ExtraHop Reveal(x) vs Vectra AI comparison

ExtraHop Reveal(x)
Read 12 ExtraHop Reveal(x) reviews
  • 2,912 Views
  • 2,152 Comparison Views
100% willing to recommend
Vectra AI
Read 42 Vectra AI reviews
  • 8,689 Views
  • 4,112 Comparison Views
97% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Feb 18, 2024

We compared Vectra AI and ExtraHop Reveal(x) based on our user's reviews in 4 parameters. After reading all of the collected data, you can find our conclusion below.

Vectra AI excels in customer service, advanced threat detection, and competitive pricing. User feedback on ExtraHop Reveal(x) highlights robust network visibility, intuitive user interface, and highly regarded customer support. Vectra AI users appreciate the affordability and flexibility of the pricing, while ExtraHop Reveal(x) users value the comprehensive analytics capabilities. 

Features: Vectra AI stands out for its advanced threat detection capabilities, machine learning algorithms, and automated response features. ExtraHop Reveal(x) is praised for its robust network visibility, comprehensive analytics, and intuitive user interface.

Pricing and ROI: Vectra AI offers competitive pricing with reasonable setup costs and flexible licensing options. ExtraHop Reveal(x) is also well-received for its cost-effectiveness, low setup cost, and straightforward licensing process. Users have had positive experiences with both products in terms of pricing, setup cost, and licensing. Vectra AI delivered ROI that exceeded expectations with significant security and efficiency improvements. ExtraHop Reveal(x) was praised for enhancing network visibility and security with user-friendly interface and robust functionalities.

Room for Improvement: Vectra AI has room for improvement in its complex and unintuitive user interface, lack of customization options, occasional glitches, and high pricing. ExtraHop Reveal(x) could enhance its user interface, accuracy, documentation, and customer support for a better user experience.

Deployment and Customer Support: Vectra AI may be a bit complex and require additional customization for on-prem installations. ExtraHop Reveal(x) is considered simple and offers a user-friendly initial setup. Vectra AI stands out for its exceptional customer support, with knowledgeable staff providing quick solutions. ExtraHop Reveal(x) also has good support, however, it suffers from occasional quality issues.

The summary above is based on 31 interviews we conducted recently with Vectra AI and ExtraHop Reveal(x) users. To access the review's full transcripts, download our report.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed ExtraHop Reveal(x) vs. Vectra AI Report (Updated: June 2024).
Buyer's Guide
ExtraHop Reveal(x) vs. Vectra AI
June 2024
Download the complete report
Helped 793,295 peers since 2012
 

Categories and Ranking

ExtraHop Reveal(x)
Ranking in Network Detection and Response (NDR)
5th
Average Rating
8.6
Number of Reviews
12
Ranking in other categories
Network Traffic Analysis (NTA) (4th)
Vectra AI
Ranking in Network Detection and Response (NDR)
2nd
Average Rating
8.6
Number of Reviews
42
Ranking in other categories
Intrusion Detection and Prevention Software (IDPS) (2nd), Extended Detection and Response (XDR) (12th), Identity Threat Detection and Response (ITDR) (6th), AI-Powered Cybersecurity Platforms (3rd)
 

Mindshare comparison

As of July 2024, in the Network Detection and Response (NDR) category, the mindshare of ExtraHop Reveal(x) is 13.1%, up from 10.9% compared to the previous year. The mindshare of Vectra AI is 21.4%, down from 21.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Network Detection and Response (NDR)
Unique Categories:
Network Traffic Analysis (NTA)
24.3%
Intrusion Detection and Prevention Software (IDPS)
13.3%
Extended Detection and Response (XDR)
1.6%
 

