We compared Vectra AI and ExtraHop Reveal(x) based on our user's reviews in 4 parameters. After reading all of the collected data, you can find our conclusion below.
Vectra AI excels in customer service, advanced threat detection, and competitive pricing. User feedback on ExtraHop Reveal(x) highlights robust network visibility, intuitive user interface, and highly regarded customer support. Vectra AI users appreciate the affordability and flexibility of the pricing, while ExtraHop Reveal(x) users value the comprehensive analytics capabilities.
Features: Vectra AI stands out for its advanced threat detection capabilities, machine learning algorithms, and automated response features. ExtraHop Reveal(x) is praised for its robust network visibility, comprehensive analytics, and intuitive user interface.
Pricing and ROI: Vectra AI offers competitive pricing with reasonable setup costs and flexible licensing options. ExtraHop Reveal(x) is also well-received for its cost-effectiveness, low setup cost, and straightforward licensing process. Users have had positive experiences with both products in terms of pricing, setup cost, and licensing. Vectra AI delivered ROI that exceeded expectations with significant security and efficiency improvements. ExtraHop Reveal(x) was praised for enhancing network visibility and security with user-friendly interface and robust functionalities.
Room for Improvement: Vectra AI has room for improvement in its complex and unintuitive user interface, lack of customization options, occasional glitches, and high pricing. ExtraHop Reveal(x) could enhance its user interface, accuracy, documentation, and customer support for a better user experience.
Deployment and Customer Support: Vectra AI may be a bit complex and require additional customization for on-prem installations. ExtraHop Reveal(x) is considered simple and offers a user-friendly initial setup. Vectra AI stands out for its exceptional customer support, with knowledgeable staff providing quick solutions. ExtraHop Reveal(x) also has good support, however, it suffers from occasional quality issues.
The summary above is based on 31 interviews we conducted recently with Vectra AI and ExtraHop Reveal(x) users. To access the review's full transcripts, download our report.
"With ExtraHop Reveal(x), it gives me more visibility into the packets. It doesn't provide the entire packet capture, but it offers more information on how connections are made at the network layer. This can be helpful for detecting network attacks. Additionally, I really like the customizable dashboards and reports. The incident dashboard and alerts provide a good summary initially, and diving deeper into them gives more detailed information. It's also great for analyzing specific attacks and victim logs. The feature that tracks the full attack chain makes it easier to monitor the progress of attacks. Plus, it's connected to the Netria.com app, which I find useful for certain tasks."
"The solution's initial setup process is easy."
"We had useful information within the hour of deployment. The ability to trace back for historical analysis, as well as the behavioral analysis done with the security information, puts the user in a position to make an informed decision to mitigate the performance or security incidents. Regarding the security incidents, Reveal (x) is able to create incident cards that guide your teams through the incidents and gives you the option to delve into the transaction detail to potentially view payloads as well."
"ExtraHop Reveal(x) is one of the tools that works out of the box when it comes to threat hunting."
"The security features of this solution are the most valuable."
"Setting up the solution is relatively easy."
"The solution works well for sending sensors."
"It's a wire analytics tool. We use it for isolating and determining issues on our network or applications. It does a lot for crediting the network as opposed to discrediting the network. A lot of people come along and say that it's a network issue. It's always considered to be a network issue, but by using ExtraHop, we can quickly tell them that it's not a networking issue. It's something to do with your application or something at the other end. It could be a database issue. This tool gives us the ability to pinpoint with great accuracy the comings and goings on our network."
"Vectra AI generates relevant information."
"It does a reliable job of parsing out the logs of all the network traffic so that we can ingest them into our SIEM and utilize them for threat hunting and case investigations. It is pretty robust and reliable. The administration time that we spend maintaining it or troubleshooting it is very low. So, the labor hour overhead is probably our largest benefit from it. We spend 99% of our time in Vectra investigating cases, responding to incidents, or hunting, and only around 1% of our time is spent patching, troubleshooting, or doing anything else. That's our largest benefit from Vectra."
"The UI is easy to use and when we send detection to everybody, they easily understand what we are asking at the time."
"It provides various dashboards that facilitate the identification of connections and can detect data exfiltration, meaning data sent from your environment to another."
"The key feature for me for Detect for Office 365 is that it can also concentrate all the information and detection at one point, the same as the network solution does. This is the key feature for me because, while accessing data from Office 365 is possible using Microsoft interfaces, they are not really user-friendly and are quite confusing to use. But Detect for Office 365 is aggregating all the info, and it's only the interesting stuff."
