We performed a comparison between Rapid7 Metasploit and Vectra AI based on real PeerSpot user reviews.
Find out what your peers are saying about Tenable, Wiz, Check Point Software Technologies and others in Vulnerability Management."It's not possible to do penetration testing without being very proficient in Metasploit."
"It allows us to concentrate solely on identified vulnerabilities without the hassle of additional setup."
"Technical support has been helpful and responsive."
"I use Rapid7 Metasploit for payload generation and Post-Exploitation."
"The greatest advantage of Rapid7 Metasploit is that it is the only system that can directly exploit vulnerabilities on the Metasploit platform."
"I don't have any other tools like it, and I always use it when I'm doing a pen test. Metasploit is a great solution for penetration testing,"
"The option to generate phishing emails has proven to be very valuable in understanding the behavior of users."
"It is scalable. It's in line with our needs."
"One of the things that we didn't expect to happen was that our network team also jumped on it faster than we thought. In most cases, if it's a security tool that's working on the network part, they can also use it to find out certain flaws that have been in the system. Certain flaws, related to some legacy stuff, were already there for quite a few years, which they couldn't explain at first, but we could explain them based on the timing of certain things."
"It is doing some artificial intelligence. If it sees a server doing a lot of things, then it will assume that is normal. So, it is looking for anomalous behavior, things that are out of context which helps us reduce time. Therefore, we don't have to look in all the logs. We just wait for Vectra to say, "This one is behaving strange," then we can investigate that part."
"One of the core features is that Vectra AI triages threats and correlates them with compromised host devices. From a visibility perspective, we can better track the threat across the network. Instead of us potentially finding one device that has been impacted without Vectra AI, it will give us the visibility of everywhere that threat went. Therefore, visibility has increased for us."
"One of the most valuable features of the platform is its ability to provide you with aggregated risk scores based on impact and certainty of threats being detected. This is both applied to individual and host detections. This is important because it enables us to use this platform to prioritize the most likely imminent threats. So, it reduces alert fatigue follow ups for security operation center analysts. It also provides us with an ability to prioritize limited resources."
"The fact that we get the visualization of what's happening on our network, which is a way of improving our security in-depth is most valuable."
"Scalability wise, we have many sensors, and Vectra AI seems to handle them all very well."
"Vectra AI helped our team be more productive and save time. We have less work thanks to it."
"It provides various dashboards that facilitate the identification of connections and can detect data exfiltration, meaning data sent from your environment to another."
"Rapid7 Metasploit can add a GUI feature because it is only available online."
"There are numerous outdated exploits in their database that should be updated."
"I think areas with shortcomings that need improvement are more integration and automation."
"I would like to see more capabilities, more functions, and more features. More types of attack vectors."
"Rapid7 Metasploit could be made easier for new users to learn."
"It is necessary to add some training materials and a tutorial for beginners."
"Metasploit cannot be installed on a machine with an antivirus."
"The initial setup was a bit "tweaky" for the open-source version."
"They use a proprietary logging format that is probably 90% similar to Bro Logs. Their biggest area of improvement is finishing out the remaining 10%. That 10% might not be beneficial to their ML engine, but that's fine. The industry standard is Zeek Logs or Bro Logs, or Bro or Zeek, depending on how old you are. While they have 90% of those fields, they're still missing some fields. In very rare instances, some community rules do not have the fields that they need, and we had to modify community rules for our logs. So, their biggest area of improvement would be to just finish their matching of the Zeek standard."
"The solution has not reduced the security analyst workload in our organization because we still need to SIEM. Unfortunately, while Vectra, for us, is a brilliant tool for network investigations, giving wonderful visibility, it doesn't go the whole way to replace our SIEM that is needed for compliance. So, I still have the same amount of alerting and logging that I did before. It gives us more defined ability to see incidents, but it doesn't give us enough information to satisfy a PCI or 27001 audit."
"The false positives and the tuning side of it is something that could use improvement. But that could be from our side."
"The solution needs to become more proactive. When Vectra AI is the primary solution in an environment - like it is in our case - you must work on response time. We have a small team so response time at endpoint level is vital."
"Integration with other security components needs improvement. It should have true integration as opposed to just being a separate pane of glass."
"In comparison with a lot of systems I used in the past, the false positives are really a burden because they are taking a lot of time at this moment."
"For S&D account scans, it would be easier if Vectra AI could triage with users. If a client uses a lot of accounts, then it could indicate that these accounts are benign, for example. That would help a lot."
"The rules for threats are not always precise and Vectra AI should improve this."
Rapid7 Metasploit is ranked 11th in Vulnerability Management with 18 reviews while Vectra AI is ranked 2nd in Intrusion Detection and Prevention Software (IDPS) with 40 reviews. Rapid7 Metasploit is rated 7.6, while Vectra AI is rated 8.6. The top reviewer of Rapid7 Metasploit writes "Helps find vulnerabilities in a system to determine whether the system needs to be upgraded". On the other hand, the top reviewer of Vectra AI writes "Integrates well with other security solutions and provides good technical support". Rapid7 Metasploit is most compared with Tenable Nessus, Pentera, Acunetix, Rapid7 InsightVM and Check Point CloudGuard CNAPP, whereas Vectra AI is most compared with Darktrace, ExtraHop Reveal(x), Cisco Secure Network Analytics, Arista NDR and Corelight.
We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.