Featured Reviews

Henry-Steinhauer - PeerSpot reviewer
Sep 21, 2022
It enabled us to create dynamic triggers that allow us to inspect packet flow in real-time.
We've been able to leverage the information to show other vendors we use that there are issues with the SaaS solution they provide to our EMR physicians. At the top of every hour, they were doing a data recovery operation in the event of an outage of some sort. That was preventing our physicians from using the application. It only lasted about five minutes, but the physicians had to stop working. Of course, when they called the support desk and finally reached a support person, the vendor insisted it was our problem, not theirs. This data helped to prove it was their problem. They eventually brought in some other consultants from the hardware vendor and corrected the issue.
Read full review
RM
Mar 7, 2023
Helps us to have more visibility in terms of what happens in our network and the network at large
In terms of valuable features, I like the ability to record the traffic and the metadata in the traffic. I also like the ability to rewind the past and be able to understand what happened. Some of my colleagues like the ability to investigate incidents. Vectra AI has had a positive effect on the productivity of our company's top teams. They use it a lot to understand what's going on. However, we still need to teach people how to use it to its full potential because it's quite a complicated product. The Sidekick MDR service is quite important to our organization’s security monitoring and management. The Sidekick team is able to give us the ins and outs of what's going on with some incidents. They are able to triage and help us to focus on a particular part of detection. They also gave us advice on how to configure some parts of the product. The two people I worked with from the MDR service are really good at what they do, and it's quite nice to work with them.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable features of ExtraHop Reveal(x) are the detection and alerting of network behavior and anomalies."
"When there are performance issues with an HTTP app, ExtraHop enables us to identify the causes within a few minutes. We can see what transactions are being impacted by something that may be happening within the server environment."
"It's a wire analytics tool. We use it for isolating and determining issues on our network or applications. It does a lot for crediting the network as opposed to discrediting the network. A lot of people come along and say that it's a network issue. It's always considered to be a network issue, but by using ExtraHop, we can quickly tell them that it's not a networking issue. It's something to do with your application or something at the other end. It could be a database issue. This tool gives us the ability to pinpoint with great accuracy the comings and goings on our network."
"The solution's ability to decrypt SSL traffic is its most valuable feature."
"Reveal X integrates seamlessly with CrowdStrike. If you see something sketchy on the network, you can quarantine devices through ExtraHop and it'll push to the CrowdStrike server."
"Setting up the solution is relatively easy."
"ExtraHop Reveal(x) is one of the tools that works out of the box when it comes to threat hunting."
"The security features of this solution are the most valuable."
More ExtraHop Reveal(x) pros
"Some valuable features of Vectra AI are that it is very intuitive and that there are only a small amount of false positives. Therefore, it's an effective solution."
"It gives you access, with Recall, to instant visibility into your network through something like a SIEM solution. For us, being able to correlate all of this network data without having to manage it, has provided immediate value. It gives us the ability to really work on the stuff where I and my team have expertise, instead of having to manage a SIEM solution..."
"The administrative privilege detection feature is the most valuable feature. The admin accounts are often highly accessible to the high-risk component of the environment. If those accounts are compromised or are being used in a suspicious manner, that's high-fidelity events for us to look into."
"It provides various dashboards that facilitate the identification of connections and can detect data exfiltration, meaning data sent from your environment to another."
"One of the core features is that Vectra AI triages threats and correlates them with compromised host devices. From a visibility perspective, we can better track the threat across the network. Instead of us potentially finding one device that has been impacted without Vectra AI, it will give us the visibility of everywhere that threat went. Therefore, visibility has increased for us."
"The solution is currently used as a central threat detection and response system."
"Scalability wise, we have many sensors, and Vectra AI seems to handle them all very well."
"Vectra produces actionable data using automation. That has helped us. It's less manpower now to look at incidents, which has definitely increased efficiency. Right now, in a lot of cases, our mean time to detection is within zero days. This tells me by the time something happened, and we were able to detect it, it was within the same day."
More Vectra AI pros
 

Cons

"I think the tuning capabilities could be improved. We're working on minimizing false positives. Apart from that, everything seems fine to me."
"ExtraHop Reveal(x) could improve by allowing a longer look back in the feature. Right now you have a limit of 30 days to look back on your activity. I've used Darktrace before, and they allow you the ability to play back events. This would be a good feature to have in ExtraHop Reveal(x)."
"The solution is expensive and gets more expensive if a company needs to scale it."
"They used to have the ability to decode Citrix sign-on, setup, and tear down. Unfortunately, Citrix has stopped sharing that knowledge. Citrix has continued to change its model of processing, making it harder and harder to troubleshoot."
"I would like to see more cloud capability."
"The solution should include more support protocols."
"The solution’s pricing could be improved."
"Netflow - Processing Netflow can be cumbersome as it requires triggers to truly gain value and insight. This in turn can add a bit of load to the hardware. The focus of ExtraHop Reveal (x) is live packet data."
More ExtraHop Reveal(x) cons
"The reporting from Cognito Detect is very limited and doesn't give you too many options. If I want to prepare a customized report on a particular host, even though I see the data, I have to manually prepare the report. The reporting features that are built into the tool are not very helpful."
"We have had a few issues with the integration of Vectra AI with EDR. Some filters have not been working. We've also had issues with the brain not being powerful enough."
"I would like more integrations with IOCs and threats currently on the Internet. I would also like to know which threats are based on zero-day attacks, current botnets, etc. Therefore, I would like more information on external threats."
"ExtraHop has better features that seem more advantageous when compared to Vectra."
"You are always limited with visibility on the host due to the fact that it is a network based tool. It gives you visibility on certain elements of the attack path, but it doesn't necessarily give you visibility on everything. Specifically, the initial intrusion side of things that doesn't necessarily see the initial compromise. It doesn't see stuff that goes on the host, such as where scripts are run. Even though you are seeing traffic, it doesn't necessarily see the malicious payload. Therefore, it's very difficult for it to identify these type of host-driven complex attacks."
"One thing which I have found where there could be improvement is with regard to the architecture, a little bit: how the brains and sensors function. It needs more flexibility with regard to the brain. If there were some flexibility in that regard, that would be helpful, because changing the mode of the brain is complex. In some cases, the change is permanent. You cannot revert it."
"I'd like to be able to get granular reports and to be able to output them into formats that are customizable and more useful. The reporting GUI is lacking."
"What is most important for us is to have one place where we can manage a few brains because we are based on a zero-trust network. As a result, each customer needs to have a separate brain. For the SOC team, we need to have one place where the SOC analyst can go to visit the website and from that site manage all of the customers. Right now, Vectra AI doesn't have this capability, and I would really like to have this feature."
More Vectra AI cons
 

