What is our primary use case?
From our research network in Sweden, we use it to communicate to and from the Internet. The deployment is on our Internet-facing services. We facilitate monitoring for universities who need this as well.
One of the biggest challenges facing us today is data growth and the continual diversification of the IT landscape. It is a very heterogeneous model, where you have on-premises, hybrid, and cloud solutions, as well as service providers, where everything is communicating back and forth towards each other.
We just have one SOC in Sweden.
How has it helped my organization?
It keeps up with the network traffic, which is a good thing. It provides more context to plain alerts compared to using an older system. So, it helps an analyst reduce the information overload.
Vectra AI triages threats and correlates them with the compromised host device. That is how the functionality works. It helps us prioritize which hosts to look into.
What is most valuable?
It works over the hours when an analyst is not available, so the work keeps going. It can help you prioritize certain traffic patterns and things that you need to handle.
It is a good system that goes hand in hand for both junior and senior analysts. I see it as a nice add-on there.
What needs improvement?
I would like more integrations with IOCs and threats currently on the Internet. I would also like to know which threats are based on zero-day attacks, current botnets, etc. Therefore, I would like more information on external threats.
For how long have I used the solution?
We have been using it for evaluation and collaboration together with our customers for the past two years. We have had it in our own production environment for half a year.
What do I think about the stability of the solution?
We haven't had any major disruptions. We had one hardware error after delivery, but that was taken care of.
Not much maintenance is needed.
What do I think about the scalability of the solution?
It scales nicely since they separate the sensor node from the brain node.
You can scale up to sensors and separate the architecture as you grow. So, you can define your initial steps first. then have a more mature hardware later on.
We are a team of less than 10 people. We have network engineers, security analysts, incident handlers, and operators. We have a broad team.
How are customer service and support?
We have only had direct contact with the customer success team, and that has been great.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
We previously used open-source SIEM models. We switched to Vectra AI to help with the automation of alerts.
How was the initial setup?
The initial setup was fairly straightforward.
The deployment was done over the pilot phase. We changed the links and aggregation a bit on the networking side, but the work was fairly quick.
What about the implementation team?
We had a good dialogue with Vectra regarding the initial setup.
What was our ROI?
After deploying Vectra AI in our network, it began to add value to our security operations within a week.
We have not yet seen ROI, but we are growing our usage. We need to offload at least one analyst or have it do the work of a couple of analysts over time.
What's my experience with pricing, setup cost, and licensing?
We had a pricing meeting for the solution, where we set up a certain set of requirements that Vectra could fit on both price and quality.
Which other solutions did I evaluate?
We evaluated three or four different solutions.
Vectra's licensing model could scale to our research network, which has multiple, 100-gigabit links. Other competitors could not scale that for us.
What other advice do I have?
Set up specific threat scenarios that you are looking into, then monitor and evaluate on that. For example, it could be a botnet or certain user behavior. Also, the solution works best within an enterprise.
We are currently evaluating upgrading our SIEM and EDR technologies. When we extend our scope of the traffic that we are monitoring, Vectra AI will possibly enable us to do things that we could not do before, which would be a nice side effect.
There are still quite a lot of alarms coming in. It helps to reduce the amount of alerts that an older IDS-based system would have had. While there are still a lot of alarms, there are less alarms than the traditional IDS.
I would rate the solution as nine out of 10.
Which deployment model are you using for this solution?
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.