tools should be enhanced.
For how long have I used the solution?
I have been using Vectra AI for two years.
What other advice do I have?
I give Vectra AI a rating of 8 out of 10.
Automation benefits increase as users create automations with ease
What is our primary use case?
Vectra AI is a tool that I use for detecting and remediating threats through use cases that are default within its system.
What is most valuable?
The main feature of Vectra AI that I find valuable is its focus on the user interface and its approximately two hundred algorithms based on artificial intelligence and machine learning. It allows me to create automations easily. Using this tool for automation has provided more benefits to our processes.
What needs improvement?
There are several features found in ExtraHop that are not present in Vectra AI. These include the ability to view graphs of endpoints contacting other endpoints and the bandwidth utilization in the environment. Additionally, ExtraHop's ability to decrypt encrypted data is a feature that Vectra AI lacks. Multiple appliances are required for Vectra AI, making it less convenient compared to competitors.
For how long have I used the solution?
I have been using Vectra AI for two years.
How are customer service and support?
When I create tickets, the response is fast, and issues are solved promptly. However, more technical queries may take two or three days, or up to a week.
How was the initial setup?
Setting up Vectra AI is more complicated compared to other tools like ExtraHop. It requires multiple appliances for different functions, whereas ExtraHop requires only one sensor.
Which other solutions did I evaluate?
ExtraHop is another solution that I have evaluated.
What other advice do I have?
I would rate Vectra AI eight out of ten. Despite its complexities, I still find it valuable, though ExtraHop seems to be catching up.
Innovative detection features enhance monitoring
What is our primary use case?
We are using it for our SOC services. We are also using it for our clients. We have our monitoring setup for our SOC staff.
What is most valuable?
There are many detection features available. There are extensive out-of-box detection capabilities. I cannot mention just one or two at the moment. There are multiple detection rules, and its integration with ADR and Office 365 AI is very nice, to be honest with you. It is scalable, and they have their own appliance that can handle multiple locations. You can deploy it for enterprises with multiple sites.
What needs improvement?
The advantages of the integration are not entirely out-of-the-box. You have to do it manually. When I'm doing tier response, an out-of-the-box solution is not available. You need to have a Linux server, and from the Linux server, you must perform AI tasks, and there is a lot to be handled in the back end. This is a major consideration about them. The recall feature, if it can be placed in some areas instead of the cloud, and charged for, would be better. Recall the storage where you watch all the traffic, and you can recall it and try to analyze it in the back end. It’s cloud-based. If they offer it on-prem, it would be better. I think they have a solution, but I have never tested it, to be honest with you.
For how long have I used the solution?
I have been using the solution for years.
What do I think about the scalability of the solution?
It is scalable, and they have their own appliance to handle multiple locations. You can deploy it for enterprises with multiple sites.
How are customer service and support?
They are supportive. From a support perspective, they are supportive, to be honest with you.
Which solution did I use previously and why did I switch?
I am using something else. I am using Vivo, Vixstrap, Vextra AI, Vectra, and Security Onion as open-source. It depends on the clients.
What's my experience with pricing, setup cost, and licensing?
It is very acceptable when you compare it with Darktrace, for example.
What other advice do I have?
At the end of the day, it's written rules in such a way. The trend in the market is something I did not consider much. The detection rules are written in the back end. There is something happening in such a way to do it again. AI is mentioned too much, and for me, it is only marketing talk. At the end of the day, there is no one hundred percent AI in security. Detection requires manual writing at times. They already handle back-end processes but vendors won't show this. AI is not targeting a specific vendor. AI, for me, is just a trend. It depends on the client. I tailor solutions to client requirements. For visibility and monitoring, I choose the best products. Every application, every NDR solution has its capabilities. It varies by client because I must advise clients on solutions they can use and benefit from. I sometimes advise clients about Vectra as it still serves my clients well. It's fair enough for now. The overall product rating is seven out of ten.
Efficient management with minimal manpower and reliable support
What is our primary use case?
As an end user, I do not have to commit manpower to manage Vectra since most of their use cases are managed by them. It's a hands-off kind of deployment.
How has it helped my organization?
The deployment is hands-off, which means it saves us manpower resources since Vectra manages the use cases.
What is most valuable?
Most of their use cases, including deployment, are managed by the tool itself, requiring less manual input from our team.
What needs improvement?
Neither Vectra nor Darktrace have a function like a status health check on my log sources and traffic sources.
For how long have I used the solution?
I have been working with Vectra for one or two years.
What do I think about the stability of the solution?
It's pretty good with no major issues.
How are customer service and support?
The support is quite reliable depending on the service engineer assigned. I would rate them between eight and nine.
Which solution did I use previously and why did I switch?
We are also working with Darktrace.
How was the initial setup?
The setup is generally straightforward.
What's my experience with pricing, setup cost, and licensing?
Vectra is cheaper in terms of pricing and features compared to Darktrace.
Which other solutions did I evaluate?
Vectra was compared alongside Darktrace.
What other advice do I have?
Vectra serves its purpose well and does not require much manpower for updates.
I'd rate the solution eight out of ten.
The weekly reports needed more insights and explanation but deployment is straightforward
What needs improvement?
We had another product with Vectra AI and used the MDR solution as an add-on. Initially, it wasn't fully appropriately configured, so we didn't get the expected results. Even once configured correctly, we weren't fully satisfied with its response. The issue was both with their service response and the product's capabilities.
The solution's weekly reports needed to have more explanations. However, we needed more explanations because the reports provided were mainly statistical. We were looking for more analysis and insights.
For how long have I used the solution?
