We compared Vectra AI and ExtraHop Reveal(x) based on our user's reviews in 4 parameters. After reading all of the collected data, you can find our conclusion below.
Vectra AI excels in customer service, advanced threat detection, and competitive pricing. User feedback on ExtraHop Reveal(x) highlights robust network visibility, intuitive user interface, and highly regarded customer support. Vectra AI users appreciate the affordability and flexibility of the pricing, while ExtraHop Reveal(x) users value the comprehensive analytics capabilities.
Features: Vectra AI stands out for its advanced threat detection capabilities, machine learning algorithms, and automated response features. ExtraHop Reveal(x) is praised for its robust network visibility, comprehensive analytics, and intuitive user interface.
Pricing and ROI: Vectra AI offers competitive pricing with reasonable setup costs and flexible licensing options. ExtraHop Reveal(x) is also well-received for its cost-effectiveness, low setup cost, and straightforward licensing process. Users have had positive experiences with both products in terms of pricing, setup cost, and licensing. Vectra AI delivered ROI that exceeded expectations with significant security and efficiency improvements. ExtraHop Reveal(x) was praised for enhancing network visibility and security with user-friendly interface and robust functionalities.
Room for Improvement: Vectra AI has room for improvement in its complex and unintuitive user interface, lack of customization options, occasional glitches, and high pricing. ExtraHop Reveal(x) could enhance its user interface, accuracy, documentation, and customer support for a better user experience.
Deployment and Customer Support: Vectra AI may be a bit complex and require additional customization for on-prem installations. ExtraHop Reveal(x) is considered simple and offers a user-friendly initial setup. Vectra AI stands out for its exceptional customer support, with knowledgeable staff providing quick solutions. ExtraHop Reveal(x) also has good support, however, it suffers from occasional quality issues.
The summary above is based on 31 interviews we conducted recently with Vectra AI and ExtraHop Reveal(x) users. To access the review's full transcripts, download our report.
"When there are performance issues with an HTTP app, ExtraHop enables us to identify the causes within a few minutes. We can see what transactions are being impacted by something that may be happening within the server environment."
"Setting up the solution is relatively easy."
"The security features of this solution are the most valuable."
"The solution's initial setup process is easy."
"The most valuable features of ExtraHop Reveal(x) are the detection and alerting of network behavior and anomalies."
"It's a wire analytics tool. We use it for isolating and determining issues on our network or applications. It does a lot for crediting the network as opposed to discrediting the network. A lot of people come along and say that it's a network issue. It's always considered to be a network issue, but by using ExtraHop, we can quickly tell them that it's not a networking issue. It's something to do with your application or something at the other end. It could be a database issue. This tool gives us the ability to pinpoint with great accuracy the comings and goings on our network."
"ExtraHop Reveal(x) is one of the tools that works out of the box when it comes to threat hunting."
"We had useful information within the hour of deployment. The ability to trace back for historical analysis, as well as the behavioral analysis done with the security information, puts the user in a position to make an informed decision to mitigate the performance or security incidents. Regarding the security incidents, Reveal (x) is able to create incident cards that guide your teams through the incidents and gives you the option to delve into the transaction detail to potentially view payloads as well."
"One of the core features is that Vectra AI triages threats and correlates them with compromised host devices. From a visibility perspective, we can better track the threat across the network. Instead of us potentially finding one device that has been impacted without Vectra AI, it will give us the visibility of everywhere that threat went. Therefore, visibility has increased for us."
"One of the key advantages for us is we define a 24/7 service around it. We use far more of Vectra alerts than we do with our SIEM product because we understand that when we get an alert from Vectra we actually need to do something about it."
"The fact that we get the visualization of what's happening on our network, which is a way of improving our security in-depth is most valuable."
"Vectra produces actionable data using automation. That has helped us. It's less manpower now to look at incidents, which has definitely increased efficiency. Right now, in a lot of cases, our mean time to detection is within zero days. This tells me by the time something happened, and we were able to detect it, it was within the same day."
"Vectra AI is the best. It is a major product in our cybersecurity."
"The key feature for me for Detect for Office 365 is that it can also concentrate all the information and detection at one point, the same as the network solution does. This is the key feature for me because, while accessing data from Office 365 is possible using Microsoft interfaces, they are not really user-friendly and are quite confusing to use. But Detect for Office 365 is aggregating all the info, and it's only the interesting stuff."
"The UI is easy to use and when we send detection to everybody, they easily understand what we are asking at the time."
