2020-01-05T07:29:00Z

What is your primary use case for Vectra AI?

Miriam Tover - PeerSpot reviewer
  • 0
  • 153
PeerSpot user
Get the report
Helped 765,386 peers since 2012
35

35 Answers

Sajid Mukhtar - PeerSpot reviewer
Real User
Top 10
2023-09-11T09:17:00Z
Sep 11, 2023

This tool operates on machine learning principles, utilizing its own AI-based models and rules to detect activity within your environment. Initially, Vectra AI observes and monitors your organization's behavior for a two-week period, identifying legitimate services operating within your environment. Once it completes this monitoring phase and detects all services, it begins to assign certainty and severity levels to the network traffic it observes.

Search for a product comparison
Dan Jeske - PeerSpot reviewer
Reseller
Top 5
2023-08-11T14:37:00Z
Aug 11, 2023

We've introduced Vectra AI to our clients and had it in proof of concepts with other technologies like Darktrace for network detection and response.

Atakan Oztuna - PeerSpot reviewer
Reseller
Top 10
2023-08-04T12:13:00Z
Aug 4, 2023

Our primary focus lies in identifying weaknesses to address customer concerns regarding visibility into network operations. This is especially crucial due to the presence of various managed devices within the network. Detecting and managing these devices and enhancing visibility is done by Vectra AI. It also has the capability to detect potential threats and correlate diverse events that occur on the network. Hackers often target systems from different domains, requiring cross-domain correlation. Net NDR solutions, particularly Vectra, excel in fulfilling these needs using AI-driven algorithms. Over time, these algorithms learn from the data, aiding in automatic post-event analysis.

GW
Real User
Top 20
2023-05-29T11:46:00Z
May 29, 2023

We use it as our internal network monitoring solution.

CF
Consultant
Top 20
2023-03-07T08:55:00Z
Mar 7, 2023

Our company is in the retail arena, and we have stores, warehouses, and a data center. Right now, we're using Vectra AI in our offices and the data center. The major issue we had was that we were completely blind inside our data center in terms of seeing what traffic we had. Our main focus with Vectra AI was to see what's happening inside the data center through virtual sensors. We're going to expand it to include our stores because the franchisees requested that we monitor the networks in all of the stores. Every shop in our company is a franchise, and they can do whatever they want to in their shops. We won't have any idea as to what's on the network in the shops. By using Vectra AI, we will have visibility into the network. We have started the proof of concept for our warehouses as well.

PL
Real User
Top 20
2023-03-07T08:55:00Z
Mar 7, 2023

I'm a SOC analyst, and I use Vectra AI to detect and respond to security incidents. My team manages the critical detections, and another team takes the low-priority detections. They also use Vectra to hunt for the system root.

Learn what your peers think about Vectra AI. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.
Przemyslaw Cichochki - PeerSpot reviewer
Real User
Top 10
2023-03-07T08:53:00Z
Mar 7, 2023

We wanted to have an additional layer of protection. We have the standard IDSs and were looking for solutions that provide additional security features. We are still in the deployment phase and hope to be in production mode soon.

HB
Real User
Top 20
2023-03-07T08:53:00Z
Mar 7, 2023

We use Vectra AI mainly for presentations.

AT
Real User
Top 20
2023-03-07T08:51:00Z
Mar 7, 2023

We have a basic Vectra environment because we mainly only use the NDR for the solution's options. We do mainly filled logins, anomalies, and network flow monitoring.

NK
Real User
Top 20
2023-03-07T08:51:00Z
Mar 7, 2023

Our primary use case for this solution is for security policy and to detect potential attacks on our networks.

Tony Whelton - PeerSpot reviewer
Real User
Top 10
2023-03-07T08:49:00Z
Mar 7, 2023

As a sector, the education industry as a whole is under threat with quite a large volume of immediate threat offenders. We've seen numerous attacks coming through brute force or DDoS. The amount of ransomware and phishing attacks is on the rise compared to that of five years ago, for instance. I see regular threat campaigns from numerous actors around the world. Our main use case is to have Vectra AI as an addition to our security team. We have a large campus with 1,100 boarding students and about 600 staff on top of that. However, my security team only comprises myself and one other person. Being able to detect security threats in real-time and, more importantly, being able to get rid of the noise is very important to me. That is, getting rid of the false positives and just focusing on the actual high threats that we see coming through is a great benefit for us.

