Aruba IntroSpect vs Vectra AI comparison

Read 42 Vectra AI reviews

9,151 Views
4,245 Comparison Views

97% willing to recommend

Aruba IntroSpect

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Aruba IntroSpect and Vectra AI based on real PeerSpot user reviews.

Find out in this report how the two Network Traffic Analysis (NTA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed Aruba IntroSpect vs. Vectra AI Report (Updated: May 2024).

Aruba IntroSpect vs. Vectra AI

May 2024

Download the complete report

Helped 787,779 peers since 2012

Categories and Ranking

Aruba IntroSpect

Ranking in Network Traffic Analysis (NTA)

14th

Average Rating

8.6

Number of Reviews

Ranking in other categories

User Entity Behavior Analytics (UEBA) (26th)

Vectra AI

Ranking in Network Traffic Analysis (NTA)

2nd

Average Rating

8.6

Number of Reviews

Ranking in other categories

Intrusion Detection and Prevention Software (IDPS) (2nd), Network Detection and Response (NDR) (2nd), Identity Threat Detection and Response (ITDR) (6th)

Mindshare comparison

As of June 2024, in the Network Traffic Analysis (NTA) category, the mindshare of Aruba IntroSpect is 1.2%, down from 1.7% compared to the previous year. The mindshare of Vectra AI is 22.0%, down from 24.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Network Traffic Analysis (NTA)

Unique Categories:

User Entity Behavior Analytics (UEBA)

0.4%

Intrusion Detection and Prevention Software (IDPS)

13.3%

Network Detection and Response (NDR)

23.9%

Featured Reviews

Ahmed Hawary

Network Product Manager/ Senior Presales engineer at Nahil Computers

Dec 11, 2019

A straightforward setup for technical users and an overall good product

We primarily use the solution to do sizing in order to do analysis on the packet between users on Wi-Fi and the servers. It helps us to know if there are any issues with the packet or not. The client chose the solution. It's been a while since I've used it, so I don't know if I can talk about its…

Read full review

reviewer2120739

CyberOps at a manufacturing company with 10,001+ employees

Mar 7, 2023

Simple implementation and has precise detection

Our primary use case for this solution is for security policy and to detect potential attacks on our networks This solution helped our mean time to identify as we can have more precise detection and documentation. At the moment, we're seeing daily detection of between 10 and 20 and if it's on the…

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"Roaming feature, application control and firewall features."

"The most valuable feature is the end-user monitoring. If there is any abnormal behavior on the machine, the administrator will be alerted."

"I haven't heard of any issues with stability."

"We particularly like the user experience around the dashboard, which we find to be much more straightforward than the dashboard of some of the competitive products... Vectra is a really easy system to understand and use to prioritize where we need to focus our security resources."

"Vectra AI is the best. It is a major product in our cybersecurity."

"Vectra is very compatible with various cloud providers, such as Amazon and Azure AD. This is helpful as customers often migrate their network infrastructure to the cloud."

"We discovered a lot of things in our network and are correcting several misconfigurations. We are learning how some apps work together and how some things shouldn't happen. It's also easier for us to identify the source of a brute force, whereas before, we didn't even know we had a brute force."

"The biggest feature for us, because we are heavy Microsoft users, is its integration with Office 365. On top of Vectra AI, we use all of the Microsoft security platforms, such as Defender ATP and Sentinel. Having full integration and a central platform to look at all of the threats that are coming through from the different platforms is a huge benefit for us."

"The solution's ability to reduce alerts, by rolling up numerous alerts to create a single incident or campaign, helps in that it collapses all the events to a particular host, or a particular detection to a set of hosts. So it doesn't generate too many alerts. By and large, whatever alerts it generates are actionable, and actionable within the day."

"The key feature for me for Detect for Office 365 is that it can also concentrate all the information and detection at one point, the same as the network solution does. This is the key feature for me because, while accessing data from Office 365 is possible using Microsoft interfaces, they are not really user-friendly and are quite confusing to use. But Detect for Office 365 is aggregating all the info, and it's only the interesting stuff."