I have been working with the product for less than a year.
How was the initial setup?
The initial setup was pretty straightforward.
What's my experience with pricing, setup cost, and licensing?
The solution's pricing was 50 percent lower than the other vendors shortlisted.
What other advice do I have?
I wouldn't recommend the product to others. We are moving away from it. I rate the overall solution a six out of ten.
Offers real-time threat detection, notices some of the exfiltration techniques and alerts us, and AI uses models to detect abnormal behavior
What is our primary use case?
We use Vectra AI for endpoints where we are unable to install agents, like endpoint agents, EDR agents, or antivirus tools. For example, BYOD devices or routers in our network. We don't have any control over those, but we need monitoring capability.
Vectra AI can monitor the traffic from the wireless router to the firewall or any outgoing traffic. It can give us an idea of whether there is any C&C or C2 communication or any botnet activity from those source IPs. Without having any agents in the endpoint, it is a network monitoring tool. We use this tool to detect threats within the environment where the assets are unmanaged.
Also, since we tap into certain network points such as firewalls or IDSs, we get more visibility from managed assets as well. So before the endpoint notices the behavior, Vectra notices some of the exfiltration techniques and alerts us.
How has it helped my organization?
Overall, it is good and has reduced our time in identifying the system. It is for unmanaged devices. Previously, if we got an alert from the firewall, it was very difficult to find that particular asset. But with the help of this tool, we can simply run a packet capture and immediately get the hostname and know which user is using it.
It has greatly reduced our time to remediate the situation. We can identify the user, block their account immediately, and sometimes kick that device off the network completely.
It has a confidence level of around 60% to detect insider threats of anomalies, but we mostly need to fine-tune the product. We are still in the fine-tuning process. Even though it has been one year since we implemented the product, the first six months were spent integrating various log servers and determining where to tap.
For the past three months, we have been actively investigating the alerts. When we investigate some of the insider alerts, most of the time it is a false positive because the domain is allowed. Vectra does not know that those are allowed domains, such as OneDrive and SharePoint, to access our network devices.
It considers it malicious because a huge amount of file uploads is seen, according to Vectra. But we know those are known URLs and known behavior. When we slowly started whitelisting, the threat confidence level increased. So right now, for insider threats, it gives around 60% confidence, but around 80% of the incidents were false positives because we are still in the fine-tuning process.
What is most valuable?
The packet capturing feature is very useful, and as the name suggests, AI uses models to detect abnormal behavior. Some of the patent-matching algorithms they use are very advanced and detect threats at a very early stage.
For me, detections from unmanaged networks are one of the greatest values. You can identify threats from BYOD or even mobile devices, which were not handled before.
What needs improvement?
The detection algorithms can be improved at the sensor level rather than doing all the things at the brain. For example, if the sensor has some directional algorithm or detects repeating traffic, it can drop those packets at the beginning itself. There is no need to send that traffic to the brain in order to reduce the bandwidth.
AI is picking up a lot now. There is no manual intervention needed. Whenever a detection happens, it can automatically summarize and give it to you. But Vectra doesn't have those kinds of capabilities. It still needs manual intervention to analyze, and they don't have a summarized kind of output. So that can be improved. But apart from that, the detection models and all the other categories have good support for that.
In future releases, I would like to see Vectra AI to generate a summary of the instance.
For how long have I used the solution?
I have been using it for a year.
What do I think about the stability of the solution?
What do I think about the scalability of the solution?
I would rate it at eight. The remaining two points I'm not giving because it's a fairly new product. So far, it is good as per our test and it is able to scale as well.
The only limit is you need to increase the sensors when you have more traffic. For example, the current sensors can handle up to 50 GBPS of traffic per second. If you need more traffic to be utilized, then you need to buy additional sensors to handle the traffic.
From a technical perspective, there is not much more possible, because there are some hard limits in the hardware. You cannot increase the bandwidth. They have other options to increase with more sensors, but it ultimately ends up being a cost factor.
If you have more money, you can buy more sensors and do it.
In our organization, we are an MSSP provider. We use Vectra, and our entire SOC team, which is around 20 people, uses Vectra for our MSSP. We have two customers who are also using this product. Two of the largest telecom industries in Thailand are using this product to understand their behavior as of now. The approximate number of users in those categories will be around ten.
How are customer service and support?
The customer service and support are good. So far, we have not faced any issues at all.
How was the initial setup?
The setup is a very straightforward process. You need to tap the network traffic at your desired point, and it has two components: a sensor and a brain. The sensor collects the logs and forwards them to the brain, which does the detection and everything. They offer a virtual appliance that you can run in your environment.
The setup process is usually very simple. It took only two days to set up. But, initially, deciding the location of the sensor and other factors took more time. The threat team at Vectra AI engaged with us effectively, provided all the support, understood our architecture and advised us on placing the sensors.
What's my experience with pricing, setup cost, and licensing?
The licensing is on annual basis.
What other advice do I have?
I would rate it at nine out of ten. The one point I'm reducing is because the model can learn itself. If no one is fine-tuning it, for example, every time we find a huge number of alerts, then only we go and look it up and fine-tune the product.
If no one is acknowledging it or it seems like regular traffic, then the product can understand that behavior and have a feedback mechanism to correct it, mark it as a false positive, or whitelist it.
My recommendation:
Understand your network first, and place the sensors in the correct position to receive all kinds of traffic: THC, PDNS, and all those things. If you place the sensors at the egress traffic, you may not receive some of the packets, and you will not have overall visibility.
So the placement of sensors is very important; you need to understand your network to place them correctly.
showing 1 - 10