We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"It does a reliable job of parsing out the logs of all the network traffic so that we can ingest them into our SIEM and utilize them for threat hunting and case investigations. It is pretty robust and reliable. The administration time that we spend maintaining it or troubleshooting it is very low. So, the labor hour overhead is probably our largest benefit from it. We spend 99% of our time in Vectra investigating cases, responding to incidents, or hunting, and only around 1% of our time is spent patching, troubleshooting, or doing anything else. That's our largest benefit from Vectra."
"One of the key advantages for us is we define a 24/7 service around it. We use far more of Vectra alerts than we do with our SIEM product because we understand that when we get an alert from Vectra we actually need to do something about it."
"One of the core features is that Vectra AI triages threats and correlates them with compromised host devices. From a visibility perspective, we can better track the threat across the network. Instead of us potentially finding one device that has been impacted without Vectra AI, it will give us the visibility of everywhere that threat went. Therefore, visibility has increased for us."
"It gives you access, with Recall, to instant visibility into your network through something like a SIEM solution. For us, being able to correlate all of this network data without having to manage it, has provided immediate value. It gives us the ability to really work on the stuff where I and my team have expertise, instead of having to manage a SIEM solution..."
"It has helped us to organize our security. We get a better overview on what is happening on the network, which has helped us get quicker responses to users. If we see malicious activity, then we can quickly take action on it. Previously, we weren't getting an overview as fast as we are now, so we can now provide a quicker response."
"One of the most valuable features of the platform is its ability to provide you with aggregated risk scores based on impact and certainty of threats being detected. This is both applied to individual and host detections. This is important because it enables us to use this platform to prioritize the most likely imminent threats. So, it reduces alert fatigue follow ups for security operation center analysts. It also provides us with an ability to prioritize limited resources."
"The dashboard gives me a scoring system that allows me to prioritize things that I should look at. I may not necessarily care so much about one event, whereas if I have a single botnet detection or a brute force attack, I really want to get on top of those."
"The most valuable feature for Cognito Detect, the main solution, is that external IDS's create a lot of alerts. When I say a lot of alerts I really mean a lot of alerts. Vectra, on the other hand, contextualizes everything, reducing the number of alerts and pinpointing only the things of interest. This is a key feature for me. Because of this, a non-trained analyst can use it almost right away."
"Corelight is easy to use."
"The most valuable feature is the embedded IDS from Suricata."
"The most valuable features are the bandwidth analyzer, the monitoring, the network analyzer, it has overall good performance, and an easy deployment."
"What I like the most is the bandwidth assessment."
"The monitoring is perfect, showing you the details for the utilization of resources and network bandwidth."
"The software management tools are very useful for our customers."
"The program is scalable enough for our usage."
"SolarWinds has improved our organization because whenever a device is down, we get an alert."
"The most valuable feature is the alarm that is set up to trigger based on bandwidth utilization."
"The integration with other SolarWinds products is good."
"We would like to see more information with the syslogs. The syslogs that they send to our SIEM are a bit short compared to what you can see. It would be helpful if they send us more data that we can incorporate into our SIEM, then can correlate with other events."
"Vectra is still limited to packet management. It's only monitoring packet exchanges. While it can see a lot of things, it can't see everything, depending on where it's deployed. It has its limits and that's why I still have my SIEM."
"Integration with other security components needs improvement. It should have true integration as opposed to just being a separate pane of glass."
"I would like to see data processed onshore. Right now, the cloud components, like Office 365, must be processed on servers outside of Australia. I would like to see a future adoption of onshore processing."
"I'd like to be able to get granular reports and to be able to output them into formats that are customizable and more useful. The reporting GUI is lacking."
"One thing which I have found where there could be improvement is with regard to the architecture, a little bit: how the brains and sensors function. It needs more flexibility with regard to the brain. If there were some flexibility in that regard, that would be helpful, because changing the mode of the brain is complex. In some cases, the change is permanent. You cannot revert it."
"The false positives and the tuning side of it is something that could use improvement. But that could be from our side."
"The solution has not reduced the security analyst workload in our organization because we still need to SIEM. Unfortunately, while Vectra, for us, is a brilliant tool for network investigations, giving wonderful visibility, it doesn't go the whole way to replace our SIEM that is needed for compliance. So, I still have the same amount of alerting and logging that I did before. It gives us more defined ability to see incidents, but it doesn't give us enough information to satisfy a PCI or 27001 audit."
