Anonymous UserCyber Security Analyst at a financial services firm
Mark LavineAirway Transportation Service Specialist at Federal Aviation Administration
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"We are running at about 90,000 pounds per year. The solution is a licensed cost. The hardware that they gave us was pretty much next to nothing. It is the license that we're paying for."
"The license is based on the concurrent IP addresses that it's investigating. We have 9,800 to 10,000 IP addresses."
"There are additional features that can be purchased in addition to the standard licensing fee, such as Cognito Recall and Stream."
"We have a desire to increase our use. However, it all comes down to budget. It's a very expensive tool that is very difficult to prove business support for. We would like to have two separate networks. We have our corporate network and PCI network, which is segregated due to payment processing. We don't have it for deployed in the PCI network. It would be good to have it fully deployed there to provide us with additional monitoring and control, but the cost associated with their licensing model makes it prohibitively expensive to deploy."
"At the time of purchase, we found the pricing acceptable. We had an urgency to get something in place because we had a minor breach that occurred at the tail end of 2016 to the beginning of 2017. This indicated we had a lack of ability to detect things on the network. Hence, why we moved quickly to get into the tool in place. We found things like Bitcoin mining and botnets which we closed quickly. In that regard, it was worth the money."
"The pricing is very good. It's less expensive than many of the tools out there."
"The pricing is high."
"Their licensing model is antiquated. I'm not a fan of their licensing model. We have to pay for licensing based on four different things. You have to pay based on the number of unique IPs, the number of logs that we send through Recall and Stream, and the size of our environment. They need to simplify their licensing down to just one thing. It should be based on the amount of data, the number of devices, or something else, but there should be just one thing for everything. That's what they need to base their licensing on. Cost-wise, they're not cheap. They were definitely the most expensive option, but you get what you pay for. They're not the cheapest option."
"This is an expensive product. We have quit paying for support because we don't want to have to upgrade it and keep paying for it."
Earn 20 points
Vectra® is the leader in network detection and response – from cloud and data center workloads to user and IoT devices. Its Cognito® platform accelerates threat detection and investigation using artificial intelligence to collect, store and enrich network metadata with the right context to detect, hunt and investigate known and unknown threats in real time. Vectra offers three applications on the Cognito platform to address high-priority use cases. Cognito Stream™ sends security-enriched metadata to data lakes and SIEMs. Cognito Recall™ is a cloud-based application to store and investigate threats in enriched metadata. And Cognito Detect™ uses AI to reveal and prioritize hidden and unknown attackers at speed.
Cisco Stealthwatch uses NetFlow to provide visibility across the network, data center, branch offices, and cloud. Its advanced security analytics uncover stealthy attacks on the extended network. Stealthwatch helps you use your existing network as a security sensor and enforcer to dramatically improve your threat defense.
Endpoints Are the Start,
but Lateral Movement Could Be the True Goal
Breaches happen many ways. While endpoints are commonly thought of as the main target, in many cases they are simply the entry point to lateral movement. GoSecure Network Detection and Response identifies lateral movement to stop the breach from spreading.
Visibility Leads to Detection
Detection requires visibility. The better the visibility, the faster the detection. GoSecure Network Detection and Response quickly correlates endpoint and network activity, using our multi-observational analysis, to pinpoint suspicious/malicious intent and respond accordingly.
Multiple Sources for Better Visibility
Network Intrusion Detection System (NIDS)
GoSecure Managed Detection and Response provides a robust NIDS which performs real-time traffic, deep packet, and behavioral analysis in search of anomalous activity. NIDS combines third-party threat intelligence with an in-house developed ruleset providing GoSecure with the ability to detect security threats in a client’s environment. Our NIDS engine is highly scalable and can support sustained network traffic speeds of 10 gigabits per second.
Log Intrusion Detection System (LIDS)
Once deployed within the client infrastructure, the GoSecure MDR appliance collects logs from various sources providing additional contextual information used to reduce false positives and confirm the validity of potential threat events. The appliance receives logs in the standard syslog format from multiple device types, such as Syslog-NG, IPS, Firewalls, Proxies, and Web Filtering. For the sources that do not create syslogs, additional tools are available to convert logs into this format.
Correlation for Action
GoSecure’s multi-observational analysis accurately generates a suspicion level based on disparate events. By combining information from endpoint and network alerts, GoSecure’s detection level is industry leading. Going beyond simple packet captures, GoSecure Network Detection and Response uses our extensive threat intelligence database to identify threats across multiple sources and correlate these actions quickly. From scanning activity that might indicate upcoming lateral movement to policy violations, an early indicator of insider threat activity, GoSecure Network Detection and Response is a vital element of our Managed Detection and Response service. Phishing, brute force attacks and communications with malicious sites are just a few of the network sources monitored and correlated by GoSecure Network Detection and Response. No source is too obscure, and no alert too trivial.
Cisco Stealthwatch is ranked 3rd in Network Detection and Response (NDR) with 7 reviews while GoSecure Network Detection and Response is ranked 15th in Network Detection and Response (NDR). Cisco Stealthwatch is rated 8.6, while GoSecure Network Detection and Response is rated 0.0. The top reviewer of Cisco Stealthwatch writes "Provides valuable security knowledge and helps us improve network performance". On the other hand, Cisco Stealthwatch is most compared with Darktrace, Palo Alto Networks Threat Prevention, Cisco Stealthwatch Cloud, Splunk User Behavior Analytics and SolarWinds NetFlow Traffic Analyzer, whereas GoSecure Network Detection and Response is most compared with .
See our list of best Network Detection and Response (NDR) vendors.
We monitor all Network Detection and Response (NDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.