Pricing and Cost Advice

"I rate the price of ExtraHop Reveal(x) a seven on a scale of one to ten, where one is a high price, and ten is a low price."
"I would rate the price a three out of five. It could be less expensive."
"I rate ExtraHop Reveal(x) six out of 10 for affordability. We pay for an annual license. It's always one of those trade-offs. You get a lot of value, but ExtraHop isn't exorbitantly priced. You can pay extra for additional features like the ability to decode HL7 traffic, which is crucial for EMR environments."
"The solution is based on an annual subscription model and is expensive."
"Vectra's licensing model could scale to our research network, which has multiple, 100-gigabit links."
"The pricing and licensing are quite straightforward because they're based on the IP licenses. As a result, they are easy to count."
"Their licensing model is antiquated. I'm not a fan of their licensing model. We have to pay for licensing based on four different things. You have to pay based on the number of unique IPs, the number of logs that we send through Recall and Stream, and the size of our environment. They need to simplify their licensing down to just one thing. It should be based on the amount of data, the number of devices, or something else, but there should be just one thing for everything. That's what they need to base their licensing on. Cost-wise, they're not cheap. They were definitely the most expensive option, but you get what you pay for. They're not the cheapest option."
"Its cost is too much. It's an investment that we can afford. It's a lot, but it's worth it."
"The license is based on the concurrent IP addresses that it's investigating. We have 9,800 to 10,000 IP addresses."
"The solution is low-cost and affordable."
"It's relatively on the pricier side, but when compared to other solutions. It's not the most budget-friendly option, but it can be considered somewhat more cost-effective in comparison to other alternatives."
"There are additional features that can be purchased in addition to the standard licensing fee, such as Cognito Recall and Stream."
More Vectra AI pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Network Detection and Response (NDR) solutions are best for your needs.
See recommendations
793,295 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
16%
Computer Software Company
16%
Manufacturing Company
7%
Healthcare Company
6%
Computer Software Company
17%
Financial Services Firm
13%
Government
7%
Manufacturing Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What is the best network monitoring software for large enterprises?
We just did an assessment for our 47 datacenters around North America. The top two enterprise-level network monitoring solutions were ExtraHop first, Riverbed SteelCenter second. Their negotiated c...
See all answers
What open source tool can one use to measure bandwidth from one's upstream service provider?
One I am looking closely at is AppNeta. They have an appliance that can digest the flow and do a better job than Netflow. The other one we are using is ExtraHop. This has both a Datacenter Hig...
See all answers
What do you like most about ExtraHop Reveal(x)?
With ExtraHop Reveal(x), it gives me more visibility into the packets. It doesn't provide the entire packet capture, but it offers more information on how connections are made at the network layer....
See all answers
What is the biggest difference between Corelight and Vectra AI?
The two platforms take a fundamentally different approach to NDR. Corelight is limited to use cases that require the eventual forwarding of events and parsed data logs to a security team’s SIEM or ...
See all answers
What do you like most about Vectra AI?
The solution is currently used as a central threat detection and response system.
See all answers
What is your experience regarding pricing and costs for Vectra AI?
The licensing is on annual basis.
See all answers
 

