We performed a comparison between Trellix Intrusion Prevention System and Vectra AI based on real PeerSpot user reviews.
Find out in this report how the two Intrusion Detection and Prevention Software (IDPS) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."There's a good dashboard you can drill down into. It helps you easily locate intrusions and the source of attacks."
"The most valuable features in Trellix for me are the automated signature updates. It is a great and convenient feature."
"The ability to centrally manage all the IPS sensors, track the different security events generated by it, and customize the different policies, depending on their location."
"The feature I found most valuable is the network threat analyzer in the security platform. It also integrates with GTI, or Global Threat Intelligence. Otherwise, I just use the basic features."
"The most valuable features of the solution stem from the fact that it is a good product for dealing with DDoS attacks and for the inspection of network traffic."
"The product is worth the investment."
"It has a lot of functions, such as firewall. We are administrators, and we create some rules to protect our network. We also monitor the traffic in and out and have disk encryption on-premises. When we detect malware, we scan for the virus on the PC. We can then delete or block the malware."
"The initial setup is straightforward."
"One of the things that we didn't expect to happen was that our network team also jumped on it faster than we thought. In most cases, if it's a security tool that's working on the network part, they can also use it to find out certain flaws that have been in the system. Certain flaws, related to some legacy stuff, were already there for quite a few years, which they couldn't explain at first, but we could explain them based on the timing of certain things."
"It's important for us that the user interface is easy to understand and that is the biggest benefit we see from Vectra AI."
"Vectra AI can bring the ability to detect intrusion on the network more so than legacy IDS tools."
"The most valuable feature for Cognito Detect, the main solution, is that external IDS's create a lot of alerts. When I say a lot of alerts I really mean a lot of alerts. Vectra, on the other hand, contextualizes everything, reducing the number of alerts and pinpointing only the things of interest. This is a key feature for me. Because of this, a non-trained analyst can use it almost right away."
"One of the most valuable features of the platform is its ability to provide you with aggregated risk scores based on impact and certainty of threats being detected. This is both applied to individual and host detections. This is important because it enables us to use this platform to prioritize the most likely imminent threats. So, it reduces alert fatigue follow ups for security operation center analysts. It also provides us with an ability to prioritize limited resources."
"It provides various dashboards that facilitate the identification of connections and can detect data exfiltration, meaning data sent from your environment to another."
"Vectra produces actionable data using automation. That has helped us. It's less manpower now to look at incidents, which has definitely increased efficiency. Right now, in a lot of cases, our mean time to detection is within zero days. This tells me by the time something happened, and we were able to detect it, it was within the same day."
"Cognito Streams gives you a detailed view of what happens in the network in the form of rich metadata. It is just a super easy way to capture network traffic for important protocols, giving us an advantage. This is very helpful on a day-to-day basis."
"The solution needs to improve the graphical interface. And they had a limitation in some of the sensor modems as well."
"The management console needs to be less complex and easier to navigate."
"There are limited resources for configuration guidance."
"The technical support has room for improvement."
"The solution could improve some aspects of detection."
"The area of concern where the tool needs improvement is how the product prompts users at a network level that helps prevent any wireless network attacks through alerts and notifications."
"The platform’s GUI could be the latest."
"Some of the documentation is not as straightforward as it could be."
"It does a little bit of packet capture on alert so you can look at the packet capture activity going on, but it doesn't collect a whole lot of data. Sometimes it's only one or two frames, sometimes it does collect more. That's why they have the addition of their Recall platform, because that really does help expand the capability."
"They use a proprietary logging format that is probably 90% similar to Bro Logs. Their biggest area of improvement is finishing out the remaining 10%. That 10% might not be beneficial to their ML engine, but that's fine. The industry standard is Zeek Logs or Bro Logs, or Bro or Zeek, depending on how old you are. While they have 90% of those fields, they're still missing some fields. In very rare instances, some community rules do not have the fields that they need, and we had to modify community rules for our logs. So, their biggest area of improvement would be to just finish their matching of the Zeek standard."
"The solution needs to become more proactive. When Vectra AI is the primary solution in an environment - like it is in our case - you must work on response time. We have a small team so response time at endpoint level is vital."
"I think Vectra AI's automation, reporting, and integration could be improved."
"I'd like to be able to get granular reports and to be able to output them into formats that are customizable and more useful. The reporting GUI is lacking."
"The solution's marketing is not good."
"One thing which I have found where there could be improvement is with regard to the architecture, a little bit: how the brains and sensors function. It needs more flexibility with regard to the brain. If there were some flexibility in that regard, that would be helpful, because changing the mode of the brain is complex. In some cases, the change is permanent. You cannot revert it."
"Other alternatives, like Darktrace, have a fancier UI."
More Trellix Intrusion Prevention System Pricing and Cost Advice →
Trellix Intrusion Prevention System is ranked 14th in Intrusion Detection and Prevention Software (IDPS) with 14 reviews while Vectra AI is ranked 2nd in Intrusion Detection and Prevention Software (IDPS) with 42 reviews. Trellix Intrusion Prevention System is rated 8.4, while Vectra AI is rated 8.6. The top reviewer of Trellix Intrusion Prevention System writes "Protects from attacks in real-time and provides accurate threat intelligence updates". On the other hand, the top reviewer of Vectra AI writes "Integrates well with other security solutions and provides good technical support". Trellix Intrusion Prevention System is most compared with Trend Micro TippingPoint Threat Protection System, Palo Alto Networks Advanced Threat Prevention, Cisco NGIPS, Check Point IPS and Forcepoint Next Generation Firewall, whereas Vectra AI is most compared with Darktrace, ExtraHop Reveal(x), Cisco Secure Network Analytics, Arista NDR and Corelight. See our Trellix Intrusion Prevention System vs. Vectra AI report.
See our list of best Intrusion Detection and Prevention Software (IDPS) vendors.
We monitor all Intrusion Detection and Prevention Software (IDPS) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