"The most useful feature is the anomaly detection because it's not signature-based. It picks up the initial part of any attack, like the recon and those aspects of the kill chain, very well."

More Vectra AI pros

Cons

"I would like to see improvements made to the dashboard, where you can get the information with a simple click."

"The packet analyzer needs improvement."

"Technical support is a little slow."

"We had another product with Vectra AI and used the MDR solution as an add-on. Initially, it wasn't fully appropriately configured, so we didn't get the expected results. Even once configured correctly, we weren't fully satisfied with its response. The issue was both with their service response and the product's capabilities."

"Vectra is still limited to packet management. It's only monitoring packet exchanges. While it can see a lot of things, it can't see everything, depending on where it's deployed. It has its limits and that's why I still have my SIEM."

"It would be commercially beneficial if Vectra AI had something like Darktrace's Antigena Email or something similar to email protection."

"I think Vectra AI's automation, reporting, and integration could be improved."

"I would like to see data processed onshore. Right now, the cloud components, like Office 365, must be processed on servers outside of Australia. I would like to see a future adoption of onshore processing."

"We are using SMB 3.0, which is an encrypted protocol. When we get some alerts or something, we cannot go deep into the protocol to see what's wrong because it's encrypted. We need to decrypt the protocol in another way, which is quite difficult. We might go back to SMB 2.0 just for this reason, but that's not a good solution."

"Other alternatives, like Darktrace, have a fancier UI."

"The solution has not reduced the security analyst workload in our organization because we still need to SIEM. Unfortunately, while Vectra, for us, is a brilliant tool for network investigations, giving wonderful visibility, it doesn't go the whole way to replace our SIEM that is needed for compliance. So, I still have the same amount of alerting and logging that I did before. It gives us more defined ability to see incidents, but it doesn't give us enough information to satisfy a PCI or 27001 audit."

More Vectra AI cons

Pricing and Cost Advice

"The license is based on the number of users. The evaluation license is free, you can download it from the website and try it out first."

"From a pricing perspective, they are very commercially competitive. From a licensing perspective, just be conscious that some of their future cloud solutions come with additional subscriptions. Also, if you're outside of the US, you will get charged freight for the device back to your country."

"The license is based on the concurrent IP addresses that it's investigating. We have 9,800 to 10,000 IP addresses."

"The licensing is on an annual basis."

"At the time of purchase, we found the pricing acceptable. We had an urgency to get something in place because we had a minor breach that occurred at the tail end of 2016 to the beginning of 2017. This indicated we had a lack of ability to detect things on the network. Hence, why we moved quickly to get into the tool in place. We found things like Bitcoin mining and botnets which we closed quickly. In that regard, it was worth the money."

"It's relatively on the pricier side, but when compared to other solutions. It's not the most budget-friendly option, but it can be considered somewhat more cost-effective in comparison to other alternatives."

"The solution is low-cost and affordable."

"From a licensing perspective, the Vectra detect platform is pretty doable. Also, the hardware prices are nothing that we're not used to. The stream part is a little overpriced compared to the detect part. The reason is that you need to stream data to detect events anyway, so the data is in there. The only thing that's not available is the UI to be able to look at the stream data, which is also on the appliances but is just not activated. That's mainly the thing that we want to improve on."

"Vectra's pricing is too high. All schools will not be able to afford it. Vectra will only end up targeting higher education and higher value independence purely because of the price. A lot of schools would love to have a product like Vectra AI, but they simply can't because they struggle to even pay the high E5 licensing from Microsoft. When you're up against that, Vectra AI is never going to be within the sector's price range."

More Vectra AI pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Network Traffic Analysis (NTA) solutions are best for your needs.

See recommendations

787,779 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

16%

Retailer

Construction Company

Financial Services Firm

Computer Software Company

16%

Financial Services Firm

12%

Government

Manufacturing Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

No data available

Questions from the Community

What is your experience regarding pricing and costs for Aruba IntroSpect?

Aruba Introspect has two licenses - advanced and standard. While we found the price of the advanced license to be a bit high, the standard license is reasonably priced and costs less than half the ...