Comparisons

Darktrace vs ExtraHop Reveal(x) Logo
Darktrace vs ExtraHop Reveal(x)
Compared 33% of the time
Corelight vs ExtraHop Reveal(x) Logo
Corelight vs ExtraHop Reveal(x)
Compared 15% of the time
Cisco Secure Network Analytics vs ExtraHop Reveal(x) Logo
Cisco Secure Network Analytics vs ExtraHop Reveal(x)
Compared 5% of the time
Arista NDR vs ExtraHop Reveal(x) Logo
Arista NDR vs ExtraHop Reveal(x)
Compared 5% of the time
ExtraHop Reveal(x) 360 vs ExtraHop Reveal(x) Logo
ExtraHop Reveal(x) 360 vs ExtraHop Reveal(x)
Compared 5% of the time
More ExtraHop Reveal(x) Competitors
Darktrace vs Vectra AI Logo
Darktrace vs Vectra AI
Compared 37% of the time
Cisco Secure Network Analytics vs Vectra AI Logo
Cisco Secure Network Analytics vs Vectra AI
Compared 7% of the time
Arista NDR vs Vectra AI Logo
Arista NDR vs Vectra AI
Compared 6% of the time
Corelight vs Vectra AI Logo
Corelight vs Vectra AI
Compared 4% of the time
Trend Micro Deep Discovery vs Vectra AI Logo
Trend Micro Deep Discovery vs Vectra AI
Compared 3% of the time
More Vectra AI Competitors
 

Product Reports

Buyer's Guide
ExtraHop Reveal(x)
July 2024
ExtraHop Reveal(x) reportDownload ExtraHop Reveal(x) product report
Buyer's Guide
Vectra AI
June 2024
Vectra AI reportDownload Vectra AI product report
 

Also Known As

Reveal(x), Revealx
Vectra Networks, Vectra AI NDR
 

Learn More

ExtraHop Networks
Vectra AI
 

Overview

ExtraHop Reveal(x) is a highly effective network traffic analysis (NTA) solution that leverages a cloud-native architecture to empower organizations to overcome a world filled with increasingly sophisticated threats. It identifies 25% more threats than its competitors. Additionally, organizations that employ Reveal(x) say they resolve issues 77% percent faster than they would if they were using other similar solutions.

ExtraHop Reveal(x) Benefits

Some of the ways that organizations can benefit by choosing to deploy ExtraHop Reveal(x) include:

  • Total network visibility. Reveal(x) gives users the ability to view every component of their network and devices connected to it in real time. It can automatically recognize and classify the devices that are communicating across an organization’s network. These devices are scanned by powerful decryption software that reveals hidden threats and the details of critical transactions without compromising privacy or compliance rules. Organizations are given full East-West visibility across both physical data centers and cloud environments. Threats that are on the periphery are brought to the attention of the administrators tasked with watching out for them.
  • Identify threats in real time. Reveal(x) extracts more than 5,000 features from the L2-L7 security layers at any given time, feeds them into its machine learning engine, and presents them to its rule-based detection feature. These features make it possible for the solution to identify the most severe threats. Users can conduct a threat triage and address the threats that their system detects in the order of severity that these threats represent.
  • Ease of use. Users of Reveal(x) can easily make full use of its event remediation features without expending long periods of time learning them. Its workflows are designed so that administrators can go from a security event to the cause of the event in only a couple of clicks. What would normally take hours can be completed in moments.

ExtraHop Reveal(x) Features

  • Integration suite. Reveal(x) enables users to utilize a robust suite of integrations. If users feel they are missing important capabilities, they can bolster their security feature toolbox with those offered by third-party solutions. Phantom, Splunk, and Palo Alto are three examples of solutions that Reveal(x) enables users to connect to in order to fill in a gap in their security capabilities.
  • Automated inventory. Reveal(x) automatically creates a detailed inventory of all of the devices that it discovers and classifies. This keeps an always up-to-date record of all of the devices that are communicating in a given network.

  • Machine learning. Reveal(x)’s real-time application analytics is driven by a machine learning engine. It detects anomalies in an organization’s network traffic, thus enabling users to keep ahead of any and all threats while reducing the number of false positives that administrators have to sort through.

Reviews from Real Users

ExtraHop Reveal(x) is a solution that stands out when compared to many other similar solutions. Two major advantages that it offers are its versatility and its ability to quickly identify the root cause of an application’s issues.

John B., the senior monitoring engineer at a financial services firm, says, “It's useful for different teams in our organization. The cybersecurity team uses it because it has got great analytics for anomaly detection, malware detection, and ransomware. It's used by the networking people because it's great to be able to get the three-way handshake between systems to see how your network is doing. The microservices for DNS use it because they like to be able to see how their DNS services are operating and how many DNS requests are being rejected, denied, or dropped. Application people love it because it fully decrypts their traffic.

