Arista NDR vs Corelight comparison

Arista NDR
Read 14 Arista NDR reviews
  • 2,162 Views
  • 1,314 Comparison Views
100% willing to recommend
Corelight
Read 5 Corelight reviews
  • 3,202 Views
  • 1,611 Comparison Views
100% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between Arista NDR and Corelight based on real PeerSpot user reviews.

Find out in this report how the two Network Traffic Analysis (NTA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Arista NDR vs. Corelight Report (Updated: May 2024).
Buyer's Guide
Arista NDR vs. Corelight
May 2024
Download the complete report
Helped 787,779 peers since 2012
 

Categories and Ranking

Arista NDR
Ranking in Network Traffic Analysis (NTA)
8th
Average Rating
9.0
Number of Reviews
14
Ranking in other categories
Network Detection and Response (NDR) (8th)
Corelight
Ranking in Network Traffic Analysis (NTA)
7th
Average Rating
9.0
Number of Reviews
5
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of June 2024, in the Network Traffic Analysis (NTA) category, the mindshare of Arista NDR is 6.5%, up from 4.9% compared to the previous year. The mindshare of Corelight is 7.7%, up from 5.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Network Traffic Analysis (NTA)
Unique Categories:
Network Detection and Response (NDR)
5.6%
No other categories found
 

Featured Reviews

JG
Feb 10, 2021
Gives us network layer visibility into things that may not be covered by other monitoring tools, such as shadow IT
One concern I do have with Awake is that, ideally, it should be able identify high-risk users and devices and entities. However, we don't have confidence in their entity resolution, and we've provided this feedback to Awake. My understanding is that this is where some of the AI/ML is, and it hasn't been reliable in correctly identifying which device an activity is associated with. We have also encountered issues where it has merged two devices into one entity profile when they shouldn't be merged. The entity resolution is the weakest point of Awake so far. Even without that it's useful because with the MNDR team, they'll at least do some of that work for us and then we can follow up on certain things. But that is something that we would want to see improved. Because we have the MNDR team, in some ways we don't work as hands-on with the interface itself as we did before. But another thing that would be helpful would be easier ways to integrate it with other systems. The integrations seem to exist, but they're a little weak in terms of how easy they are to set up, or what kind of information can be pulled in. That's something they've said that they're working on, as part of their roadmap, but that is something that I would like to see improved.
Read full review
HamadaElewa - PeerSpot reviewer
Feb 13, 2024
An expensive solution to monitor internet traffic with multiple dashboards
The huge library especially the open source link, makes it the main engine for Corelight with some enhancements in the commercial version. It has a very powerful level, such as signature-based attacks or behavioral attacks, with enhancements in the design. It is very flexible for intelligent implementations like IPs, especially between big companies and banks. Corelight is easy to understand and monitor what is going on behind the team. The solution is already integrated with other systems like Suricata, Elastic, and Microsoft tools. It's very easy to integrate signature-based or behavior-based engines. You can use Elastic for the dashboards to get it from Corelight, along with all the benefits and expandability.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The interface itself is clean and easy to use, yet customizable. I like that I can create my own dashboards fairly easily so that I can see what is important to me. Also, the query language is pretty easy to use. I haven't needed to use it a ton, but as I need to go in and do different queries based on their requests, it has been fairly simple to use."
"Arista NDR's scalability is very good, making it easy to add more hardware components. You can order additional hardware and integrate it by stacking it with the existing setup. This feature cannot be seen in other NDR tools."
"The most valuable feature is the ability to see suspicious activity for devices inside my network. It helps me to quickly identify that activity and do analysis to see if it's expected or I need to mitigate that activity quickly."
"Other solutions will say, "Hey, this device is doing something weird." But they don't aggregate that data point with other data points. With Awake you have what's called a "fact pattern." For example, if there's a smart toaster on the third floor that is beaconing out to an IP address in North Korea, sure that's bizarre. But if that toaster was made in North Korea it's not bizarre. Taking those two data points together, and automating something using machine-learning is something that no other solution is doing right now."
"The query language that they have is quite valuable, especially because the sensor itself is storing some network activity and we're able to query that. That has been useful in a pinch because we don't necessarily use it just for threat hunting, but we also use it for debugging network issues. We can use it to ask questions and get answers about our network. For example: Which users and devices are using the VPN for RDP access? We can write a query pretty quickly and get an answer for that."
"The security knowledge graph has been very helpful in the sense that whenever you try a new security solution, especially one that's in the detection and response market, you're always worried about getting a lot of false positives or getting too many alerts and not being able to pick out the good from the bad or things that are actual security incidents versus normal day to day operations. We've been pleasantly surprised that Awake does a really good job of only alerting about things that we actually want to look into and understand. They do a good job of understanding normal operations out-of-the-box."
"The most valuable portion is that they offer a threat-hunting service. Using their platform, and all of the data that they're collecting, they actually help us be proactive by having really expert folks that have insight, not just into our accounts, but into other accounts as well. They can be proactive and say, 'Well, we saw this incident at some other customer. We ran that same kind of analysis for you and we didn't see that type of activity in your network.'"
"When I create a workbench query in Awake to do threat hunting, it's much easier to query. You get a dictionary popup immediately when you try to type a new query. It says, "You want to search for a device?" Then you type in "D-E," and it gives you a list of commands, like device, data set behavior, etc. That gives you the ability to build your own query."
More Arista NDR pros
"It's easy to create additional dashboards specific to supporting specific tasks."
"Corelight is easy to use."
"It's an easy way for us to get visibility in a client's environment."
"The most valuable feature is the embedded IDS from Suricata."
"It is easy to deploy and easy to handle."
 

