Vectra AI Pros
DW
Dave Wallace
Operations Manager at a healthcare company with 51-200 employees
One of the core features is that Vectra AI triages threats and correlates them with compromised host devices. From a visibility perspective, we can better track the threat across the network. Instead of us potentially finding one device that has been impacted without Vectra AI, it will give us the visibility of everywhere that threat went. Therefore, visibility has increased for us.
View full review »AG
reviewer1302852
Sr. Specialist - Enterprise Security at a mining and metals company with 5,001-10,000 employees
The most useful feature is the anomaly detection because it's not signature-based. It picks up the initial part of any attack, like the recon and those aspects of the kill chain, very well.
View full review »TS
Reviewer92641
Senior Security Engineer at a manufacturing company with 10,001+ employees
It does a reliable job of parsing out the logs of all the network traffic so that we can ingest them into our SIEM and utilize them for threat hunting and case investigations. It is pretty robust and reliable. The administration time that we spend maintaining it or troubleshooting it is very low. So, the labor hour overhead is probably our largest benefit from it. We spend 99% of our time in Vectra investigating cases, responding to incidents, or hunting, and only around 1% of our time is spent patching, troubleshooting, or doing anything else. That's our largest benefit from Vectra.
View full review »Buyer's Guide
Vectra AI
May 2023

Learn what your peers think about Vectra AI. Get advice and tips from experienced pros sharing their opinions. Updated: May 2023.
706,775 professionals have used our research since 2012.
FH
reviewer1693914
Head of IT Security, Acting CISO at a retailer with 10,001+ employees
Cognito Streams gives you a detailed view of what happens in the network in the form of rich metadata. It is just a super easy way to capture network traffic for important protocols, giving us an advantage. This is very helpful on a day-to-day basis.
View full review »PV
reviewer2119917
Security at a financial services firm with 201-500 employees
One of the things that we didn't expect to happen was that our network team also jumped on it faster than we thought. In most cases, if it's a security tool that's working on the network part, they can also use it to find out certain flaws that have been in the system. Certain flaws, related to some legacy stuff, were already there for quite a few years, which they couldn't explain at first, but we could explain them based on the timing of certain things.
View full review »ML
reviewer2036466
Product Owner NDR at a tech vendor with 201-500 employees
The core product provides excellent visibility, but my favorite feature is Vectra Recall.
View full review »CF
reviewer2120748
Cybersecurity Consultant at a tech services company with 201-500 employees
We discovered a lot of things in our network and are correcting several misconfigurations. We are learning how some apps work together and how some things shouldn't happen. It's also easier for us to identify the source of a brute force, whereas before, we didn't even know we had a brute force.
View full review »The biggest feature for us, because we are heavy Microsoft users, is its integration with Office 365. On top of Vectra AI, we use all of the Microsoft security platforms, such as Defender ATP and Sentinel. Having full integration and a central platform to look at all of the threats that are coming through from the different platforms is a huge benefit for us.
View full review »PR
reviewer1580838
Head of Information Security at a financial services firm with 51-200 employees
The administrative privilege detection feature is the most valuable feature. The admin accounts are often highly accessible to the high-risk component of the environment. If those accounts are compromised or are being used in a suspicious manner, that's high-fidelity events for us to look into.
View full review »MB
Martin Bruno
CIO at General Transmissions
The automatic filtering that they provide is valuable. The logic inside that makes some detections instead of us is very useful. We are confident that if we are just looking into it and there is nothing, nothing could happen.
View full review »Vectra AI Cons
DW
Dave Wallace
Operations Manager at a healthcare company with 51-200 employees
I would like to see data processed onshore. Right now, the cloud components, like Office 365, must be processed on servers outside of Australia. I would like to see a future adoption of onshore processing.
View full review »AG
reviewer1302852
Sr. Specialist - Enterprise Security at a mining and metals company with 5,001-10,000 employees
The reporting from Cognito Detect is very limited and doesn't give you too many options. If I want to prepare a customized report on a particular host, even though I see the data, I have to manually prepare the report. The reporting features that are built into the tool are not very helpful.
View full review »TS
Reviewer92641
Senior Security Engineer at a manufacturing company with 10,001+ employees
They use a proprietary logging format that is probably 90% similar to Bro Logs. Their biggest area of improvement is finishing out the remaining 10%. That 10% might not be beneficial to their ML engine, but that's fine. The industry standard is Zeek Logs or Bro Logs, or Bro or Zeek, depending on how old you are. While they have 90% of those fields, they're still missing some fields. In very rare instances, some community rules do not have the fields that they need, and we had to modify community rules for our logs. So, their biggest area of improvement would be to just finish their matching of the Zeek standard.
View full review »Buyer's Guide
Vectra AI
May 2023

Learn what your peers think about Vectra AI. Get advice and tips from experienced pros sharing their opinions. Updated: May 2023.
706,775 professionals have used our research since 2012.
FH
reviewer1693914
Head of IT Security, Acting CISO at a retailer with 10,001+ employees
If you hit a certain number of rules, triage filters, or groups, the UX responds more slowly. However, we have a complex network and a lot of rules. So, our setup might not be a typical implementation example. We even had UX engineers onsite, and they looked at issues, improvements, and user feedback. Since then, it has gotten a lot better, they even built in features that we specifically requested for our company.
View full review »PV
reviewer2119917
Security at a financial services firm with 201-500 employees
One of the things that we are missing a bit is the capability to add our own rules to it. At the moment, the tech engine does its thing, but we have some cool ideas to make additional rules. There should be an option in the platform to add custom rules, or there should be some kind of user group where we can suggest them for the roadmap and see if they get evaluated and get transparent communication on whether they will be implemented in the product or not.
View full review »ML
reviewer2036466
Product Owner NDR at a tech vendor with 201-500 employees
Vectra Recall could be utilized much more, and I'm seeing some indications of that today with the investigative components. I use the Visualize feature to visualize components and dashboards a lot. I'm interested in new ways to build automated searches or having them leveraged already from Vectra.
View full review »CF
reviewer2120748
Cybersecurity Consultant at a tech services company with 201-500 employees
We have had a few issues with the integration of Vectra AI with EDR. Some filters have not been working. We've also had issues with the brain not being powerful enough.
View full review »In education as a sector, we are looking at AI a lot in terms of how it can be used as part of the teaching and learning side of things. It would be great to have Vectra AI look at a better way to enhance the security posture related to the AI tools in our portfolio.
View full review »PR
reviewer1580838
Head of Information Security at a financial services firm with 51-200 employees
Integration with other security components needs improvement. It should have true integration as opposed to just being a separate pane of glass.
View full review »MB
Martin Bruno
CIO at General Transmissions
We are using SMB 3.0, which is an encrypted protocol. When we get some alerts or something, we cannot go deep into the protocol to see what's wrong because it's encrypted. We need to decrypt the protocol in another way, which is quite difficult. We might go back to SMB 2.0 just for this reason, but that's not a good solution.
View full review »Buyer's Guide
Vectra AI
May 2023

Learn what your peers think about Vectra AI. Get advice and tips from experienced pros sharing their opinions. Updated: May 2023.
706,775 professionals have used our research since 2012.