RM
Real User
Top 20
2023-03-07T08:49:00Z
Mar 7, 2023

We use Vectra AI to detect incidents because we have offices in 50 countries and 30 to 40 sensors around the world. We want to be able to have a sensor or a foothold in as many offices as possible, and Vectra AI helps us achieve that goal.

MG
Real User
Top 20
2023-03-07T08:47:00Z
Mar 7, 2023

We need to move our whole data traffic over the core switches. We also want to secure our network and have it integrated into our vCenter and into our Active Directory. We have 18,000 IP addresses, and in Recall, we have uploads from about 250 GB per day.

ML
MSP
Top 20
2023-03-07T08:45:00Z
Mar 7, 2023

I work as an analyst who determines how our services should be built and integrated. We use Vectra to address a lack of visibility in our client environments. The tool has the potential to solve problems in a few areas, with new features on the way. We're exploring ways to build our services on top of the Vectra platform. We are considering the various integration options and how we can build a solid portfolio using this suite of products in future services. We have other tools like Palo Alto, and we hope to leverage our services on other platforms. There are several internal integration challenges that we need to examine.

SA
Real User
Top 20
2023-03-06T12:59:00Z
Mar 6, 2023

Our primary use case for this solution is network traffic analysis. When we initially launched the solution, it gave us more detection compared to what we had before, but we needed more details in the field. However, once we added the Cognito feature, Vectra AI became an important solution in our environment. We now use it as a complete cybersecurity platform for detection, analysis, and referring security alerts. Vectra AI is the best. It is a major product in our cybersecurity.

AS
Real User
Top 20
2023-03-06T12:57:00Z
Mar 6, 2023

Our primary use cases for this solution are detection and then investigation afterward.

MB
Real User
Top 20
2023-03-06T10:54:00Z
Mar 6, 2023

We wanted something to understand what's happening on the network of the company, and we wanted something to protect us against attacks and cyber activities. We wanted visibility into our network and all the threats that we're facing.

PV
Real User
Top 20
2023-03-06T10:54:00Z
Mar 6, 2023

We started with it as a replacement for the functionality we had in our SIEM solution. We mainly wanted a detection metric and something that was smart enough to detect some of the more complex attacks because we can have flow data and do nothing with it. We wanted to have some strong alerting capabilities on that. We were looking to get a detailed attack and AI perspective on it. We didn't want something that only sees something as malicious and can alert on it but also detect things that are a little bit out of the ordinary, which was something we could get with this.

FU
Real User
Top 20
2022-11-16T12:14:00Z
Nov 16, 2022

Vectra AI is an NDR tool, and my company is using it for security and insider threat detection purposes.

AG
Real User
Top 20
2022-10-06T18:19:00Z
Oct 6, 2022

The key challenge we face is visibility, things that happen in isolated and pocketed environments where visibility is limited. Silos and isolated networks exist across the environment, and it's difficult to control it completely. Blind spots are the main challenges.

FH
Real User
2021-10-14T20:04:00Z
Oct 14, 2021

Our key challenges are: * People Management: It is always a struggle to coordinate the few people that we have with the necessary skills to put them on the most important topics or projects. * Cloud adoption complexity: You need to figure out which systems, applications, and interfaces are talking to which cloud component in terms of data flow. That is a rather complex topic and usually sold well by the external supplier in terms of marketing to a company. Practically speaking, it is very difficult to elaborate all the connection requirements, on-prem to cloud, cloud to cloud, e.g., what is running where, what should run, and what is not running as it should. Cognito Platform: We are using the latest on-premises version and some of the cloud services too. We are mainly operating out of Switzerland. The IT Departments are based in our headquarters. We have a large network with a lot of points of sales and other geographical locations that are interconnected. We need visibility of all the client-initiated traffic to and from our main data centers and to the Internet. We have good network coverage. Vectra is deployed on different hotspots in our network.