Henry S., a systems engineer at LifePoint Health, writes, "When there are performance issues with an HTTP app, ExtraHop enables us to identify the causes within a few minutes. We can see what transactions are being impacted by something that may be happening within the server environment."

Vectra threat detection and response is a complete cybersecurity platform that collects, detects, and prioritizes security alerts. The Cognito platform for Network Detection and Response (NDR) detects and responds to attacks inside cloud, data center, Internet of Things, and enterprise networks. The platform also provides automated response capabilities for low-level threats and escalates more severe anomalies to security personnel.

Cognito captures data for multiple relevant sources and enriches it with context and security insights. It starts by deploying sensors across different networks in datacenters, IoT, or enterprise networks. The algorithm extracts relevant metadata from network and cloud traffic. The information can also be non-security information that can help investigation. 

The data is enriched with security context to support critical use cases, such as threat detection, investigation, hunting and compliance. The platform is machine learning-based, which enables it to adapt to any new and current threat scenario. It detects, clusters, prioritizes, and anticipates attacks by using identity and host-level enforcement. 

With the Vectra platform, a person can investigate 50 threats in just two hours. By prioritizing alerts and leveraging threat intelligence, it provides faster results.Vectra solves today’s security challenges for network detection and response. 

One of Vectra’s best features is the emphasis they put in pairing research and data science for security insights. It offers behavior codification with unsupervised, supervised, and deep learning models. 

The pricing is according to a subscription model with a free trial available.Vectra is available for Office 365, Azure AD and AWS Brain.

Features of Vectra AI

  • AI-based threat detection and response. 
  • Detects attacks in real time with behavior-based threat detection. 
  • Consolidates and correlates thousands of events, detecting threats. 
  • Enriches threat investigation with a chain of evidence and data science security insights. 
  • Machine learning techniques, including deep learning and neural networks. 
  • Gives visibility into cyberattackers and analyzes all network traffic. 
  • Continuous updates with new threat detection algorithms. 
  • Provides encryption at rest and in transit. For the AWS version, it offers AES-256 encryption via AWS Key Management Service. 
  • Guaranteed availability according to the SLA of the service selected. 
  • Does not connect to public sector networks. 

Benefits of Vectra AI

  • Behavioral models use AI to find unknown attackers. 
  • Context increases the accuracy of threat hunting. 
  • Allows for proactive action by prioritizing the most relevant information. 
  • Provides a clear picture and extensive context for investigations. 
  • Aids decision-making in the incident response process. 
  • Helps working with large datasets by capturing metadata at scale. 
  • Automates time-consuming analysis. 
  • Reduces the security analysts’ workloads on threat investigations. 

Other advantages of Vectra services include that they can be deployed in the public, private, or hybrid cloud. Support is available via email or online ticketing with an average of 4 hours of response. Phone support is available 24/7. 

Vectra provides full on-site and online training and documentation. Regarding the user interface, it supports several types of web browsers, such as Internet Explorer, Microsoft Edge, Firefox, Chrome, Safari and Opera. However, it is not available for mobile devices.

Reviews from Real Users

Here’s what PeerSpot users of Vectra AI have to say about it:

"One of the core features is that Vectra AI triages threats and correlates them with compromised host devices. From a visibility perspective, we can better track the threat across the network. Instead of us potentially finding one device that has been impacted without Vectra AI, it will give us the visibility of everywhere that threat went. Therefore, visibility has increased for us." - Dave W., Operations Manager at a healthcare company

"It does a reliable job of parsing out the logs of all the network traffic so that we can ingest them into our SIEM and utilize them for threat hunting and case investigations. It is pretty robust and reliable. The administration time that we spend maintaining it or troubleshooting it is very low.” - T.S., Senior Security Engineer at a manufacturing company

 

Sample Customers

Wood County Hospital
Tribune Media Group, Barry University, Aruba Networks, Good Technology, Riverbed, Santa Clara University, Securities Exchange, Tri-State Generation and Transmission Association
Buyer's Guide
ExtraHop Reveal(x) vs. Vectra AI
June 2024
Free Report: ExtraHop Reveal(x) vs. Vectra AI
Find out what your peers are saying about ExtraHop Reveal(x) vs. Vectra AI and other solutions. Updated: June 2024.
DOWNLOAD NOW
793,295 professionals have used our research since 2012.
See our ExtraHop Reveal(x) vs. Vectra AI report.
See our list of best Network Detection and Response (NDR) vendors.

We monitor all Network Detection and Response (NDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.