We performed a comparison between Corelight and Vectra AI based on real PeerSpot user reviews.
Find out in this report how the two Network Traffic Analysis (NTA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It's an easy way for us to get visibility in a client's environment."
"It's easy to create additional dashboards specific to supporting specific tasks."
"It is easy to deploy and easy to handle."
"The most valuable feature is the embedded IDS from Suricata."
"Corelight is easy to use."
"Vectra produces actionable data using automation. That has helped us. It's less manpower now to look at incidents, which has definitely increased efficiency. Right now, in a lot of cases, our mean time to detection is within zero days. This tells me by the time something happened, and we were able to detect it, it was within the same day."
"It's important for us that the user interface is easy to understand and that is the biggest benefit we see from Vectra AI."
"It is doing some artificial intelligence. If it sees a server doing a lot of things, then it will assume that is normal. So, it is looking for anomalous behavior, things that are out of context which helps us reduce time. Therefore, we don't have to look in all the logs. We just wait for Vectra to say, "This one is behaving strange," then we can investigate that part."
"The packet-capturing feature is very useful."
"The fact that we get the visualization of what's happening on our network, which is a way of improving our security in-depth is most valuable."
"The administrative privilege detection feature is the most valuable feature. The admin accounts are often highly accessible to the high-risk component of the environment. If those accounts are compromised or are being used in a suspicious manner, that's high-fidelity events for us to look into."
"The dashboard gives me a scoring system that allows me to prioritize things that I should look at. I may not necessarily care so much about one event, whereas if I have a single botnet detection or a brute force attack, I really want to get on top of those."
"The automatic filtering that they provide is valuable. The logic inside that makes some detections instead of us is very useful. We are confident that if we are just looking into it and there is nothing, nothing could happen."
"Corelight hasn’t added features in a long time."
"The solution’s architecture is complex and difficult to understand. There are multiple machines and VMs."
"Machine learning could be a good improvement, but it's very costly."
"They can enhance the interface of the product. They can make it more interactive and also easier to use for feature access."
"In the next release, building a graphical user interface would be helpful."
"One area where there's room for improvement is the absence of a comprehensive TCP recording and replay feature."
"ExtraHop has better features that seem more advantageous when compared to Vectra."
"Some of the customization could be improved. Everything is provided for you as an easy solution to use, but working with it and doing specific development could be worked on a bit more in the scope of an incident response team."
"There is room for improvement in the documentation. We would like to have more details on how it detects what we see."
"It would be commercially beneficial if Vectra AI had something like Darktrace's Antigena Email or something similar to email protection."
"One of the things I am not so happy about when it comes to Vectra is the scoring board."
"An area for improvement in Vectra AI is reporting because it currently needs some details. For example, when you download a report from Vectra AI, you won't see complete information about the alerts or triggers. Another area for improvement in the tool is that sometimes, an alert has high severity, yet it's marked as low severity. Vectra AI should have a mechanism to change the severity level from low to high or critical."
"The solution has not reduced the security analyst workload in our organization because we still need to SIEM. Unfortunately, while Vectra, for us, is a brilliant tool for network investigations, giving wonderful visibility, it doesn't go the whole way to replace our SIEM that is needed for compliance. So, I still have the same amount of alerting and logging that I did before. It gives us more defined ability to see incidents, but it doesn't give us enough information to satisfy a PCI or 27001 audit."
Corelight is ranked 7th in Network Traffic Analysis (NTA) with 5 reviews while Vectra AI is ranked 2nd in Network Traffic Analysis (NTA) with 41 reviews. Corelight is rated 9.0, while Vectra AI is rated 8.6. The top reviewer of Corelight writes "An open-source solution that gave us insight into our clients' network traffic flow ". On the other hand, the top reviewer of Vectra AI writes "Integrates well with other security solutions and provides good technical support". Corelight is most compared with ExtraHop Reveal(x), Darktrace, Cisco Secure Network Analytics, Arista NDR and SolarWinds NetFlow Traffic Analyzer, whereas Vectra AI is most compared with Darktrace, ExtraHop Reveal(x), Cisco Secure Network Analytics, Arista NDR and Trend Micro Deep Discovery. See our Corelight vs. Vectra AI report.
See our list of best Network Traffic Analysis (NTA) vendors.
We monitor all Network Traffic Analysis (NTA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Does this help? www.vectra.ai
Corelight. Its based on bro. Most top SIEMS using bro as engine. Corelight owns it. they develop it. Easy to deploy, amazing threat hunting, Threat detection and response. The list is endless but TCO better with Corelight as well.
I would recommend you look at Darktrace instead. Extrahop and the new kid on the block, Awake security are also recommended.