TS
Real User
2021-07-01T16:53:00Z
Jul 1, 2021

In terms of deployment, we have one brain and seven physical sensors. We're currently working on deploying a large number of virtual sensors, but those aren't done yet. We also have a SIEM and an EDR.

PR
Real User
2021-05-19T13:11:00Z
May 19, 2021

We use Cognito. The biggest challenge we face in protecting the organization against cyber attacks is mean time to detection, operating from a position of an assumed breach. Then being able to detect breaches or malicious traffic within the environment as quickly as possible to reduce dwell time. We have a small environment with only 300 users. It's very technically focused given the market that we operate in. There are two data centers, four offices, a small IT and security team. Cognito allows us to make the best investment for the most return, given we don't have dedicated SOC analysts looking at a SIEM environment.

BV
Real User
2020-10-29T10:12:00Z
Oct 29, 2020

We use it to monitor what is happening on our network, especially to protect our network from malicious activity. We also have the sensor into Office 365, so we can also monitor everything that is happening in there. At the moment, we use it to monitor all our endpoints.

SW
Real User
2020-10-21T04:34:00Z
Oct 21, 2020

Vectra was deployed to give us a view of what is happening on the user network. It helps us to check what is being done by users, if that is compliant with our policies, and if what they're doing is dangerous. It covers cyber security stuff, such as detecting bad proxies, malware infections, and using packet defense on strange behaviors, but it can also be used to help with the assessment of compliance and how my policies will apply. We also use Vectra to administer servers and for accessing restricted networks. There are on-prem modules, which are called Cognito Detect, the NDR/IDS solution, which captures traffic. We also have the SaaS data lake, and we also have the Cognito Detect for Office 365, which is a SaaS-type sensor within the O365 cloud.

MH
Real User
2020-07-26T08:19:00Z
Jul 26, 2020

Vectra AI sits across our entire estate, we have an outsource provider for a lot of our backend systems. It sits in theirs and it sits in our own estates. It's deployed across our other numerous offices across the country. It sits across our entire state.

JM
Real User
2020-06-03T06:54:00Z
Jun 3, 2020

The Detect platform that we have is on-prem. We have what's called "the brain", then we have sensors placed in different key/strategic areas in the organization. It is helping us do a lot of the monitoring. We also have some SaaS offerings from the Recall platform, which look at some of the metadata, etc. If we were doing things like incident response, it gives us a bit more granular type of information to query. However, the Cognito Detect platform is all on-prem. We are using the latest version.

ZM
Real User
2020-05-28T06:26:00Z
May 28, 2020

We use it as an intrusion detection system to monitor traffic that's going on within our network.

EW
Real User
2020-05-27T08:03:00Z
May 27, 2020

One of the reasons we went with this solution was because there is less that we have to customize; it's more commercial off the shelf. Therefore, my team can spend their time doing what's most beneficial for the university, which is protecting it, not upgrading custom software. We use it to inspect and look for malicious, abusive, or other types of forbidden behavior with our north-south and east-west traffic. We not only look at traffic from our campus to the Internet, but we look at traffic internally in our network as it does network AI. It not only looks when a specific event happens, but whether, "Is this a normal event? Or is it normal for the host to do that?"

MD
Real User
2020-05-13T09:16:00Z
May 13, 2020

We use Vectra AI to sniff the network using Ixia taps so that we can identify potentially malicious activity on the network and at all points of the kill chain. What it's really good at is correlating seemingly unrelated events. It's in our data center, but the versioning is controlled by Vectra. They push it out discreetly so I don't have any touch on that.

