We compared Vectra AI and Darktrace based on our users reviews in five parameters. After reading the collected data, you can find our conclusion below:
Comparison Results: In comparing Vectra AI to Darktrace, there are notable distinctions. Vectra AI is praised for its easy setup process, strong ability to detect anomalies, and effective noise reduction feature. However, there is room for improvement in terms of reporting capabilities and software upgrades. On the other hand, Darktrace's setup experiences vary, but it offers exceptional network protection and efficient pattern detection using AI. Suggestions include streamlining the configuration process and making the pricing more affordable. While Darktrace is pricier, it yields positive returns on investment. Customer service and support are generally well-regarded for both solutions, although a few mixed reviews exist.
"Provides great network protection."
"Darktrace is very flexible."
"The AI-based pattern is the most valuable feature."
"What I like about Darktrace, is that you can quickly identify threats."
"The most valuable feature is the solution's ability to trim out the false positives and point your attention to the real important stuff."
"It is a stable solution without downtime."
"The product can scale."
"The most valuable feature is the alerts. The alerts are meaningful. The event rolls up into meaningful and actionable alerts rather than just being noise."
"The solution is currently used as a central threat detection and response system."
"We often use the new feature to create PCAP files from the whole data traffic. It makes it much easier to find network problems such as whether the server is responding to a request. It has nothing to do with security, but it helps a lot to find other problems."
"The most valuable feature for Cognito Detect, the main solution, is that external IDS's create a lot of alerts. When I say a lot of alerts I really mean a lot of alerts. Vectra, on the other hand, contextualizes everything, reducing the number of alerts and pinpointing only the things of interest. This is a key feature for me. Because of this, a non-trained analyst can use it almost right away."
"Vectra produces actionable data using automation. That has helped us. It's less manpower now to look at incidents, which has definitely increased efficiency. Right now, in a lot of cases, our mean time to detection is within zero days. This tells me by the time something happened, and we were able to detect it, it was within the same day."
"Vectra AI is the best. It is a major product in our cybersecurity."
"The core product provides excellent visibility, but my favorite feature is Vectra Recall."
"Vectra is very compatible with various cloud providers, such as Amazon and Azure AD. This is helpful as customers often migrate their network infrastructure to the cloud."
"Scalability wise, we have many sensors, and Vectra AI seems to handle them all very well."
"Getting logs from different sources can be a challenge."
"They just need to make it a little bit more accurate as far as their alerts are concerned. It does generate some false positives that you have to tune. You have to do a lot of tuning when you first get it because of the false positives, but once it is all tuned up and ready to go, it will do its thing from there."
"A reporting portal could be a great addition to help customize reports."
"I did not use the AI features because they should make it more user-friendly which would be a benefit. Additionally, the solution could integrate with more SIEM or SOAR tools."
"It would be helpful if they could recognize incidents and simplify the customer's challenge to identify what is happening."
"It should be easier to access the Darktrace portal and its documentation. Only the customer can access their portal and support. It could be cheaper."
"Darktrace needs to automate the reports of false positives, botnets and everything."
"I would like to see a feature where the tool ingests information from an anti-malware product that is present at the endpoint."
"The false positives and the tuning side of it is something that could use improvement. But that could be from our side."
"We have had a few issues with the integration of Vectra AI with EDR. Some filters have not been working. We've also had issues with the brain not being powerful enough."
"You are always limited with visibility on the host due to the fact that it is a network based tool. It gives you visibility on certain elements of the attack path, but it doesn't necessarily give you visibility on everything. Specifically, the initial intrusion side of things that doesn't necessarily see the initial compromise. It doesn't see stuff that goes on the host, such as where scripts are run. Even though you are seeing traffic, it doesn't necessarily see the malicious payload. Therefore, it's very difficult for it to identify these type of host-driven complex attacks."
"If you hit a certain number of rules, triage filters, or groups, the UX responds more slowly. However, we have a complex network and a lot of rules. So, our setup might not be a typical implementation example. We even had UX engineers onsite, and they looked at issues, improvements, and user feedback. Since then, it has gotten a lot better, they even built in features that we specifically requested for our company."