"The most valuable feature for Cognito Detect, the main solution, is that external IDS's create a lot of alerts. When I say a lot of alerts I really mean a lot of alerts. Vectra, on the other hand, contextualizes everything, reducing the number of alerts and pinpointing only the things of interest. This is a key feature for me. Because of this, a non-trained analyst can use it almost right away."
"What I like best about Vectra AI is that it alerts you about suspicious activities."
"It is doing some artificial intelligence. If it sees a server doing a lot of things, then it will assume that is normal. So, it is looking for anomalous behavior, things that are out of context which helps us reduce time. Therefore, we don't have to look in all the logs. We just wait for Vectra to say, "This one is behaving strange," then we can investigate that part."
"It needs integration with more security vendors."
"ExtraHop Reveal(x) could improve by allowing a longer look back in the feature. Right now you have a limit of 30 days to look back on your activity. I've used Darktrace before, and they allow you the ability to play back events. This would be a good feature to have in ExtraHop Reveal(x)."
"The solution's reporting part and GUI are areas with certain shortcomings where improvements are required."
"The solution’s pricing could be improved."
"Netflow - Processing Netflow can be cumbersome as it requires triggers to truly gain value and insight. This in turn can add a bit of load to the hardware. The focus of ExtraHop Reveal (x) is live packet data."
"The solution should include more support protocols."
"I think the tuning capabilities could be improved. We're working on minimizing false positives. Apart from that, everything seems fine to me."
"The solution is expensive and gets more expensive if a company needs to scale it."
"The solution has not reduced the security analyst workload in our organization because we still need to SIEM. Unfortunately, while Vectra, for us, is a brilliant tool for network investigations, giving wonderful visibility, it doesn't go the whole way to replace our SIEM that is needed for compliance. So, I still have the same amount of alerting and logging that I did before. It gives us more defined ability to see incidents, but it doesn't give us enough information to satisfy a PCI or 27001 audit."
"For S&D account scans, it would be easier if Vectra AI could triage with users. If a client uses a lot of accounts, then it could indicate that these accounts are benign, for example. That would help a lot."
"What is most important for us is to have one place where we can manage a few brains because we are based on a zero-trust network. As a result, each customer needs to have a separate brain. For the SOC team, we need to have one place where the SOC analyst can go to visit the website and from that site manage all of the customers. Right now, Vectra AI doesn't have this capability, and I would really like to have this feature."
"I think Vectra AI's automation, reporting, and integration could be improved."
"The main improvement I can see would be to integrate with more external solutions."
"You are always limited with visibility on the host due to the fact that it is a network based tool. It gives you visibility on certain elements of the attack path, but it doesn't necessarily give you visibility on everything. Specifically, the initial intrusion side of things that doesn't necessarily see the initial compromise. It doesn't see stuff that goes on the host, such as where scripts are run. Even though you are seeing traffic, it doesn't necessarily see the malicious payload. Therefore, it's very difficult for it to identify these type of host-driven complex attacks."
"We are using SMB 3.0, which is an encrypted protocol. When we get some alerts or something, we cannot go deep into the protocol to see what's wrong because it's encrypted. We need to decrypt the protocol in another way, which is quite difficult. We might go back to SMB 2.0 just for this reason, but that's not a good solution."
"We would like to see more information with the syslogs. The syslogs that they send to our SIEM are a bit short compared to what you can see. It would be helpful if they send us more data that we can incorporate into our SIEM, then can correlate with other events."
ExtraHop Reveal(x) is ranked 5th in Network Traffic Analysis (NTA) with 12 reviews while Vectra AI is ranked 2nd in Network Traffic Analysis (NTA) with 41 reviews. ExtraHop Reveal(x) is rated 8.6, while Vectra AI is rated 8.6. The top reviewer of ExtraHop Reveal(x) writes "It helps you visualize how data moves across your network". On the other hand, the top reviewer of Vectra AI writes "Integrates well with other security solutions and provides good technical support". ExtraHop Reveal(x) is most compared with Darktrace, Corelight, Cisco Secure Network Analytics, Arista NDR and ExtraHop Reveal(x) 360, whereas Vectra AI is most compared with Darktrace, Cisco Secure Network Analytics, Arista NDR, Corelight and Trend Micro Deep Discovery. See our ExtraHop Reveal(x) vs. Vectra AI report.
See our list of best Network Traffic Analysis (NTA) vendors and best Network Detection and Response (NDR) vendors.
We monitor all Network Traffic Analysis (NTA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.