We compared Vectra AI and Darktrace based on our users reviews in five parameters. After reading the collected data, you can find our conclusion below:
Comparison Results: In comparing Vectra AI to Darktrace, there are notable distinctions. Vectra AI is praised for its easy setup process, strong ability to detect anomalies, and effective noise reduction feature. However, there is room for improvement in terms of reporting capabilities and software upgrades. On the other hand, Darktrace's setup experiences vary, but it offers exceptional network protection and efficient pattern detection using AI. Suggestions include streamlining the configuration process and making the pricing more affordable. While Darktrace is pricier, it yields positive returns on investment. Customer service and support are generally well-regarded for both solutions, although a few mixed reviews exist.
"It is a stable solution without downtime."
"Darktrace is very useful for us because it has a large number of models for detecting threats."
"Technical support is helpful and responsive."
"I have used multiple solutions, but its graphical user interface is quite interesting and quite descriptive. There are a lot of video animations, and we can easily see how the data is transferred between various points. That's something really interesting. It is also quite easy to understand for a new user."
"Darktrace is extremely stable."
"The platform has many modules, and each module examines a different situation in the behavior."
"Its most valuable feature is its ability to identify malicious connected IPs from outside and the attacks that get through to the inside."
"Darktrace is very flexible."
"It's easy to manage, and I love the UX. It's very well designed. When we are looking for something, it's quite easy to find it."
"The dashboard gives me a scoring system that allows me to prioritize things that I should look at. I may not necessarily care so much about one event, whereas if I have a single botnet detection or a brute force attack, I really want to get on top of those."
"It is doing some artificial intelligence. If it sees a server doing a lot of things, then it will assume that is normal. So, it is looking for anomalous behavior, things that are out of context which helps us reduce time. Therefore, we don't have to look in all the logs. We just wait for Vectra to say, "This one is behaving strange," then we can investigate that part."
"The biggest feature for us, because we are heavy Microsoft users, is its integration with Office 365. On top of Vectra AI, we use all of the Microsoft security platforms, such as Defender ATP and Sentinel. Having full integration and a central platform to look at all of the threats that are coming through from the different platforms is a huge benefit for us."
"It provides various dashboards that facilitate the identification of connections and can detect data exfiltration, meaning data sent from your environment to another."
"One of the most valuable features of the platform is its ability to provide you with aggregated risk scores based on impact and certainty of threats being detected. This is both applied to individual and host detections. This is important because it enables us to use this platform to prioritize the most likely imminent threats. So, it reduces alert fatigue follow ups for security operation center analysts. It also provides us with an ability to prioritize limited resources."
"The packet-capturing feature is very useful."
"One of the key advantages for us is we define a 24/7 service around it. We use far more of Vectra alerts than we do with our SIEM product because we understand that when we get an alert from Vectra we actually need to do something about it."
"Darktrace needs to automate the reports of false positives, botnets and everything."
"I think there is some MSSP missing."
"The solution can improve the reporting."
"Its documentation is not up to the mark. At times, I have a lot of trouble finding a solution. Even when I posted questions on the community chats, it took a lot of time for me to get answers. That's something that can be improved. Darktrace can focus on creating a more interactive community. If there are more people from Darktrace to focus on community chats, it would be better."
"I did not use the AI features because they should make it more user-friendly which would be a benefit. Additionally, the solution could integrate with more SIEM or SOAR tools."
"This product needs more in terms of prevention. The detection capabilities work well but once a threat has been detected, Darktrace should work to prevent it from doing anything malicious."
"The dashboard and reporting for this solution could be improved as it is currently complex. The GUI for this solution could also be improved."
"The cost is a bit on the higher side."
"Some of their integrations with other sources of data, like external threat feeds, took a bit more work than I had hoped to get integrated."
"I would like to see data processed onshore. Right now, the cloud components, like Office 365, must be processed on servers outside of Australia. I would like to see a future adoption of onshore processing."
"We have a lot of system solutions and integrations with system solutions. Vectra is a type of black box. It implements AI-informed detection mechanisms, but we cannot create system detections. I understand that the product is designed this way, but it would be great if we could create our own detections as well."
