• Home
  • Arista NDR vs. Vectra AI

Arista NDR vs Vectra AI comparison

Cancel
You must select at least 2 products to compare!
Arista Logo
Arista NDR
Read 14 Arista NDR reviews
2,209 views|1,302 comparisons
100% willing to recommend
Vectra AI Logo
Vectra AI
Read 40 Vectra AI reviews
9,274 views|4,303 comparisons
100% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Arista NDR vs. Vectra AI
March 2024
Executive Summary

We performed a comparison between Arista NDR and Vectra AI based on real PeerSpot user reviews.

Find out in this report how the two Network Traffic Analysis (NTA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Arista NDR vs. Vectra AI Report (Updated: March 2024).
Download the complete report
771,157 professionals have used our research since 2012.
Featured Review
Anonymous User
Researched Vectra AI but chose Arista NDR: Gives us network layer visibility into things that may not be covered by other monitoring tools, such as shadow IT
Awake's MNDR has affected our overall security posture very positively. Having a team that is able to monitor our network activity has been a huge... Read more →
Anonymous User
Simple implementation and has precise detection
This solution helped our mean time to identify as we can have more precise detection and documentation. At the moment, we're seeing daily detection... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The query language that they have is quite valuable, especially because the sensor itself is storing some network activity and we're able to query that. That has been useful in a pinch because we don't necessarily use it just for threat hunting, but we also use it for debugging network issues. We can use it to ask questions and get answers about our network. For example: Which users and devices are using the VPN for RDP access? We can write a query pretty quickly and get an answer for that.""The most valuable feature is the ability to see suspicious activity for devices inside my network. It helps me to quickly identify that activity and do analysis to see if it's expected or I need to mitigate that activity quickly.""When I create a workbench query in Awake to do threat hunting, it's much easier to query. You get a dictionary popup immediately when you try to type a new query. It says, "You want to search for a device?" Then you type in "D-E," and it gives you a list of commands, like device, data set behavior, etc. That gives you the ability to build your own query.""This solution help us monitor devices used on our network by insiders, contractors, partners, or suppliers. Its correlation and identification of specific endpoints is very good, especially since we have a large, virtualized environment. It discerns this fairly well. Some of the issues that we have had with other tools is we sometimes are not able to tell the difference between users on some of those virtualized instances.""It gives us something that is almost like an auditing tool for all of our network controls, to see how they are performing. This is related to compliance so that we can see how we are doing with what we have already implemented. There are things that we implemented, but we really didn't know if they were working or not. We have that visibility now.""This solution’s encrypted traffic analysis helps us stay in compliance with government regulations. It is all about understanding data exfiltration, what is ingressing and egressing in our network. One common attack vector is exfiltrating data using encryption. My capabilities to see potential data exfiltration over encrypted traffic is second to none now.""Other solutions will say, "Hey, this device is doing something weird." But they don't aggregate that data point with other data points. With Awake you have what's called a "fact pattern." For example, if there's a smart toaster on the third floor that is beaconing out to an IP address in North Korea, sure that's bizarre. But if that toaster was made in North Korea it's not bizarre. Taking those two data points together, and automating something using machine-learning is something that no other solution is doing right now.""The interface itself is clean and easy to use, yet customizable. I like that I can create my own dashboards fairly easily so that I can see what is important to me. Also, the query language is pretty easy to use. I haven't needed to use it a ton, but as I need to go in and do different queries based on their requests, it has been fairly simple to use."