What is the biggest difference between Corelight and Vectra AI?

The two platforms take a fundamentally different approach to NDR. Corelight is limited to use cases that require the eventual forwarding of events and parsed data logs to a security team’s SIEM or ...

What do you like most about Vectra AI?

The solution is currently used as a central threat detection and response system.

What is your experience regarding pricing and costs for Vectra AI?

The licensing is on annual basis.

Arista NDR vs Aruba IntroSpect

Comparisons

Compared 34% of the time

Cisco Secure Network Analytics vs Aruba IntroSpect

Compared 32% of the time

LogRhythm UEBA vs Aruba IntroSpect

Compared 20% of the time

Darktrace vs Aruba IntroSpect

Compared 15% of the time

More Aruba IntroSpect Competitors

Darktrace vs Vectra AI

Compared 36% of the time

ExtraHop Reveal(x) vs Vectra AI

Compared 11% of the time

Cisco Secure Network Analytics vs Vectra AI

Compared 7% of the time

Arista NDR vs Vectra AI

Compared 6% of the time

Corelight vs Vectra AI

Compared 4% of the time

More Vectra AI Competitors

Product Reports

User Entity Behavior Analytics (UEBA)

June 2024

Download Aruba IntroSpect product report

Download Vectra AI product report

May 2024

Also Known As

IntroSpect

Vectra Networks, Vectra AI NDR

Learn More

HPE Aruba Networking

Overview

Aruba IntroSpect is a User Behavior Analytics (UEBA) tool that uses supervised and unsupervised machine learning to automatically baseline user and device behavior while actively looking for anomalous activity that may indicate a threat. The solution detects compromised users’ systems by identifying changes in typical IT access and usage. By accelerating alert prioritization, incident investigation, and threat-hunting efforts, Aruba IntroSpect can automate the detection of attacks and risky behaviors. In addition, the solution allows security teams to stay ahead of malicious activity and also insecure or negligent users, so they can manage threats before they become damaging. Aruba IntroSpect is suitable for IT organizations of every size and enables businesses to easily and rapidly scale machine-learned behavior detection from small projects to full enterprise deployments.

Aruba IntroSpect can detect:

Account abuse
Account takeover
Command and control
Data exfiltration
Lateral movement
Password sharing
Privilege escalation
Flight risk
Phishing
Ransomware

Aruba IntroSpect Deployment Options

On-premise VM or appliance for Packet Processor
AWS or on-premise deployment for Analyzer

Aruba IntroSpect Data Sources

The IntroSpect platform can process data sources, including:

VPN, FW, IPS/IDS, web proxy, email logs
NTA sources: Packets and NetFlow
DNS logs
Active Directory logs
DHCP logs
External threat feeds
Alerts from third-party security infrastructure

Aruba IntroSpect Features

Aruba IntroSpect has many valuable key features. Some of the most useful ones include:

Advanced analytics
100+ supervised and unsupervised machine learning models
Continuously updated risk scoring
Accelerated investigations
Packets
Flows
Logs and alerts
Enterprise scale
Spark/Hadoop platform

Aruba IntroSpect Benefits

There are many benefits to implementing Aruba IntroSpect. Some of the biggest advantages the solution offers include:

Fast deployment: Besides having different options for deployment (on-prem or cloud), the solution offers a standalone or integrated platform. For fast deployment, users can ingest data natively or from SIEM, log management, or a packet broker.

Efficient: The Aruba IntroSpect solution reduces the time and effort that is required to understand, diagnose, and respond to an attack.

Deep insights: Security teams can triage better, make more informed decisions, and respond before damage occurs.

Machine learning-based analytics: The solution builds baselines for normal behavior of both individual entities and groups by continuously monitoring IT activities.

Comprehensive security profile: When users implement Aruba IntroSpect, they gain access to a security profile with continuous risk scoring and enriched security information.

Automatic risk profiles: Aruba IntroSpect automatically creates a risk profile for every user, system, and IoT device connected to the network, saving users an additional step.

Proactive threat hunting: Through its query interface, Aruba IntroSpect proactively spots threats without the overhead of finding, searching, and summarizing isolated data stores.