"They use a proprietary logging format that is probably 90% similar to Bro Logs. Their biggest area of improvement is finishing out the remaining 10%. That 10% might not be beneficial to their ML engine, but that's fine. The industry standard is Zeek Logs or Bro Logs, or Bro or Zeek, depending on how old you are. While they have 90% of those fields, they're still missing some fields. In very rare instances, some community rules do not have the fields that they need, and we had to modify community rules for our logs. So, their biggest area of improvement would be to just finish their matching of the Zeek standard."
"The false positives and the tuning side of it is something that could use improvement. But that could be from our side."
"Vectra Recall could be utilized much more, and I'm seeing some indications of that today with the investigative components. I use the Visualize feature to visualize components and dashboards a lot. I'm interested in new ways to build automated searches or having them leveraged already from Vectra."
"We have had a few issues with the integration of Vectra AI with EDR. Some filters have not been working. We've also had issues with the brain not being powerful enough."
"The reporting from Cognito Detect is very limited and doesn't give you too many options. If I want to prepare a customized report on a particular host, even though I see the data, I have to manually prepare the report. The reporting features that are built into the tool are not very helpful."
Darktrace is ranked 1st in Intrusion Detection and Prevention Software (IDPS) with 65 reviews while Vectra AI is ranked 2nd in Intrusion Detection and Prevention Software (IDPS) with 41 reviews. Darktrace is rated 8.2, while Vectra AI is rated 8.6. The top reviewer of Darktrace writes "Great autonomous support, offers an easy setup, and has responsive support". On the other hand, the top reviewer of Vectra AI writes "Integrates well with other security solutions and provides good technical support". Darktrace is most compared with CrowdStrike Falcon, SentinelOne Singularity Complete, Cortex XDR by Palo Alto Networks, Cisco Secure Network Analytics and ExtraHop Reveal(x), whereas Vectra AI is most compared with ExtraHop Reveal(x), Cisco Secure Network Analytics, Arista NDR, Corelight and Trend Micro Deep Discovery. See our Darktrace vs. Vectra AI report.
See our list of best Intrusion Detection and Prevention Software (IDPS) vendors, best Network Traffic Analysis (NTA) vendors, and best Network Detection and Response (NDR) vendors.
We monitor all Intrusion Detection and Prevention Software (IDPS) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
CylancePROTECT is AI-powered endpoint protection that will scan your endpoint devices with AI and Machine Learning security. It does not work with traditional signature-based protection and will cover your endpoints against the latest malware and event Potential Unwanted Programs. We are also a Darktrace partner and if interested we can demo both Cyber Security solutions to your company. If you are interested in more information about CylancePROTECT and Darktrace and would like to run a free POC, please contact me at cj@groveis.com.
Raffael Marty, Vice President, Forcepoint Research and Intelligence, said: "There is no artificial intelligence in the field of information security, and it is unlikely to be developed in 2019." Most of unsupervised machine learning-based network anomaly detection solution does not provide why the anomaly has been aroused and whether the anomaly is malicious or not. Most of such solution's pricing model is based on number of endpoints but I prefer to have flat fee subscription-based.
The most important thing to get traction is your business approach and some kind of openness for 3rd parties. NOBODY needs "fancy Dashboards"!
Most of the known vendors like Darktrace is extremely "sales offensive" and they don't have a clear sales strategy (direct or channel). A free POV (30days) is a common approach to attract new customers, but the outcome is not really important. It says nothing about the PAINS on the customer site.
Know your competitors!!!! There are many AI CyberSec Startups and Technologies - 99% are using "Machine Learning" what needs more time to the realtime reaction in critical phases. Preferred is Deep Learning like DeepInstinct offers.
Pricing Model per IP´s is pretty usual - but you need flexibility.
Thank you I’m not really interested in being sold to. I’m asking about what works, what doesn’t and pricing models. I don’t want any demos.
Thank you for your comments...what if the malware does not present as anomalous?
We are an Endpoint focused firm represented a Pyramid of EP based protection services (email & web filter, coupled with EP protection, cyber insurance and dark web monitoring). Our key AI product offering is Cylance, world class in it's ability to protect you where over 95% of all hacks occur, the End Point. Cylance is typically sold as a manged service due to some of the complexities of tailoring the product to fit your business needs. Typically the service is price per EP, per month.
Thank you, I am familiar with Darktrace and really like the product. I'd like to know your thoughts on additional features and pricing preferences.
In my opinion, the best response always comes from the source. I have many contacts at Darktrace that can precisely answer these and other questions. Please let me know if you would like me to arrange for a scheduled call.