Vectra AI and Cortex XSIAM compete in the cybersecurity solutions category, focusing on threat detection and response. Based on the feature sets and user feedback, Vectra AI has an edge in actionable alerting and reducing false positives, which are critical in efficient threat management.
Features: Vectra AI excels with strong detection capabilities for east-west traffic, alert reduction through roll-up features, and metadata enrichment. Its integration with existing security tools and ability to track an attack's lifecycle also differentiate it. Cortex XSIAM's strengths include a comprehensive threat detection approach integrating machine learning, robust third-party integration, and valuable forensic investigation tools.
Room for Improvement: Vectra AI needs better SIEM integration, improved syslog handling, and more deployment flexibility across varied environments. Users also suggest enhancements in detection specificity and dashboard functionality. Cortex XSIAM could improve integration capabilities, optimize performance under heavy usage, and address pricing and technical support concerns to increase versatility within broader ecosystems.
Ease of Deployment and Customer Service: Vectra AI offers both on-premises and cloud solutions and is praised for responsive and knowledgeable technical support, with a positive view of customer service. Cortex XSIAM, mainly a cloud solution, is also recognized for its responsive technical support, concentrating on centralized assistance to meet user needs effectively.
Pricing and ROI: Vectra AI is seen as expensive, with some users citing its dated licensing model and extra feature costs. However, users report significant ROI through reduced incident response times and enhanced security operations. Cortex XSIAM is competitively priced but can become costly with add-ons. The ROI primarily comes from improved security efficiencies and faster threat detection, which many users find justifies its cost.
With premium support, core Palo Alto technical experts handle issues directly.
It is ineffective in terms of responding to basic queries and addressing future requirements.
I would rate the support of Palo Alto a nine out of ten.
The support is quite reliable depending on the service engineer assigned.
When I create tickets, the response is fast, and issues are solved promptly.
Without proper integration, scaling up with more servers is meaningless.
Cortex XSIAM is highly scalable.
The product was easy to install and set up and worked right.
Overall, Cortex XSIAM is stable.
Cortex XSIAM is on the expensive side and requires substantial improvement in pricing.
In terms of incident response automation, it is quite poor due to the lack of integration with all security tools, making manual intervention necessary.
Cortex XSIAM needs improvements in terms of data onboarding, parsers, and third-party integration supports.
ExtraHop's ability to decrypt encrypted data is a feature that Vectra AI lacks.
You need to have a Linux server, and from the Linux server, you must perform AI tasks, and there is a lot to be handled in the back end.
Neither Vectra nor Darktrace have a function like a status health check on my log sources and traffic sources.
The first impression is that XSIAM would be more expensive than others we tried.
Cortex XSIAM is pretty expensive, and the licensing process is not very comfortable.
The licensing cost of Cortex XSIAM is more or less the same as Splunk, making it quite expensive compared to other tools.
Vectra is cheaper in terms of pricing and features compared to Darktrace.
It is very acceptable when you compare it with Darktrace, for example.
The advanced visualization capabilities of the product are important for understanding security trends in an organization.
Cortex XSIAM allows us to onboard almost every device, whether they are on-prem or on SaaS.
Cortex XSIAM is able to detect abnormal behavior of malicious code and subsequently block it.
The main feature of Vectra AI that I find valuable is its focus on the user interface and its approximately two hundred algorithms based on artificial intelligence and machine learning.
There are extensive out-of-box detection capabilities.
| Product | Market Share (%) |
|---|---|
| Cortex XSIAM | 5.5% |
| Vectra AI | 1.9% |
| Other | 92.6% |
| Company Size | Count |
|---|---|
| Small Business | 9 |
| Midsize Enterprise | 2 |
| Large Enterprise | 3 |
| Company Size | Count |
|---|---|
| Small Business | 8 |
| Midsize Enterprise | 10 |
| Large Enterprise | 27 |
Cortex XSIAM acts as a critical element for SOC foundations, integrating SIEM and EDR capabilities, valued for threat detection and seamless security orchestration with Palo Alto Networks products.
Organizations find Cortex XSIAM beneficial for SOC foundations due to its capability to integrate SIEM and EDR tools, facilitating data collection, detection, and response. It connects with third-party data sources while reducing management effort and offering cost-effective alternatives to competitors like CrowdStrike and Trend Micro. Featuring automation and integration with Palo Alto Networks products, Cortex XSIAM enhances threat detection. Unified architecture allows a comprehensive view of attacks, further supported by machine learning and integration with existing vendor solutions, ensuring that users gain insights without significant manual log analysis.
What are Cortex XSIAM's key features?
What benefits are evident in Cortex XSIAM reviews?
Industries implement Cortex XSIAM mainly in technology-driven sectors where centralized endpoint protection and automation of forensic investigation are paramount. By integrating several third-party systems for incident response, companies in competitive markets leverage its attributes for heightened operational security efficiency. However, users note areas for improvement, such as Attack Surface Management and integration enhancements, to better suit tech-heavy industries needing extensive connectivity with cybersecurity solutions.
Vectra AI enhances security operations by pinpointing attack locations, correlating alerts, and providing in-depth visibility across attack lifecycles, ultimately prioritizing threats and improving incident responses.
Vectra AI integrates AI and machine learning to detect anomalies early and supports proactive threat response. Its features like risk scoring, alert correlation, and streamlined SOC efficiency are supplemented by integration with tools like Office 365. Users highlight integration, reporting, and customization challenges, alongside limitations in syslog data and false positive management. They seek enhancements in visualization, UI, TCP replay, endpoint visibility, and tool orchestration, with requests for improved documentation, licensing, and cloud processing innovation.
What are the key features of Vectra AI?In industries like finance, healthcare, and critical infrastructure, Vectra AI is crucial for threat detection and network monitoring. Entities use it for identifying anomalous behaviors and enhancing cybersecurity by responding to network activities and analyzing traffic for potential breaches. It operates on-premises and in hybrid cloud settings, enabling threat detection without endpoint agents and supporting compliance and policy enforcement.
We monitor all Identity Threat Detection and Response (ITDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