More Arista NDR Pros →

"Some valuable features of Vectra AI are that it is very intuitive and that there are only a small amount of false positives. Therefore, it's an effective solution.""It has helped us to organize our security. We get a better overview on what is happening on the network, which has helped us get quicker responses to users. If we see malicious activity, then we can quickly take action on it. Previously, we weren't getting an overview as fast as we are now, so we can now provide a quicker response.""The most useful feature is the anomaly detection because it's not signature-based. It picks up the initial part of any attack, like the recon and those aspects of the kill chain, very well.""We often use the new feature to create PCAP files from the whole data traffic. It makes it much easier to find network problems such as whether the server is responding to a request. It has nothing to do with security, but it helps a lot to find other problems.""The key feature for me for Detect for Office 365 is that it can also concentrate all the information and detection at one point, the same as the network solution does. This is the key feature for me because, while accessing data from Office 365 is possible using Microsoft interfaces, they are not really user-friendly and are quite confusing to use. But Detect for Office 365 is aggregating all the info, and it's only the interesting stuff.""One of the most valuable features of the platform is its ability to provide you with aggregated risk scores based on impact and certainty of threats being detected. This is both applied to individual and host detections. This is important because it enables us to use this platform to prioritize the most likely imminent threats. So, it reduces alert fatigue follow ups for security operation center analysts. It also provides us with an ability to prioritize limited resources.""We particularly like the user experience around the dashboard, which we find to be much more straightforward than the dashboard of some of the competitive products... Vectra is a really easy system to understand and use to prioritize where we need to focus our security resources.""The biggest feature for us, because we are heavy Microsoft users, is its integration with Office 365. On top of Vectra AI, we use all of the Microsoft security platforms, such as Defender ATP and Sentinel. Having full integration and a central platform to look at all of the threats that are coming through from the different platforms is a huge benefit for us."

More Vectra AI Pros →

Cons
"There's room for improvement with some of the definitions, because I don't have time and I'm not a Tier 4 analyst. I believe that is something they're working towards.""Awake Security needs to move to a 24/7 support model in the MNDR space. Once they do that, it will make them even better.""One concern I do have with Awake is that, ideally, it should be able identify high-risk users and devices and entities. However, we don't have confidence in their entity resolution, and we've provided this feedback to Awake. My understanding is that this is where some of the AI/ML is, and it hasn't been reliable in correctly identifying which device an activity is associated with. We have also encountered issues where it has merged two devices into one entity profile when they shouldn't be merged. The entity resolution is the weakest point of Awake so far.""Be prepared to update your SOPs to have your analysts work in another tool separately. There are some limitations in the integrations right now. One of the things that I want from a security standpoint is integration with multiple tools so I don't need to have my analysts logging into each individual tool.""I enjoy the query language, but it could be a bit more user-friendly, especially for new users who come across it... They should push it more into a natural language style as opposed to a query language.""They've been focused on really developing their data science, their ability to detect, but over time, they need to be able to tie into other systems because other systems might detect something that they don't.""When I looked at the competitors, such as Darktrace, they all have prettier interfaces. If Awake could make it a little more user-friendly, that would go a long way.""I would like to see a bit more in terms of encrypted traffic. With the advent of programs that live off the land, a smart attacker is going to leverage encryption to execute their operation. So I would like to see improvements there, where possible. Currently, we're not going to be decrypting encrypted traffic. What other approaches could be used?"

More Arista NDR Cons →

"The main improvement I can see would be to integrate with more external solutions.""We have a lot of system solutions and integrations with system solutions. Vectra is a type of black box. It implements AI-informed detection mechanisms, but we cannot create system detections. I understand that the product is designed this way, but it would be great if we could create our own detections as well.""One of the things that we are missing a bit is the capability to add our own rules to it. At the moment, the tech engine does its thing, but we have some cool ideas to make additional rules. There should be an option in the platform to add custom rules, or there should be some kind of user group where we can suggest them for the roadmap and see if they get evaluated and get transparent communication on whether they will be implemented in the product or not.""Integration with other security components needs improvement. It should have true integration as opposed to just being a separate pane of glass.""In education as a sector, we are looking at AI a lot in terms of how it can be used as part of the teaching and learning side of things. It would be great to have Vectra AI look at a better way to enhance the security posture related to the AI tools in our portfolio.""I would like to see a bit more strategic metrics instead of technical data. Information that I could show to my executive management team or board would be valuable.""There could be an option where Vectra manages the solution remotely, and when there is an attack, there could be a notification center to give us information about the attack.""The solution needs to become more proactive. When Vectra AI is the primary solution in an environment - like it is in our case - you must work on response time. We have a small team so response time at endpoint level is vital."