"Some of their integrations with other sources of data, like external threat feeds, took a bit more work than I had hoped to get integrated."
"The reporting from Cognito Detect is very limited and doesn't give you too many options. If I want to prepare a customized report on a particular host, even though I see the data, I have to manually prepare the report. The reporting features that are built into the tool are not very helpful."
"ExtraHop has better features that seem more advantageous when compared to Vectra."
"We would like to see more information with the syslogs. The syslogs that they send to our SIEM are a bit short compared to what you can see. It would be helpful if they send us more data that we can incorporate into our SIEM, then can correlate with other events."
Darktrace is ranked 1st in Network Detection and Response (NDR) with 65 reviews while Vectra AI is ranked 2nd in Network Detection and Response (NDR) with 40 reviews. Darktrace is rated 8.2, while Vectra AI is rated 8.6. The top reviewer of Darktrace writes "Great autonomous support, offers an easy setup, and has responsive support". On the other hand, the top reviewer of Vectra AI writes "Integrates well with other security solutions and provides good technical support". Darktrace is most compared with CrowdStrike Falcon, SentinelOne Singularity Complete, Cortex XDR by Palo Alto Networks, Cisco Secure Network Analytics and ExtraHop Reveal(x), whereas Vectra AI is most compared with ExtraHop Reveal(x), Cisco Secure Network Analytics, Arista NDR, Corelight and Trend Micro Deep Discovery. See our Darktrace vs. Vectra AI report.
See our list of best Network Traffic Analysis (NTA) vendors, best Network Detection and Response (NDR) vendors, and best Intrusion Detection and Prevention Software (IDPS) vendors.
We monitor all Network Detection and Response (NDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
CylancePROTECT is AI-powered endpoint protection that will scan your endpoint devices with AI and Machine Learning security. It does not work with traditional signature-based protection and will cover your endpoints against the latest malware and event Potential Unwanted Programs. We are also a Darktrace partner and if interested we can demo both Cyber Security solutions to your company. If you are interested in more information about CylancePROTECT and Darktrace and would like to run a free POC, please contact me at cj@groveis.com.
Raffael Marty, Vice President, Forcepoint Research and Intelligence, said: "There is no artificial intelligence in the field of information security, and it is unlikely to be developed in 2019." Most of unsupervised machine learning-based network anomaly detection solution does not provide why the anomaly has been aroused and whether the anomaly is malicious or not. Most of such solution's pricing model is based on number of endpoints but I prefer to have flat fee subscription-based.
The most important thing to get traction is your business approach and some kind of openness for 3rd parties. NOBODY needs "fancy Dashboards"!
Most of the known vendors like Darktrace is extremely "sales offensive" and they don't have a clear sales strategy (direct or channel). A free POV (30days) is a common approach to attract new customers, but the outcome is not really important. It says nothing about the PAINS on the customer site.
Know your competitors!!!! There are many AI CyberSec Startups and Technologies - 99% are using "Machine Learning" what needs more time to the realtime reaction in critical phases. Preferred is Deep Learning like DeepInstinct offers.
Pricing Model per IP´s is pretty usual - but you need flexibility.
Thank you I’m not really interested in being sold to. I’m asking about what works, what doesn’t and pricing models. I don’t want any demos.
Thank you for your comments...what if the malware does not present as anomalous?
We are an Endpoint focused firm represented a Pyramid of EP based protection services (email & web filter, coupled with EP protection, cyber insurance and dark web monitoring). Our key AI product offering is Cylance, world class in it's ability to protect you where over 95% of all hacks occur, the End Point. Cylance is typically sold as a manged service due to some of the complexities of tailoring the product to fit your business needs. Typically the service is price per EP, per month.
Thank you, I am familiar with Darktrace and really like the product. I'd like to know your thoughts on additional features and pricing preferences.
In my opinion, the best response always comes from the source. I have many contacts at Darktrace that can precisely answer these and other questions. Please let me know if you would like me to arrange for a scheduled call.