We performed a comparison between LogRhythm UEBA and Vectra AI based on real PeerSpot user reviews.
Find out what your peers are saying about IBM, Splunk, Rapid7 and others in User Entity Behavior Analytics (UEBA)."The most valuable features are file activity monitoring and registry activity monitoring."
"The solution is useful for privilege accounts and super admin accounts. It is beneficial from a security perspective. The tool uses machine learning rather than threshold-based alerts. For instance, it can detect unusual user logins, such as a user logging in from a new browser or location."
"It has a lot of features. It has file integration monitoring."
"LogRhythm UEBA’s best feature is the dashboard. It provides several graphs, charts, and event logs."
"The solution's most valuable features are the graphical user interface and the reporting."
"Good capability pinpointing specific cyber incidents."
"The tool's most valuable feature is server threat hunting."
"It is easy to monitor users and that is how the solution is adding value to our firm."
"One of the most valuable features is all the correlation that it does using AI and machine learning. An example would be alerting on a host and then alerting on other things, like abnormal behavior, that it has noticed coming from the same host. It's valuable because we're a very lean team."
"Cognito Streams gives you a detailed view of what happens in the network in the form of rich metadata. It is just a super easy way to capture network traffic for important protocols, giving us an advantage. This is very helpful on a day-to-day basis."
"We often use the new feature to create PCAP files from the whole data traffic. It makes it much easier to find network problems such as whether the server is responding to a request. It has nothing to do with security, but it helps a lot to find other problems."
"It is doing some artificial intelligence. If it sees a server doing a lot of things, then it will assume that is normal. So, it is looking for anomalous behavior, things that are out of context which helps us reduce time. Therefore, we don't have to look in all the logs. We just wait for Vectra to say, "This one is behaving strange," then we can investigate that part."
"We discovered a lot of things in our network and are correcting several misconfigurations. We are learning how some apps work together and how some things shouldn't happen. It's also easier for us to identify the source of a brute force, whereas before, we didn't even know we had a brute force."
"It keeps up with the network traffic, which is a good thing. It provides more context to plain alerts compared to using an older system. So, it helps an analyst reduce the information overload."
"The most valuable feature for Cognito Detect, the main solution, is that external IDS's create a lot of alerts. When I say a lot of alerts I really mean a lot of alerts. Vectra, on the other hand, contextualizes everything, reducing the number of alerts and pinpointing only the things of interest. This is a key feature for me. Because of this, a non-trained analyst can use it almost right away."
"I like the way that Vectra AI focuses on the internal network. Nowadays, most of the attackers are already inside, and they can be inside for many years before they start attacking. With normal monitoring, it's quite difficult to find them."
"LogRhythm UEBA's data aggregation needs to be improved. Open-source users do not have much documentation available. Documentation is available only for enterprise users."
"The product could be user-friendly for someone who doesn’t have any prior experience working with it."
"What needs improvement in LogRhythm UEBA is the pricing. Here in Asia, for example, in Sri Lanka, pricing is the primary concern, and this is the only area for improvement I see in the product."
"The cloud version is lacking and not up to par."
"It would be helpful if there were more guidance provided for integrating with unsupported devices."
"It should have better mitigation with other solutions and be tightly integrated with other solutions. It has to be improved."
"The product should improve its dashboards. Splunk has neat dashboards. Additionally, we would like to enhance the use cases provided by LogRhythm as its use case library is not as extensive as other tools. Its machine-learning capabilities need to improve when compared to other solutions. It lacks risk quantification in a single, transparent view for individuals such as CSOs."
"The UI could be improved a little bit."
"There is room for improvement in the documentation. We would like to have more details on how it detects what we see."
"It would be commercially beneficial if Vectra AI had something like Darktrace's Antigena Email or something similar to email protection."
"I would like more integrations with IOCs and threats currently on the Internet. I would also like to know which threats are based on zero-day attacks, current botnets, etc. Therefore, I would like more information on external threats."
"I would like to see data processed onshore. Right now, the cloud components, like Office 365, must be processed on servers outside of Australia. I would like to see a future adoption of onshore processing."
"Some of the customization could be improved. Everything is provided for you as an easy solution to use, but working with it and doing specific development could be worked on a bit more in the scope of an incident response team."
"We had another product with Vectra AI and used the MDR solution as an add-on. Initially, it wasn't fully appropriately configured, so we didn't get the expected results. Even once configured correctly, we weren't fully satisfied with its response. The issue was both with their service response and the product's capabilities."
"You are always limited with visibility on the host due to the fact that it is a network based tool. It gives you visibility on certain elements of the attack path, but it doesn't necessarily give you visibility on everything. Specifically, the initial intrusion side of things that doesn't necessarily see the initial compromise. It doesn't see stuff that goes on the host, such as where scripts are run. Even though you are seeing traffic, it doesn't necessarily see the malicious payload. Therefore, it's very difficult for it to identify these type of host-driven complex attacks."
"I think Vectra AI's automation, reporting, and integration could be improved."
LogRhythm UEBA is ranked 12th in User Entity Behavior Analytics (UEBA) with 10 reviews while Vectra AI is ranked 2nd in Intrusion Detection and Prevention Software (IDPS) with 42 reviews. LogRhythm UEBA is rated 7.2, while Vectra AI is rated 8.6. The top reviewer of LogRhythm UEBA writes "Detects unusual logins but dashboards need improvement ". On the other hand, the top reviewer of Vectra AI writes "Integrates well with other security solutions and provides good technical support". LogRhythm UEBA is most compared with Wazuh, Darktrace, CrowdStrike Falcon, Microsoft Purview Insider Risk Management and IBM Security QRadar, whereas Vectra AI is most compared with Darktrace, ExtraHop Reveal(x), Cisco Secure Network Analytics, Arista NDR and Corelight.
We monitor all User Entity Behavior Analytics (UEBA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.