More Vectra AI Cons →

Pricing and Cost Advice
  • "The solution has saved thousands of dollars within the first day. Our ROI has to be in the tens of thousands of dollars since October last year."
  • "Awake Security was the least expensive among their competitors. Everyone was within $15,000 of each other. The other solutions were not providing the MNDR service, which is standard with Awake Security's pricing/licensing model."
  • "We switched to Awake Security because they were able to offer a model that was significantly less expensive and the value that we get out of it is higher."
  • "The solution is very good and the pricing is also better than others..."
  • "The pricing seems pretty reasonable for what we get out of it. We also found it to be more competitive than some other vendors that we've looked at."
  • "Awake's pricing was very competitive. It's not a cheap option though. It's an investment to utilize it, but it's one that we decided was worth the cost, with the managed services. At our scale, it was a much better option to utilize their software and their managed services to handle this, rather than hiring another person to be an analyst. It was quite cost-effective for us."
  • "Because I represent a hedge fund, I have some leverage. I told them that they had to meet my conditions if they wanted me as a client. It was the same way with Awake. They wanted an initial four-year agreement. Initially, we signed on for a one-year contract, but they wanted the four-year deal when it came time for the renewal. I told them that I was not doing that. I said that they either had to do it on my terms, or I'd go somewhere else."

    • More Arista NDR Pricing and Cost Advice →

  • "We are running at about 90,000 pounds per year. The solution is a licensed cost. The hardware that they gave us was pretty much next to nothing. It is the license that we're paying for."
  • "The license is based on the concurrent IP addresses that it's investigating. We have 9,800 to 10,000 IP addresses."
  • "There are additional features that can be purchased in addition to the standard licensing fee, such as Cognito Recall and Stream."
  • "We have a desire to increase our use. However, it all comes down to budget. It's a very expensive tool that is very difficult to prove business support for. We would like to have two separate networks. We have our corporate network and PCI network, which is segregated due to payment processing. We don't have it for deployed in the PCI network. It would be good to have it fully deployed there to provide us with additional monitoring and control, but the cost associated with their licensing model makes it prohibitively expensive to deploy."
  • "At the time of purchase, we found the pricing acceptable. We had an urgency to get something in place because we had a minor breach that occurred at the tail end of 2016 to the beginning of 2017. This indicated we had a lack of ability to detect things on the network. Hence, why we moved quickly to get into the tool in place. We found things like Bitcoin mining and botnets which we closed quickly. In that regard, it was worth the money."
  • "The pricing is very good. It's less expensive than many of the tools out there."
  • "The pricing is high."
  • "Their licensing model is antiquated. I'm not a fan of their licensing model. We have to pay for licensing based on four different things. You have to pay based on the number of unique IPs, the number of logs that we send through Recall and Stream, and the size of our environment. They need to simplify their licensing down to just one thing. It should be based on the amount of data, the number of devices, or something else, but there should be just one thing for everything. That's what they need to base their licensing on. Cost-wise, they're not cheap. They were definitely the most expensive option, but you get what you pay for. They're not the cheapest option."

