We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"We are running at about 90,000 pounds per year. The solution is a licensed cost. The hardware that they gave us was pretty much next to nothing. It is the license that we're paying for."
"The license is based on the concurrent IP addresses that it's investigating. We have 9,800 to 10,000 IP addresses."
"There are additional features that can be purchased in addition to the standard licensing fee, such as Cognito Recall and Stream."
"We have a desire to increase our use. However, it all comes down to budget. It's a very expensive tool that is very difficult to prove business support for. We would like to have two separate networks. We have our corporate network and PCI network, which is segregated due to payment processing. We don't have it for deployed in the PCI network. It would be good to have it fully deployed there to provide us with additional monitoring and control, but the cost associated with their licensing model makes it prohibitively expensive to deploy."
"At the time of purchase, we found the pricing acceptable. We had an urgency to get something in place because we had a minor breach that occurred at the tail end of 2016 to the beginning of 2017. This indicated we had a lack of ability to detect things on the network. Hence, why we moved quickly to get into the tool in place. We found things like Bitcoin mining and botnets which we closed quickly. In that regard, it was worth the money."
"The pricing is very good. It's less expensive than many of the tools out there."
"The pricing is high."
Vectra® is the leader in network detection and response – from cloud and data center workloads to user and IoT devices. Its Cognito® platform accelerates threat detection and investigation using artificial intelligence to collect, store and enrich network metadata with the right context to detect, hunt and investigate known and unknown threats in real time. Vectra offers three applications on the Cognito platform to address high-priority use cases. Cognito Stream™ sends security-enriched metadata to data lakes and SIEMs. Cognito Recall™ is a cloud-based application to store and investigate threats in enriched metadata. And Cognito Detect™ uses AI to reveal and prioritize hidden and unknown attackers at speed.
Endpoints Are the Start,
but Lateral Movement Could Be the True Goal
Breaches happen many ways. While endpoints are commonly thought of as the main target, in many cases they are simply the entry point to lateral movement. GoSecure Network Detection and Response identifies lateral movement to stop the breach from spreading.
Visibility Leads to Detection
Detection requires visibility. The better the visibility, the faster the detection. GoSecure Network Detection and Response quickly correlates endpoint and network activity, using our multi-observational analysis, to pinpoint suspicious/malicious intent and respond accordingly.
Multiple Sources for Better Visibility
Network Intrusion Detection System (NIDS)
GoSecure Managed Detection and Response provides a robust NIDS which performs real-time traffic, deep packet, and behavioral analysis in search of anomalous activity. NIDS combines third-party threat intelligence with an in-house developed ruleset providing GoSecure with the ability to detect security threats in a client’s environment. Our NIDS engine is highly scalable and can support sustained network traffic speeds of 10 gigabits per second.
Log Intrusion Detection System (LIDS)
Once deployed within the client infrastructure, the GoSecure MDR appliance collects logs from various sources providing additional contextual information used to reduce false positives and confirm the validity of potential threat events. The appliance receives logs in the standard syslog format from multiple device types, such as Syslog-NG, IPS, Firewalls, Proxies, and Web Filtering. For the sources that do not create syslogs, additional tools are available to convert logs into this format.
Correlation for Action
GoSecure’s multi-observational analysis accurately generates a suspicion level based on disparate events. By combining information from endpoint and network alerts, GoSecure’s detection level is industry leading. Going beyond simple packet captures, GoSecure Network Detection and Response uses our extensive threat intelligence database to identify threats across multiple sources and correlate these actions quickly. From scanning activity that might indicate upcoming lateral movement to policy violations, an early indicator of insider threat activity, GoSecure Network Detection and Response is a vital element of our Managed Detection and Response service. Phishing, brute force attacks and communications with malicious sites are just a few of the network sources monitored and correlated by GoSecure Network Detection and Response. No source is too obscure, and no alert too trivial.
GoSecure Network Detection and Response is ranked 14th in Network Detection and Response (NDR) while Lastline Defender is ranked 7th in Network Detection and Response (NDR). GoSecure Network Detection and Response is rated 0.0, while Lastline Defender is rated 0.0. On the other hand, GoSecure Network Detection and Response is most compared with , whereas Lastline Defender is most compared with Darktrace, Cisco Stealthwatch, ExtraHop Reveal(x), Corelight and Trend Micro Web Security.
See our list of best Network Detection and Response (NDR) vendors.
We monitor all Network Detection and Response (NDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.