Prioritize security risks: Risk scores are based on machine learning that can account for key factors like the order and time of incidents across various attack stages as well as time since detection and business context. Accurate, normalized scores mean security analysts can confidently prioritize their efforts.

Instant visibility: When using the solution, users get instant visibility to high-risk activity. Aruba IntroSpect provides access to complete investigative records.

Vectra threat detection and response is a complete cybersecurity platform that collects, detects, and prioritizes security alerts. The Cognito platform for Network Detection and Response (NDR) detects and responds to attacks inside cloud, data center, Internet of Things, and enterprise networks. The platform also provides automated response capabilities for low-level threats and escalates more severe anomalies to security personnel.

Cognito captures data for multiple relevant sources and enriches it with context and security insights. It starts by deploying sensors across different networks in datacenters, IoT, or enterprise networks. The algorithm extracts relevant metadata from network and cloud traffic. The information can also be non-security information that can help investigation.

The data is enriched with security context to support critical use cases, such as threat detection, investigation, hunting and compliance. The platform is machine learning-based, which enables it to adapt to any new and current threat scenario. It detects, clusters, prioritizes, and anticipates attacks by using identity and host-level enforcement.

With the Vectra platform, a person can investigate 50 threats in just two hours. By prioritizing alerts and leveraging threat intelligence, it provides faster results.Vectra solves today’s security challenges for network detection and response.

One of Vectra’s best features is the emphasis they put in pairing research and data science for security insights. It offers behavior codification with unsupervised, supervised, and deep learning models.

The pricing is according to a subscription model with a free trial available.Vectra is available for Office 365, Azure AD and AWS Brain.

Features of Vectra AI

AI-based threat detection and response.
Detects attacks in real time with behavior-based threat detection.
Consolidates and correlates thousands of events, detecting threats.
Enriches threat investigation with a chain of evidence and data science security insights.
Machine learning techniques, including deep learning and neural networks.
Gives visibility into cyberattackers and analyzes all network traffic.
Continuous updates with new threat detection algorithms.
Provides encryption at rest and in transit. For the AWS version, it offers AES-256 encryption via AWS Key Management Service.
Guaranteed availability according to the SLA of the service selected.
Does not connect to public sector networks.

Benefits of Vectra AI

Behavioral models use AI to find unknown attackers.
Context increases the accuracy of threat hunting.
Allows for proactive action by prioritizing the most relevant information.
Provides a clear picture and extensive context for investigations.
Aids decision-making in the incident response process.
Helps working with large datasets by capturing metadata at scale.
Automates time-consuming analysis.
Reduces the security analysts’ workloads on threat investigations.

Other advantages of Vectra services include that they can be deployed in the public, private, or hybrid cloud. Support is available via email or online ticketing with an average of 4 hours of response. Phone support is available 24/7.

Vectra provides full on-site and online training and documentation. Regarding the user interface, it supports several types of web browsers, such as Internet Explorer, Microsoft Edge, Firefox, Chrome, Safari and Opera. However, it is not available for mobile devices.

Reviews from Real Users

Here’s what PeerSpot users of Vectra AI have to say about it:

"One of the core features is that Vectra AI triages threats and correlates them with compromised host devices. From a visibility perspective, we can better track the threat across the network. Instead of us potentially finding one device that has been impacted without Vectra AI, it will give us the visibility of everywhere that threat went. Therefore, visibility has increased for us." - Dave W., Operations Manager at a healthcare company

"It does a reliable job of parsing out the logs of all the network traffic so that we can ingest them into our SIEM and utilize them for threat hunting and case investigations. It is pretty robust and reliable. The administration time that we spend maintaining it or troubleshooting it is very low.” - T.S., Senior Security Engineer at a manufacturing company

Sample Customers

Sage Hotel, Centara Hotels and Resorts, Asda, The Dolder Grand,

Tribune Media Group, Barry University, Aruba Networks, Good Technology, Riverbed, Santa Clara University, Securities Exchange, Tri-State Generation and Transmission Association