    • More Vectra AI Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Network Traffic Analysis (NTA) solutions are best for your needs.
    See Recommendations
    771,157 professionals have used our research since 2012.
    Questions from the Community
    What do you like most about Arista NDR?
    Top Answer:Arista NDR's scalability is very good, making it easy to add more hardware components. You can order additional hardware and integrate it by stacking it with the existing setup. This feature cannot be… more »
    Read all 13 answers   →
    What is your experience regarding pricing and costs for Arista NDR?
    Top Answer:The tool's pricing is expensive but it is competitive.
    Read all 8 answers   →
    What needs improvement with Arista NDR?
    Top Answer:Arista NDR needs to open legal offices to be closer to customers and partners. It needs more visibility in the NDR market in the Middle East. While they are doing well, they lack sufficient engineers… more »
    Read all 14 answers   →
    What is the biggest difference between Corelight and Vectra AI?
    Top Answer:The two platforms take a fundamentally different approach to NDR. Corelight is limited to use cases that require the eventual forwarding of events and parsed data logs to a security team’s SIEM or… more »
    Read all 5 answers   →
    What do you like most about Vectra AI?
    Top Answer:The solution is currently used as a central threat detection and response system.
    Read all 37 answers   →
    What is your experience regarding pricing and costs for Vectra AI?
    Top Answer:Vectra AI has an annual subscription license. You could choose the components you need for your environment.
    Read all 26 answers   →
    Ranking
    8th
    out of 24 in Network Traffic Analysis (NTA)
    Views
    2,209
    Comparisons
    1,302
    Reviews
    1
    Average Words per Review
    392
    Rating
    9.0
    2nd
    out of 24 in Network Traffic Analysis (NTA)
    Views
    9,274
    Comparisons
    4,303
    Reviews
    21
    Average Words per Review
    760
    Rating
    8.4
    Comparisons
    Also Known As
    Awake Security Platform
    Vectra Networks, Vectra AI NDR
    Learn More
    Arista
    Vectra AI
    Overview

    Arista NDR (formerly Awake Security) is the only advanced network detection and response company that delivers answers, not alerts. By combining artificial intelligence with human expertise, Arista NDR hunts for both insider and external attacker behaviors, while providing autonomous triage and response with full forensics across traditional, IoT, and cloud networks. Arista NDR delivers continuous diagnostics for the entire enterprise threat landscape, processes countless network data points, senses abnormalities or threats, and reacts if necessary—all in a matter of seconds. The Arista NDP platform stands out from traditional security because it is designed to mimic the human brain. It recognizes malicious intent and learns over time, giving defenders greater visibility and insight into what threats exist and how to respond to them. 

    The Advent of Advanced Network Detection and Response & Why it Matters

    The 5 Levels of Autonomous Security paper

    Vectra threat detection and response is a complete cybersecurity platform that collects, detects, and prioritizes security alerts. The Cognito platform for Network Detection and Response (NDR) detects and responds to attacks inside cloud, data center, Internet of Things, and enterprise networks. The platform also provides automated response capabilities for low-level threats and escalates more severe anomalies to security personnel.

    Cognito captures data for multiple relevant sources and enriches it with context and security insights. It starts by deploying sensors across different networks in datacenters, IoT, or enterprise networks. The algorithm extracts relevant metadata from network and cloud traffic. The information can also be non-security information that can help investigation. 

    The data is enriched with security context to support critical use cases, such as threat detection, investigation, hunting and compliance. The platform is machine learning-based, which enables it to adapt to any new and current threat scenario. It detects, clusters, prioritizes, and anticipates attacks by using identity and host-level enforcement. 

    With the Vectra platform, a person can investigate 50 threats in just two hours. By prioritizing alerts and leveraging threat intelligence, it provides faster results.Vectra solves today’s security challenges for network detection and response. 

    One of Vectra’s best features is the emphasis they put in pairing research and data science for security insights. It offers behavior codification with unsupervised, supervised, and deep learning models. 

    The pricing is according to a subscription model with a free trial available.Vectra is available for Office 365, Azure AD and AWS Brain.

    Features of Vectra AI

    • AI-based threat detection and response. 
    • Detects attacks in real time with behavior-based threat detection. 
    • Consolidates and correlates thousands of events, detecting threats. 
    • Enriches threat investigation with a chain of evidence and data science security insights. 
    • Machine learning techniques, including deep learning and neural networks. 
    • Gives visibility into cyberattackers and analyzes all network traffic. 
    • Continuous updates with new threat detection algorithms. 
    • Provides encryption at rest and in transit. For the AWS version, it offers AES-256 encryption via AWS Key Management Service. 
    • Guaranteed availability according to the SLA of the service selected. 
    • Does not connect to public sector networks. 

    Benefits of Vectra AI

    • Behavioral models use AI to find unknown attackers. 
    • Context increases the accuracy of threat hunting. 
    • Allows for proactive action by prioritizing the most relevant information. 
    • Provides a clear picture and extensive context for investigations. 
    • Aids decision-making in the incident response process. 
    • Helps working with large datasets by capturing metadata at scale. 
    • Automates time-consuming analysis. 
    • Reduces the security analysts’ workloads on threat investigations. 