JV
Real User
2020-04-30T10:58:00Z
Apr 30, 2020

We have two use cases. The first is that Vectra's platform allows us to get visibility into anomalous behavior, which, previously, we never really had access to, for threat hunting and incident response. We use it in support of our incident response operations to help supplement our investigations on hosts. We use it to correlate any suspicious activities, which is something that Vectra has been extremely accurate in, when used the right way. The second use case is that we've used the Vectra Cognito Recall and Cognito Stream devices. With these integrations, it's given us instant visibility into all the network data as well. That enables us to conduct our own hunts on our network data, data you'd see on a SIEM solution. It also gives us the ability to correlate with our playbooks because it gives us access to the data itself in much more depth and detail.

AG
Real User
Top 20
2020-03-04T08:49:00Z
Mar 4, 2020

Our main intention was to see what type of visibility, in terms of detections, Vectra could give us. We use it on both our manufacturing perimeter and at the internet perimeter. That's where we have placed the devices. We have placed it across four sites, two in UAE and two outside UAE.

SR
Real User
2020-02-25T06:59:00Z
Feb 25, 2020

We use Vectra with the assumption that our other defensive controls are not working. We rely on it to be able to detect anomalous activities on our network and trigger investigation activities. It's a line of detection assuming that a breach occurred or has been successful in some way. That's our primary use case. We have it in some of other use cases, like anomalous network activity and detection for things. E.g., we are trying to refine or improve suspicious internal behaviours because we are a development technology company. We have developers doing suspicious things all the time. Therefore, we use it to help us identify when they are not behaving correctly and improve our best practices. We have it predominantly on-prem, which is a combination of physical and virtual sensors. We also have a very minor element on the cloud where we are trialing a couple of components that are not fully deployed. For the cloud deployment, we are using Azure. We are on the latest version of Cognito.

RM
Real User
2020-01-12T07:22:00Z
Jan 12, 2020

The original use case was because we had some legacy stuff that doesn't do encryption at rest. Compliancy-wise, we had to put in some additional mitigating actions to protect it. That was the start of it. Then, we extended it to check other devices/servers within our network as well. We are on the latest version.

LW
Real User
2020-01-05T07:29:00Z
Jan 5, 2020

One of the biggest things is the visibility of stopping or identifying any infection as soon as possible. In this case, if someone downloads something malicious to their workstation, we have a number of controls in place. However, it wasn't so much the endpoint. It was the spreading of a worm type scenario or a WannaCry type thing. Anything that could potentially spread after the initial infection, which is where we wanted to come in and get that visibility. It was key for us to have something that we could use for identifying as soon as possible, which would be call center initiated. That was probably our biggest thing: To push it in that direction, as we're a regulated company from the FCA. They drive us continually for improvement and behavioral analysis. Network analysis sort of falls into that bucket. We already have a SIEM, which some people would argue gives us a lot of that visibility. It doesn't tend to give it the focus that we need. From Vectra, we get a lot of alerts of, "This is happening," or, "This is unusual." This is a lot easier than waiting for a couple of logs to come in, then a bit of AI logic at the back of it to potentially push it in that direction. It's very much for us to get a view of a potential attack, then deal with it as quickly as possible. To pinpoint where it's coming from, and where it is going to go. One of the biggest things that I wanted to ensure is that it covered our call centers because that is where I see my biggest risk. So, I was really key on getting sensors across all geographic locations within the UK and in all of our small communication rooms. It is all on-premise. We have a number of call centers spread around the UK. We look at all east-west traffic, as well as north-south. It all goes into our brain in our data center. We do have some branches out in Azure, but we're waiting on the new plugin that they are trying to develop. We are just starting in on our cloud journey and most of our infrastructure is in still private cloud. We haven't really gotten to the point where we have public cloud. We're up-to-date, but I don't know the exact version number that we are on.

Vectra threat detection and response is a complete cybersecurity platform that collects, detects, and prioritizes security alerts. The Cognito platform for Network Detection and Response (NDR) detects and responds to attacks inside cloud, data center, Internet of Things, and enterprise networks. The platform also provides automated response capabilities for low-level threats and escalates more severe anomalies to security personnel. Cognito captures data for multiple relevant sources and...
Download Vectra AI ReportRead more