We performed a comparison between Corelight and Vectra AI based on real PeerSpot user reviews.
Find out in this report how the two Network Traffic Analysis (NTA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It is easy to deploy and easy to handle."
"The most valuable feature is the embedded IDS from Suricata."
"It's easy to create additional dashboards specific to supporting specific tasks."
"It's an easy way for us to get visibility in a client's environment."
"Corelight is easy to use."
"The most valuable feature for Cognito Detect, the main solution, is that external IDS's create a lot of alerts. When I say a lot of alerts I really mean a lot of alerts. Vectra, on the other hand, contextualizes everything, reducing the number of alerts and pinpointing only the things of interest. This is a key feature for me. Because of this, a non-trained analyst can use it almost right away."
"Vectra AI is the best. It is a major product in our cybersecurity."
"It's important for us that the user interface is easy to understand and that is the biggest benefit we see from Vectra AI."
"Cognito Streams gives you a detailed view of what happens in the network in the form of rich metadata. It is just a super easy way to capture network traffic for important protocols, giving us an advantage. This is very helpful on a day-to-day basis."
"Vectra AI generates relevant information."
"One of the things that we didn't expect to happen was that our network team also jumped on it faster than we thought. In most cases, if it's a security tool that's working on the network part, they can also use it to find out certain flaws that have been in the system. Certain flaws, related to some legacy stuff, were already there for quite a few years, which they couldn't explain at first, but we could explain them based on the timing of certain things."
"One of the most valuable features of the platform is its ability to provide you with aggregated risk scores based on impact and certainty of threats being detected. This is both applied to individual and host detections. This is important because it enables us to use this platform to prioritize the most likely imminent threats. So, it reduces alert fatigue follow ups for security operation center analysts. It also provides us with an ability to prioritize limited resources."
"Vectra produces actionable data using automation. That has helped us. It's less manpower now to look at incidents, which has definitely increased efficiency. Right now, in a lot of cases, our mean time to detection is within zero days. This tells me by the time something happened, and we were able to detect it, it was within the same day."
"Corelight hasn’t added features in a long time."
"They can enhance the interface of the product. They can make it more interactive and also easier to use for feature access."
"The solution’s architecture is complex and difficult to understand. There are multiple machines and VMs."
"Machine learning could be a good improvement, but it's very costly."
"In the next release, building a graphical user interface would be helpful."
"The false positives and the tuning side of it is something that could use improvement. But that could be from our side."
"We would like to see more information with the syslogs. The syslogs that they send to our SIEM are a bit short compared to what you can see. It would be helpful if they send us more data that we can incorporate into our SIEM, then can correlate with other events."
"I would like to see data processed onshore. Right now, the cloud components, like Office 365, must be processed on servers outside of Australia. I would like to see a future adoption of onshore processing."
"A blind spot that I have is around the ease with which you can automate threat intervention."
"One of the things that we are missing a bit is the capability to add our own rules to it. At the moment, the tech engine does its thing, but we have some cool ideas to make additional rules. There should be an option in the platform to add custom rules, or there should be some kind of user group where we can suggest them for the roadmap and see if they get evaluated and get transparent communication on whether they will be implemented in the product or not."
"In comparison with a lot of systems I used in the past, the false positives are really a burden because they are taking a lot of time at this moment."
"One of the things I am not so happy about when it comes to Vectra is the scoring board."
"An area for improvement in Vectra AI is reporting because it currently needs some details. For example, when you download a report from Vectra AI, you won't see complete information about the alerts or triggers. Another area for improvement in the tool is that sometimes, an alert has high severity, yet it's marked as low severity. Vectra AI should have a mechanism to change the severity level from low to high or critical."
Corelight is ranked 7th in Network Traffic Analysis (NTA) with 5 reviews while Vectra AI is ranked 2nd in Network Traffic Analysis (NTA) with 39 reviews. Corelight is rated 9.0, while Vectra AI is rated 8.6. The top reviewer of Corelight writes "An open-source solution that gave us insight into our clients' network traffic flow ". On the other hand, the top reviewer of Vectra AI writes "Integrates well with other security solutions and provides good technical support". Corelight is most compared with ExtraHop Reveal(x), Darktrace, Cisco Secure Network Analytics, Arista NDR and SolarWinds NetFlow Traffic Analyzer, whereas Vectra AI is most compared with Darktrace, ExtraHop Reveal(x), Cisco Secure Network Analytics, Arista NDR and Rapid7 InsightIDR. See our Corelight vs. Vectra AI report.
See our list of best Network Traffic Analysis (NTA) vendors.
We monitor all Network Traffic Analysis (NTA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Does this help? www.vectra.ai
Corelight. Its based on bro. Most top SIEMS using bro as engine. Corelight owns it. they develop it. Easy to deploy, amazing threat hunting, Threat detection and response. The list is endless but TCO better with Corelight as well.
I would recommend you look at Darktrace instead. Extrahop and the new kid on the block, Awake security are also recommended.