Cons

"I would like to see the capability to import what's known as STIX/TAXII in an IOC format. It currently doesn't offer this."
"I enjoy the query language, but it could be a bit more user-friendly, especially for new users who come across it... They should push it more into a natural language style as opposed to a query language."
"One thing I would like to see is a little bit more education or experience on AWS cloud for their managed services team. We've explained how we have the information set up, that the traffic coming in goes to the AWS load balancer and then gets sent on to our internal servers... but when I get notices they always tell me this traffic is coming from the IPs belonging to the load balancers, not the source IPs. So a little bit more education for their team about how AWS manages the traffic might help out."
"Arista NDR needs to open legal offices to be closer to customers and partners. It needs more visibility in the NDR market in the Middle East. While they are doing well, they lack sufficient engineers. They need to hire more engineers to meet the demand and expand their presence. The current team is good but not enough to fully capture the market."
"The one thing that the Awake platform lacks is the ability to automate the ingestion of IOCs rather than having to import CSV files or JSON files manually."
"I would like to see a bit more in terms of encrypted traffic. With the advent of programs that live off the land, a smart attacker is going to leverage encryption to execute their operation. So I would like to see improvements there, where possible. Currently, we're not going to be decrypting encrypted traffic. What other approaches could be used?"
"They've been focused on really developing their data science, their ability to detect, but over time, they need to be able to tie into other systems because other systems might detect something that they don't."
"Awake Security needs to move to a 24/7 support model in the MNDR space. Once they do that, it will make them even better."
More Arista NDR cons
"In the next release, building a graphical user interface would be helpful."
"They can enhance the interface of the product. They can make it more interactive and also easier to use for feature access."
"The solution’s architecture is complex and difficult to understand. There are multiple machines and VMs."
"Machine learning could be a good improvement, but it's very costly."
"Corelight hasn’t added features in a long time."
 

Pricing and Cost Advice

"Because I represent a hedge fund, I have some leverage. I told them that they had to meet my conditions if they wanted me as a client. It was the same way with Awake. They wanted an initial four-year agreement. Initially, we signed on for a one-year contract, but they wanted the four-year deal when it came time for the renewal. I told them that I was not doing that. I said that they either had to do it on my terms, or I'd go somewhere else."
"We switched to Awake Security because they were able to offer a model that was significantly less expensive and the value that we get out of it is higher."
"The solution is very good and the pricing is also better than others..."
"Awake Security was the least expensive among their competitors. Everyone was within $15,000 of each other. The other solutions were not providing the MNDR service, which is standard with Awake Security's pricing/licensing model."
"The solution has saved thousands of dollars within the first day. Our ROI has to be in the tens of thousands of dollars since October last year."
"The pricing seems pretty reasonable for what we get out of it. We also found it to be more competitive than some other vendors that we've looked at."
"Awake's pricing was very competitive. It's not a cheap option though. It's an investment to utilize it, but it's one that we decided was worth the cost, with the managed services. At our scale, it was a much better option to utilize their software and their managed services to handle this, rather than hiring another person to be an analyst. It was quite cost-effective for us."
"It's a yearly fee and depends on what you are looking for."
report
See which vendors are best for you
Use our free recommendation engine to learn which Network Traffic Analysis (NTA) solutions are best for your needs.
See recommendations
787,779 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Financial Services Firm
12%
Manufacturing Company
8%
Educational Organization
7%
Financial Services Firm
15%
Computer Software Company
13%
Government
8%
Construction Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What do you like most about Arista NDR?
Arista NDR's scalability is very good, making it easy to add more hardware components. You can order additional hardware and integrate it by stacking it with the existing setup. This feature cannot...
See all answers
What is your experience regarding pricing and costs for Arista NDR?
The tool's pricing is expensive but it is competitive.
See all answers
What needs improvement with Arista NDR?
Arista NDR needs to open legal offices to be closer to customers and partners. It needs more visibility in the NDR market in the Middle East. While they are doing well, they lack sufficient enginee...
See all answers
What is the biggest difference between Corelight and Vectra AI?
The two platforms take a fundamentally different approach to NDR. Corelight is limited to use cases that require the eventual forwarding of events and parsed data logs to a security team’s SIEM or ...
See all answers
What do you like most about Corelight?
It's easy to create additional dashboards specific to supporting specific tasks.
See all answers
What is your experience regarding pricing and costs for Corelight?
The solution is too expensive compared to others. If you have the technical knowledge, it's good. Corelight is a very big gap between you and others if you’re new.
See all answers
 

