We performed a comparison between Skybox Security Suite and Vectra AI based on real PeerSpot user reviews.
Find out what your peers are saying about Tenable, Wiz, SentinelOne and others in Vulnerability Management."We use Network Assurance for network visualisation and troubleshooting."
"The performance could be good because we chose it at the time, but it is too complex for us to appreciate its performance because we lack the necessary skills."
"The most valuable features are the rule compliance and the OS vulnerability checks."
"It's very supportive and very user-friendly."
"We are currently working on rule review and compliance. The logging features are good."
"Change Manager is most important because of the impact on each other of a network change or a firewall change. We want to understand this and to know, beforehand, what the impact of a change will be. We are a large network so that is a very important tool."
"It's given us more visibility in terms of what are the kinds of configurations that are on these devices, and how many of these are stale rules. So it's helped greatly in terms of cleaning up of rules, for sure. And it has definitely given us a more secure way of backing up the configuration on these devices."
"Aside from Firewall Assurance, we are using Network Assurance and Change Manager for an overview of the whole network and for documenting requests and the recertification of the ruleset."
"Vectra AI generates relevant information."
"It has helped us to organize our security. We get a better overview on what is happening on the network, which has helped us get quicker responses to users. If we see malicious activity, then we can quickly take action on it. Previously, we weren't getting an overview as fast as we are now, so we can now provide a quicker response."
"One of the most valuable features of the platform is its ability to provide you with aggregated risk scores based on impact and certainty of threats being detected. This is both applied to individual and host detections. This is important because it enables us to use this platform to prioritize the most likely imminent threats. So, it reduces alert fatigue follow ups for security operation center analysts. It also provides us with an ability to prioritize limited resources."
"It does a reliable job of parsing out the logs of all the network traffic so that we can ingest them into our SIEM and utilize them for threat hunting and case investigations. It is pretty robust and reliable. The administration time that we spend maintaining it or troubleshooting it is very low. So, the labor hour overhead is probably our largest benefit from it. We spend 99% of our time in Vectra investigating cases, responding to incidents, or hunting, and only around 1% of our time is spent patching, troubleshooting, or doing anything else. That's our largest benefit from Vectra."
"The initial setup was pretty straightforward."
"It has reduced the time it takes to respond to attacks. That comes back to the proactive point. It makes us able to lower down in the kill chain, we can react now, rather than reacting to incidents that happened, we can see an instant, in some cases, as it's being implemented, or as it's being launched."
"Vectra produces actionable data using automation. That has helped us. It's less manpower now to look at incidents, which has definitely increased efficiency. Right now, in a lot of cases, our mean time to detection is within zero days. This tells me by the time something happened, and we were able to detect it, it was within the same day."
"The administrative privilege detection feature is the most valuable feature. The admin accounts are often highly accessible to the high-risk component of the environment. If those accounts are compromised or are being used in a suspicious manner, that's high-fidelity events for us to look into."
"The cloud site could be better. They should provide some use cases to help users."
"The solution needs to add more automation and orchestration capabilities. Those features would make the solution much stronger."
"The tool does not offer options for customization."
"Skybox Security Suite's attack surface management feature needs improvement."
"Reporting. A lot of the reports, out of the box, are limited to a certain number of either configuration violations or access rule violations. So when you first set up a new firewall to be monitored by Skybox, you don't get a real full report. You have to really tweak it to get everything."
"The initial setup with Skybox Security is hard. You need one or two strong security engineers on your team."
"The vendor's support is terrible."
"If anything could be improved it would be staying on top of the collector scripts, but I understand that's a very tough challenge."
"The solution needs to become more proactive. When Vectra AI is the primary solution in an environment - like it is in our case - you must work on response time. We have a small team so response time at endpoint level is vital."
"The solution has not reduced the security analyst workload in our organization because we still need to SIEM. Unfortunately, while Vectra, for us, is a brilliant tool for network investigations, giving wonderful visibility, it doesn't go the whole way to replace our SIEM that is needed for compliance. So, I still have the same amount of alerting and logging that I did before. It gives us more defined ability to see incidents, but it doesn't give us enough information to satisfy a PCI or 27001 audit."
"I would like to see data processed onshore. Right now, the cloud components, like Office 365, must be processed on servers outside of Australia. I would like to see a future adoption of onshore processing."
"One area where there's room for improvement is the absence of a comprehensive TCP recording and replay feature."
"We would like to see more information with the syslogs. The syslogs that they send to our SIEM are a bit short compared to what you can see. It would be helpful if they send us more data that we can incorporate into our SIEM, then can correlate with other events."
"We have a lot of system solutions and integrations with system solutions. Vectra is a type of black box. It implements AI-informed detection mechanisms, but we cannot create system detections. I understand that the product is designed this way, but it would be great if we could create our own detections as well."
"I would like more integrations with IOCs and threats currently on the Internet. I would also like to know which threats are based on zero-day attacks, current botnets, etc. Therefore, I would like more information on external threats."
"It would be commercially beneficial if Vectra AI had something like Darktrace's Antigena Email or something similar to email protection."
Skybox Security Suite is ranked 19th in Vulnerability Management with 34 reviews while Vectra AI is ranked 2nd in Intrusion Detection and Prevention Software (IDPS) with 42 reviews. Skybox Security Suite is rated 7.8, while Vectra AI is rated 8.6. The top reviewer of Skybox Security Suite writes "Efficient in vulnerability management, stable and easy to use ". On the other hand, the top reviewer of Vectra AI writes "Integrates well with other security solutions and provides good technical support". Skybox Security Suite is most compared with AlgoSec, Tufin Orchestration Suite, FireMon Security Manager, Palo Alto Networks Panorama and RedSeal, whereas Vectra AI is most compared with Darktrace, ExtraHop Reveal(x), Cisco Secure Network Analytics, Arista NDR and Corelight.
We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.