    Other advantages of Vectra services include that they can be deployed in the public, private, or hybrid cloud. Support is available via email or online ticketing with an average of 4 hours of response. Phone support is available 24/7. 

    Vectra provides full on-site and online training and documentation. Regarding the user interface, it supports several types of web browsers, such as Internet Explorer, Microsoft Edge, Firefox, Chrome, Safari and Opera. However, it is not available for mobile devices.

    Reviews from Real Users

    Here’s what PeerSpot users of Vectra AI have to say about it:

    "One of the core features is that Vectra AI triages threats and correlates them with compromised host devices. From a visibility perspective, we can better track the threat across the network. Instead of us potentially finding one device that has been impacted without Vectra AI, it will give us the visibility of everywhere that threat went. Therefore, visibility has increased for us." - Dave W., Operations Manager at a healthcare company

    "It does a reliable job of parsing out the logs of all the network traffic so that we can ingest them into our SIEM and utilize them for threat hunting and case investigations. It is pretty robust and reliable. The administration time that we spend maintaining it or troubleshooting it is very low.” - T.S., Senior Security Engineer at a manufacturing company

    Sample Customers
    - Dolby Laboratories- Seattle Genetics- ARM Energy- Ooma- Prophix- Yapstone
    Tribune Media Group, Barry University, Aruba Networks, Good Technology, Riverbed, Santa Clara University, Securities Exchange, Tri-State Generation and Transmission Association
    Top Industries
    REVIEWERS
    Insurance Company18%
    Pharma/Biotech Company9%
    Energy/Utilities Company9%
    Computer Software Company9%
    VISITORS READING REVIEWS
    Computer Software Company15%
    Financial Services Firm12%
    Manufacturing Company8%
    Educational Organization7%
    REVIEWERS
    Financial Services Firm17%
    Manufacturing Company11%
    University11%
    Computer Software Company8%
    VISITORS READING REVIEWS
    Computer Software Company16%
    Financial Services Firm12%
    Government8%
    Manufacturing Company6%
    Company Size
    REVIEWERS
    Small Business31%
    Midsize Enterprise15%
    Large Enterprise54%
    VISITORS READING REVIEWS
    Small Business23%
    Midsize Enterprise14%
    Large Enterprise64%
    REVIEWERS
    Small Business15%
    Midsize Enterprise22%
    Large Enterprise63%
    VISITORS READING REVIEWS
    Small Business22%
    Midsize Enterprise14%
    Large Enterprise64%
    Buyer's Guide
    Arista NDR vs. Vectra AI
    March 2024
    Free Report: Arista NDR vs. Vectra AI
    Find out what your peers are saying about Arista NDR vs. Vectra AI and other solutions. Updated: March 2024.
    DOWNLOAD NOW
    771,157 professionals have used our research since 2012.

    Arista NDR is ranked 8th in Network Traffic Analysis (NTA) with 14 reviews while Vectra AI is ranked 2nd in Network Traffic Analysis (NTA) with 40 reviews. Arista NDR is rated 9.0, while Vectra AI is rated 8.6. The top reviewer of Arista NDR writes "Gives us network layer visibility into things that may not be covered by other monitoring tools, such as shadow IT". On the other hand, the top reviewer of Vectra AI writes "Integrates well with other security solutions and provides good technical support". Arista NDR is most compared with Palo Alto Networks Advanced Threat Prevention, Trend Micro Deep Discovery, Cisco Secure Network Analytics, Darktrace and ExtraHop Reveal(x), whereas Vectra AI is most compared with Darktrace, ExtraHop Reveal(x), Cisco Secure Network Analytics, Corelight and Trend Micro Deep Discovery. See our Arista NDR vs. Vectra AI report.

    See our list of best Network Traffic Analysis (NTA) vendors and best Network Detection and Response (NDR) vendors.

    We monitor all Network Traffic Analysis (NTA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.