Comparisons

Vectra AI vs Arista NDR Logo
Vectra AI vs Arista NDR
Compared 17% of the time
Palo Alto Networks Advanced Threat Prevention vs Arista NDR Logo
Palo Alto Networks Advanced Threat Prevention vs Arista NDR
Compared 16% of the time
Trend Micro Deep Discovery vs Arista NDR Logo
Trend Micro Deep Discovery vs Arista NDR
Compared 15% of the time
Cisco Secure Network Analytics vs Arista NDR Logo
Cisco Secure Network Analytics vs Arista NDR
Compared 13% of the time
NetWitness XDR vs Arista NDR Logo
NetWitness XDR vs Arista NDR
Compared 2% of the time
More Arista NDR Competitors
ExtraHop Reveal(x) vs Corelight Logo
ExtraHop Reveal(x) vs Corelight
Compared 34% of the time
Darktrace vs Corelight Logo
Darktrace vs Corelight
Compared 31% of the time
Vectra AI vs Corelight Logo
Vectra AI vs Corelight
Compared 15% of the time
Cisco Secure Network Analytics vs Corelight Logo
Cisco Secure Network Analytics vs Corelight
Compared 9% of the time
SolarWinds NetFlow Traffic Analyzer vs Corelight Logo
SolarWinds NetFlow Traffic Analyzer vs Corelight
Compared 3% of the time
More Corelight Competitors
 

Product Reports

Buyer's Guide
Arista NDR
June 2024
Arista NDR reportDownload Arista NDR product report
Buyer's Guide
Network Traffic Analysis (NTA)
June 2024
Corelight reportDownload Corelight product report
 

Also Known As

Awake Security Platform
No data available
 

Learn More

Arista
Corelight
 

Overview

Arista NDR (formerly Awake Security) is the only advanced network detection and response company that delivers answers, not alerts. By combining artificial intelligence with human expertise, Arista NDR hunts for both insider and external attacker behaviors, while providing autonomous triage and response with full forensics across traditional, IoT, and cloud networks. Arista NDR delivers continuous diagnostics for the entire enterprise threat landscape, processes countless network data points, senses abnormalities or threats, and reacts if necessary—all in a matter of seconds. The Arista NDP platform stands out from traditional security because it is designed to mimic the human brain. It recognizes malicious intent and learns over time, giving defenders greater visibility and insight into what threats exist and how to respond to them. 

The Advent of Advanced Network Detection and Response & Why it Matters

The 5 Levels of Autonomous Security paper

Corelight is the most powerful network visibility solution for information security professionals. We provide real-time data that organizations use to understand, detect, and prevent cyber attacks. Our solution is built on Zeek, the powerful and widely-used open source monitoring framework.

 

Sample Customers

- Dolby Laboratories- Seattle Genetics- ARM Energy- Ooma- Prophix- Yapstone
Education First
Buyer's Guide
Arista NDR vs. Corelight
May 2024
Free Report: Arista NDR vs. Corelight
Find out what your peers are saying about Arista NDR vs. Corelight and other solutions. Updated: May 2024.
DOWNLOAD NOW
787,779 professionals have used our research since 2012.
See our Arista NDR vs. Corelight report.
See our list of best Network Traffic Analysis (NTA) vendors.

We monitor all Network Traffic Analysis (NTA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.