"The solution provide visibility into behaviors across the full lifecycle of an attack in our network, beyond just the Internet gateway. It makes our security operations much more effective because we are now looking not just at traffic on the border, but we're looking at east-west internal traffic. Now, not only will we see if an exploit kit is being downloaded, but we would be able to see then if that exploit kit was then laterally distributed into our environment."
"Agent management could certainly use some focus. It should also be a little bit easier to work with collections. We should be able to nest collections within collections. There should be better nesting."
"The solution should include more support protocols."
"There is a little training online, but it'd be cool if ExtraHop provided certifications. CrowdStrike does elective training that gives you a certification as a Falcon administrator. It'd be nice to see ExtraHop have something like that"
"I would like to see more cloud capability."
"Netflow - Processing Netflow can be cumbersome as it requires triggers to truly gain value and insight. This in turn can add a bit of load to the hardware. The focus of ExtraHop Reveal (x) is live packet data."
"I think the tuning capabilities could be improved. We're working on minimizing false positives. Apart from that, everything seems fine to me."
"ExtraHop Reveal(x) could improve by allowing a longer look back in the feature. Right now you have a limit of 30 days to look back on your activity. I've used Darktrace before, and they allow you the ability to play back events. This would be a good feature to have in ExtraHop Reveal(x)."
"They used to have the ability to decode Citrix sign-on, setup, and tear down. Unfortunately, Citrix has stopped sharing that knowledge. Citrix has continued to change its model of processing, making it harder and harder to troubleshoot."
"It does a little bit of packet capture on alert so you can look at the packet capture activity going on, but it doesn't collect a whole lot of data. Sometimes it's only one or two frames, sometimes it does collect more. That's why they have the addition of their Recall platform, because that really does help expand the capability."
"One area where there's room for improvement is the absence of a comprehensive TCP recording and replay feature."
"In education as a sector, we are looking at AI a lot in terms of how it can be used as part of the teaching and learning side of things. It would be great to have Vectra AI look at a better way to enhance the security posture related to the AI tools in our portfolio."
"I would like to see a bit more strategic metrics instead of technical data. Information that I could show to my executive management team or board would be valuable."
"You are always limited with visibility on the host due to the fact that it is a network based tool. It gives you visibility on certain elements of the attack path, but it doesn't necessarily give you visibility on everything. Specifically, the initial intrusion side of things that doesn't necessarily see the initial compromise. It doesn't see stuff that goes on the host, such as where scripts are run. Even though you are seeing traffic, it doesn't necessarily see the malicious payload. Therefore, it's very difficult for it to identify these type of host-driven complex attacks."
"The solution has not reduced the security analyst workload in our organization because we still need to SIEM. Unfortunately, while Vectra, for us, is a brilliant tool for network investigations, giving wonderful visibility, it doesn't go the whole way to replace our SIEM that is needed for compliance. So, I still have the same amount of alerting and logging that I did before. It gives us more defined ability to see incidents, but it doesn't give us enough information to satisfy a PCI or 27001 audit."
"They use a proprietary logging format that is probably 90% similar to Bro Logs. Their biggest area of improvement is finishing out the remaining 10%. That 10% might not be beneficial to their ML engine, but that's fine. The industry standard is Zeek Logs or Bro Logs, or Bro or Zeek, depending on how old you are. While they have 90% of those fields, they're still missing some fields. In very rare instances, some community rules do not have the fields that they need, and we had to modify community rules for our logs. So, their biggest area of improvement would be to just finish their matching of the Zeek standard."
"One of the things I am not so happy about when it comes to Vectra is the scoring board."
ExtraHop Reveal(x) is ranked 5th in Network Traffic Analysis (NTA) with 12 reviews while Vectra AI is ranked 2nd in Network Traffic Analysis (NTA) with 41 reviews. ExtraHop Reveal(x) is rated 8.6, while Vectra AI is rated 8.6. The top reviewer of ExtraHop Reveal(x) writes "It helps you visualize how data moves across your network". On the other hand, the top reviewer of Vectra AI writes "Integrates well with other security solutions and provides good technical support". ExtraHop Reveal(x) is most compared with Darktrace, Corelight, Cisco Secure Network Analytics, Arista NDR and ExtraHop Reveal(x) 360, whereas Vectra AI is most compared with Darktrace, Cisco Secure Network Analytics, Arista NDR, Corelight and Trend Micro Deep Discovery. See our ExtraHop Reveal(x) vs. Vectra AI report.
See our list of best Network Traffic Analysis (NTA) vendors and best Network Detection and Response (NDR) vendors.
We monitor all Network Traffic Analysis (NTA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.