"Machine learning could be a good improvement, but it's very costly."
"In the next release, building a graphical user interface would be helpful."
"I would like to see more artificial intelligence capabilities."
"Technical support could be improved with quicker response times."
"The pricing is expensive."
"It's not a cheap product, so the pricing could be improved."
"This solution does not do a very good job when I am trying to look deeper into my internal network, in particular with respect to individual ports."
"It's scalable, but it could be simplified because it's not completely easy."
"It is very slow to pick the dynamics of the network."
"I would like to see better customization capabilities."
"Their licensing model is antiquated. I'm not a fan of their licensing model. We have to pay for licensing based on four different things. You have to pay based on the number of unique IPs, the number of logs that we send through Recall and Stream, and the size of our environment. They need to simplify their licensing down to just one thing. It should be based on the amount of data, the number of devices, or something else, but there should be just one thing for everything. That's what they need to base their licensing on. Cost-wise, they're not cheap. They were definitely the most expensive option, but you get what you pay for. They're not the cheapest option."
"The pricing is very good. It's less expensive than many of the tools out there."
"There are additional features that can be purchased in addition to the standard licensing fee, such as Cognito Recall and Stream."
"Vectra's licensing model could scale to our research network, which has multiple, 100-gigabit links."
"From a pricing perspective, they are very commercially competitive. From a licensing perspective, just be conscious that some of their future cloud solutions come with additional subscriptions. Also, if you're outside of the US, you will get charged freight for the device back to your country."
"At the time of purchase, we found the pricing acceptable. We had an urgency to get something in place because we had a minor breach that occurred at the tail end of 2016 to the beginning of 2017. This indicated we had a lack of ability to detect things on the network. Hence, why we moved quickly to get into the tool in place. We found things like Bitcoin mining and botnets which we closed quickly. In that regard, it was worth the money."
"The pricing is high."
"We have a desire to increase our use. However, it all comes down to budget. It's a very expensive tool that is very difficult to prove business support for. We would like to have two separate networks. We have our corporate network and PCI network, which is segregated due to payment processing. We don't have it for deployed in the PCI network. It would be good to have it fully deployed there to provide us with additional monitoring and control, but the cost associated with their licensing model makes it prohibitively expensive to deploy."
"It's a yearly fee and depends on what you are looking for."
"The price of this solution is exceptional."
"We pay yearly, and we are happy with its price."
"While the pricing is fair, it could be better."
"The pricing is reasonable."
Vectra® is the leader in network detection and response – from cloud and data center workloads to user and IoT devices. Its Cognito® platform accelerates threat detection and investigation using artificial intelligence to collect, store and enrich network metadata with the right context to detect, hunt and investigate known and unknown threats in real time. Vectra offers three applications on the Cognito platform to address high-priority use cases. Cognito Stream™ sends security-enriched metadata to data lakes and SIEMs. Cognito Recall™ is a cloud-based application to store and investigate threats in enriched metadata. And Cognito Detect™ uses AI to reveal and prioritize hidden and unknown attackers at speed.
Corelight is the most powerful network visibility solution for information security professionals. We provide real-time data that organizations use to understand, detect, and prevent cyber attacks. Our solution is built on Zeek, the powerful and widely-used open source monitoring framework.
Corelight is ranked 9th in Network Traffic Analysis (NTA) with 2 reviews while SolarWinds NetFlow Traffic Analyzer is ranked 7th in Network Traffic Analysis (NTA) with 11 reviews. Corelight is rated 10.0, while SolarWinds NetFlow Traffic Analyzer is rated 7.6. The top reviewer of Corelight writes "A basic component for enriching cyber security analysis". On the other hand, the top reviewer of SolarWinds NetFlow Traffic Analyzer writes "Alerts us whenever a device is down but it cannot do metric performance monitoring". Corelight is most compared with Darktrace, ExtraHop Reveal(x), Cisco Stealthwatch, Awake Security Platform and ExtraHop Reveal(X) Cloud, whereas SolarWinds NetFlow Traffic Analyzer is most compared with Cisco Stealthwatch, Zabbix, Auvik, Centreon and Plixer Scrutinizer. See our Corelight vs. SolarWinds NetFlow Traffic Analyzer report.
See our list of best Network Traffic Analysis (NTA) vendors.
We monitor all Network Traffic Analysis (NTA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.